Overview
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as…
TrustRadius Insights
Empowering Security Zenith with Unified Vigilance.
will I continue to use USM, Yes I would
Excellent security for your machine
MSSP Review
Great product but out of the box it needs a lot of work.
AlienVault is about as user-friendly as it gets for threat detection
Great if you can deploy and manage on-premises SIEMs
AlienVault - Not Worth the Price
AlienVault USM Anywhere, a SIEM that is easy on your pocket.
Unbeatable Security Machine
AlienVault USM Provides Heightened Security Awareness in the Legal Services Industry
Best product I've seen for a smaller enterprise network.
Great SIEM for enterprise environments
AlienVault USM is a really beneficial SIEM solution.
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Centralized event and log data collection (8)8.585%
- Correlation (8)8.585%
- Event and log normalization/management (8)8.080%
- Custom dashboards and workspaces (8)7.070%
Reviewer Pros & Cons
Pricing
Essentials
$1,075
Standard
$1,695
Premium
$2,595
Entry-level set up fee?
- Setup fee optional
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Features
Security Information and Event Management (SIEM)
Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools
- 8.5Centralized event and log data collection(8) Ratings
Effectiveness of real-time centralized event and log data collection
- 8.5Correlation(8) Ratings
Correlation of logs and events to pinpoint significant threats
- 8Event and log normalization/management(8) Ratings
Ability to normalize event syntax so that logs can be compared and are machine-understandable
- 8.6Deployment flexibility(7) Ratings
Ability to tune system to maximize threat detection and minimize false positives
- 7.3Integration with Identity and Access Management Tools(5) Ratings
Integration with access control tools like Active Directory and LDAP
- 7Custom dashboards and workspaces(8) Ratings
dashboards that can be customized to meet the needs of specific groups
- 8Host and network-based intrusion detection(5) Ratings
Ability to detect both endpoint intrusion and network ingress detection
Product Details
- About
- Competitors
- Tech Details
- Downloadables
- FAQs
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.
Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.
Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.
Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.
AlienVault USM Features
Security Information and Event Management (SIEM) Features
- Supported: Centralized event and log data collection
- Supported: Correlation
- Supported: Event and log normalization/management
- Supported: Deployment flexibility
- Supported: Integration with Identity and Access Management Tools
- Supported: Custom dashboards and workspaces
- Supported: Host and network-based intrusion detection
Additional Features
- Supported: AlienVault Open Threat Exchange
AlienVault USM Screenshots
AlienVault USM Videos
AlienVault USM Competitors
AlienVault USM Technical Details
Deployment Types | Software as a Service (SaaS), Cloud, or Web-Based |
---|---|
Operating Systems | Unspecified |
Mobile Application | No |
Supported Countries | Global |
AlienVault USM Downloadables
- Unified Security Management vs. SIEM: a Technical Comparison
- AlienVault USM Anywhere: Datasheet
- AlienVault Fast Facts
- AlienVault USM Anywhere: Datasheet
- Beginner’s Guide to Open Source Intrusion Detection Tools
- SIEM for Beginners: Everything You Wanted to Know About Log Management But Were Afraid to Ask
Frequently Asked Questions
Comparisons
Compare with
Reviews and Ratings
(735)Community Insights
- Business Problems Solved
- Recommendations
Users have found AlienVault USM to be a valuable SIEM solution for centralizing and searching log data from a large number of network attached devices. This platform is being used for various use cases such as vulnerability management, scanning, malware detection, and monitoring malicious network traffic. It is considered a good SIEM solution for organizations new to security operational logging or those with a smaller staff and budget. The product has been praised for its integrated feature sets, including HIDS, NIDS, FIM, and security alerting capabilities. The inclusion of features like vulnerability scanning and file integrity monitoring has extended its value for organizations in the early stages of cybersecurity program development. Many users have experienced real-time alerts, enabling them to respond to security incidents and compromised passwords more quickly. Furthermore, AlienVault is used for a range of functions such as SIEM, vulnerability scanning, asset discovery, and investigations. It provides organizations with a centralized log collection site, allowing them to monitor and address new problems more effectively. The platform has been effective in helping organizations meet regulatory compliance requirements and improve SOC operations. Additionally, AlienVault is used to analyze network traffic, Windows Event Logs, and other security events, helping organizations improve network security and protect their customers. It solves security challenges related to device and software visibility, monitoring for anomalous events, and ensuring patch management. Users appreciate the simplicity of deployment and the robustness of the interface. The support team is highly responsive and knowledgeable.
AlienVault USM Anywhere is used by organizations to easily identify security incidents happening across their infrastructure and comply with PCI-DSS compliance requirements. MSSPs utilize AlienVault USM Anywhere to provide their customers with best-in-class threat monitoring and response services. It is also used to monitor cloud environments, scanning and alerting for any known vulnerabilities or activity on servers. AlienVault helps organizations with auditing purposes by monitoring cloud permissions and changes to security. Additionally, it is deployed to customers for monitoring and is used by NSOCs to monitor their networks. AlienVault has been implemented across organizations, covering server assets and providing granular logging on systems and networks. It helps in raising alarms/alerts and mitigating network-related activities. AlienVault collects and alerts on network and system activity across the entire organization, making it easy to filter for important data. The product centralizes log data and helps perform vulnerability analysis and threat detection. It assists in security patching and monitoring within AWS environments. Users appreciate the ease of use and configuration of the cloud-based panel. AlienVault is implemented and managed for clients as a recommended SIEM solution, collecting and normalizing logs from various data sources. It is used throughout organizations to gain insight into network and server events, manage and correlate logs, and recognize anomalous activity. Users have been able to set up alerts for specific events and policies, effectively managing systems and alerts in place, monitoring multiple client environments, and identifying issues that clients may have missed.
AlienVault USM Anywhere is praised for its cost-effectiveness compared to other SIEM solutions on the market. Users appreciate its threat intelligence capabilities, ease of use, user-friendly interface, and simplicity of deployment. The built-in correlation rules require minimal setup and provide high-quality results. Asset management and scanning features help users stay on top of monitoring assets, including dynamic and static asset lists. The integration of OTX into USM Anywhere allows for up-to-date threat intelligence and pulse subscriptions.
The software plays a crucial role in monitoring and alerting when anomalies occur, aiding in threat detection, compliance management, log collection, and vulnerability scanning. It helps organizations stay up to speed on new vulnerabilities and supports agile business initiatives by aiding analysts in identifying cyber threats and providing access to threat cross-referencing data. AlienVault USM Anywhere is deployed to monitor AWS cloud environments, attain compliance, identify threats, and facilitate auditing of non-emergency configuration changes and vulnerability monitoring.
Overall, AlienVault USM Anywhere provides centralized security monitoring, incident response capabilities, compliance reporting features, vulnerability assessment tools, real-time SIEM functionality, as well as asset discovery and user activity monitoring capabilities. It has been widely adopted across various industries for enhancing security posture and gaining comprehensive visibility into network activities.
Based on user recommendations, AlienVault USM receives the following common recommendations:
-
AlienVault USM is recommended for cost-conscious companies and small to medium businesses due to its affordability and effectiveness. Users find it to be a great tool for analyzing and reacting to threats, offering excellent value for the price.
-
Users suggest exploring alternative SIEM choices and discussing functionality and configuration requirements. Logrhythm is mentioned as a possible alternate SIEM choice, especially for high-end functionality needs. It is advised to compare features and select the SIEM system that offers the best cost for desired features.
-
To maximize the experience with AlienVault USM, users recommend taking advantage of training opportunities provided by AlienVault. Joining official training sessions allows users to learn best practices from other users and gain comprehensive knowledge of the product. Users also recommend utilizing forums, support, webinars, and videos offered by AlienVault to enhance understanding and achieve optimal results.
Overall, AlienVault USM is regarded as a cost-effective solution suitable for organizations with data privacy and security priorities. The product's flexibility, community-created intelligence, and continual improvement are also highlighted by users. While some mention areas for improvement, such as support stability and module quality, the general consensus is that AlienVault USM delivers reliable security enhancements and cost savings.
Attribute Ratings
- 7.2Likelihood to Renew18 ratings
- 6.4Availability3 ratings
- 7.3Performance3 ratings
- 6.7Usability34 ratings
- 7.3Support Rating25 ratings
- 8.3Online Training6 ratings
- 4.5In-Person Training1 rating
- 6.4Implementation Rating38 ratings
- 8Configurability3 ratings
- 6.3Product Scalability3 ratings
- 7.3Ease of integration3 ratings
- 8.2Vendor pre-sale3 ratings
- 7.6Vendor post-sale3 ratings
Reviews
(1-25 of 28)- Alienvault USM is THOROUGH. We have a highly integrated workspace that's most SAAS, and I monitor those integrations and their security with AV. If I am trying to track the uptime of a laptop, I don't go to VPN or our Directory Services... I go to AV.
- As I mentioned before, we use Sophos to protect our laptops. If a questionable file shows up on someones laptop, I hear about it from AlienVault before I hear about it from our Sophos service.
- The OTX Pulse feature is a built-in feature that lets you subscribe to industries and you are notified about new threats that affect that industry on a daily basis. The pulse alerts are added to your AV watchlist.
- Personally, I've wished I could purchase a service that would configure AV for my environment. I get a lot of traffic on a daily basis and I almost need to hire an analyst that just works on AV.
- Some of the filters when looking for a specific alert aren't that easy to use.
Good for startups
It is primarily used by the security team.
- integration with the cloud providers
- ability to manage big log files
- threat intelligence
- support is not so great
- plugins are not always up to date
- Ease of Use
- Built in / Updated Correlation Rules
- On Prem and Cloud options
- Host Agent available
- Customization of Agent
- Search Fields name doesn't match event info
A great one-stop-shop security management platform
- It's incredibly easy to get up and running. The sensor is simply a VM download that you link to a console, and away you go. We'd scanned most of our networks within a couple of days.
- The insight it provides into our environment has been invaluable, especially in terms of discovering BYOD and other unmanaged devices in use.
- Having a number of functions (asset discovery, vulnerability management, SIEM) in a single platform gives a great bird's-eye view of security.
- There could be a greater degree of flexibility in terms of roles and permissions management. There is only 'Manager,' 'Analyst,' and 'Read Only,' all with pre-defined permissions.
- All logs, even for cloud services (linked via AlienApps) have to be forwarded to a sensor. For example, if you want to monitor a cloud service such as Box, you need to forward logs to your sensor (which is likely behind your firewall). It would be better if you could forward straight to AlienVault cloud.
- There's not much documentation or recommendations in terms of how much CPU, RAM, etc. your sensor requires in relation to how much scanning and monitoring you'll be doing. Even just 'ballpark' recommendations would be useful.
- The integration setup for syslog forwarding and native web apps partnered with the platform is a very simple setup.
- Deploying sensors in cloud systems usually follow a pre-defined build flow for ease of sensor deployments and scaling.
- For perimeter defense, as long as your defended organizational structure uses Active Directory or another LDAP replication type service, vuln scanning and KIDS is a breeze.
- For highly distributed workforce issues, the system requires a lot of third-party integrations to collect data for automation.
- Customization can be lacking in areas without significant help from their support teams.
- Building rules for filtering, suppression, and custom alarms can be a steep learning curve, although this is slightly offset by their training offerings.
AlienVault and an honest comparison to Darktrace
We have a Global Security Operations Centre and are deploying AlienVault globally. We want to standardize our security incident responses globally to ensure that we can implement a true 'follow the sun' model. AlienVault has a global presence and we want to leverage that capability to support our security teams.
- Excellent feedback and reviews from external organisations and in-house experience
- Good value for money
- A reliable, all-round tool to avoid duplication / overlap with other products
- Allowed us to build a security tool-set without wasting money on duplicated (and unused) functions
- Global presence
- Other products, like Darktrace, provide exceptional automatic isolation and intrusion protection. I want AlienVault to provide equivalent protection / isolation to protect environments out of working hours (public holidays etc)
- External threat monitoring is a great way to identify threats mobilizing before they attack (horizon monitoring). Intsights (https://intsights.com/) provides this for a fee, but I would like to see a capability for monitoring key assets, such as domain names, C-Suite personnel etc.
- Some simple mechanisms to reduce white noise. We are gradually improving our filtering, but machine learning (aka Darktrace) would be helpful to allow the system to 'learn' behaviours and then allow to be filtered by an administrator. Full AI learning is difficult (hence the costs for Darktrace) but a configuration dashboard to reduce 'noise' should be easy to deliver, rather than having to edit and apply filters individually.
- Dashboards for ISO27001 and PCI. ISO27001 KPIs such as Threats Detected, Threats automatically prevented, Threats requiring human intervention etc are simple and should be easy to provide.
- Anything you can do to link with Vulnerability Management, such as Nessus, Cyberark DNA etc would be helpful. Currently these are managed separately, but would be great if these could be integrated for running routine scans from a single dashboard, or reporting on a dashboard.
Off network monitoring would be helpful - a selectable client which allowed activity to be tracked could be useful, particularly where split horizon networks exist. This could just provide a summary of traffic / sites visited which may be inadvertently bypassing corporate controls (such as Corporate Cloud Storage, Webmail etc). This would help us provide awareness and training for users to explain the associated risks.
- FIM with limits.
- Vulnerability scans (with agents installed as opposed to "NXlog").
- Dashboards.
- Need to be able to comment on issues flagged by AlienVault so that other users may know what has been done for triage.
- Single pane of glass, need to have a shared dashboard that is customizable.
The ability to comment on issues within the application is rather important as now I can 'label' an issue and assign to myself or others but cannot include what steps have been taken thus far. That means a separate email communication is necessary.
- AlienVault USM helps our IT staff stay on top of patches.
- AlientVault USM makes it easier for our IT staff to track down vulnerabilities.
- AlienVault USM provides steps to correct any vulnerabilities that may arise.
- AlienVault's staff were very helpful in setting up their product on our network. There was plenty of opportunity for training.
- AlienVault USM can be cumbersome for a small IT staff to manage. We still use AlienVault USM but now pay a third party to help us manage it.
Great Product, Great Value
- AlienVault USM Anywhere has a modern, user-friendly, and intuitive GUI, making it easy to use.
- AlienVault USM Anywhere is a cloud-based solution that is easy to deploy and easy to scale as well.
- On top of having built-in support with several technologies, AlienVault USM Anywhere has an API that allows you to develop additional plugins if necessary.
- Although they use machine learning, the algorithms that they use are graph-based. Their AI/ML capabilities could be improved a bit.
- The solution provides some compliance reports, but it does not generate reports with information such as... how many of what type of event happened this month. You can see this information on the dashboard, but it would be nice to be able to generate a report automatically.
This is no Area 51, AlienVault exposes the hidden threats!
The vulnerability scans are the best bar none that we tested. The monitoring is great too, however the only thing we found lacking was hard drive monitoring, we had to put another solution in place for that, however that was 6 months ago, so things may have changed.
- Vulnerability scanning
- Up to date security definitions
- Open Threat Exchange
- Range or product sizes to fit any size of organization
- Hard drive monitoring
- Slightly higher learning curve
Requires some learning to get full use, so it resources are tight it might not be the best choice. For the first couple months it needed tweaking, but we got professional services to assist with that.
Aliens to the rescue!
- Log correlation is excellent and on par with other more expensive solutions.
- Ease of use is a big plus.
- Initial setup was simple and quick.
- The OTX threat intelligence is a great complement to our other threat intelligence feeds to ensure we have as many 'eyes' out there informing us of all the potentially malicious threat actors out there.
- There are a couple of things that can only be done through the CLI and unless you're familiar with the CLI, there may be a large learning curve for some.
- The vulnerability scanner lacks a number of advanced features that other solutions have which make it simpler and more efficient to manage.
- Plugins are limited (although they are adding more as time goes on). If you need a plugin that is not available you will need to create one on your own which requires modification of a number of files and can be daunting for someone new to the platform.
AlienVault Review
- Notification
- Log Monitoring
- Threat Alerts
- Inventory Monitoring
- Vulnerability Scans
- System Updates break features, especially Threat Intelligence Policies as well as corresponding Alerts
- Need to conduct more Customer Education regarding features and system updates
- Steep initial learning curve on getting the most out of system
- Getting a Support Technician on the phone when something breaks.
All-in-one, Integrated Security that is Simple and Low-cost
- Integrated product - AlienVault does a great job of bringing the varied product functionality together and provides a centralized view of security throughout our company.
- Support and Training - We chose to implement AlienVault ourselves and took the training class with implementation assistance. Both helped in learning the product and allowing us to be able to administer, use and improve our use of it more effectively.
- Product improvements - I have found issues with the product in the short time I have been using it and then seen product updates shortly thereafter that included the fixes we requested.
- Plugins for data could use some improvements. Newer plugins and a more user-friendly way of creating them rather than writing regex would greatly improve the ability to add additional data sources.
- Documentation can be improved. The knowledge base and help are being redone and they have yet to catch up to the latest version. They provide some help but need to add detail for advanced troubleshooting. Forums can sometimes be helpful and the support also is helpful.
- Technical support is responsive, return call back time is quick
- Marketing, the reason we went with the system was incredible marketing and rave reviews in the industry
- Sales, very aggressive and I felt I was pushed on a regular basis to purchase more devices form AV.
- Large overhead when scanning, network was impacted with the default scan settings for our network, huge network performance hit.
- Direction, felt abandoned after spending over $30,000 on an onsite appliance now that the core focus of the company seems to be going cloud-based, very quickly after we purchased the onsite device I learned through an AV webinar that new malware/ransomware protection that was being including in the cloud version of AV was not going to be introduced into the onsite appliance and there were no foreseeable plans to integrate it.
- The interface is sometimes unrefined and difficult to navigate, there were some bugs that we ran into.
- Requires almost a full time person just dedicated to compiling and reviewing the sheer amount of data collected and presented. Very comprehensive though with that it requires a high training curve to get new staff to fully be able to navigate and use the product properly.
AlienVault - Funny name but a great security product
- Identifying network vulnerabilities
- Alerting on suspicious network traffic
- Providing a single pane-of-glass for security monitoring
- Ticketing - the internal ticketing system is not very good and integration with external ticketing systems is limited to email forwarding
- Out-of-the-box usefulness. The product requires a significant amount of time and expertise to make it useful. AlienVault could provide better documentation and/or GUI workflows to make setup smoother
Secure Compliance Solutions powered by AlienVault USM
- The combination of comprehensive threat detection and access to the Online Threat eXchange positions AlienVault with a very formidable security tool.
- The reporting in AlienVault is well executed and provides a simple method of conveying how well it is protecting the end user's network.
- AlienVault USM is processor hungry and will only run as Virtual Machines unless your purchase the hardware directly from the vendor. I would like to see an installable version so that we can deploy bare metal on our own hardware.
- The learning curve can be steep and requires advanced training to get the most out of the system.
Still work in progress
- Low cost
- Relatively simple to manage
- Largely open source
- Technical support does not really manage defects and fixes well.
- Poor versioning of software releases - two different releases had the same file name!
- Support highly dependant on remote access. This is not permitted in my environment.
- The GUI setup tool does not work properly.
- No useful knowledgebase of known defect and fixes available to customers.
Suited where a steep learning curve is acceptable and the local technical support competence is above average.
Not suited where a quick install and minimal local technical support is required.
Not the best solution where internet access is restricted, there are no good offline update mechanisms.
Good for static networks; too slow for cloud
- Good detailed vulnerability scanning using OpenVAS
- Logs are correlated well
- HIDS Agents are easy to deploy to static servers
- Access to the linux back-end of the server for adding additional functionality
- Frequent correlation updates
- Alienvault becomes pretty inflexible when working in rapidly-changing transient cloud environments. Our servers can automatically rebuild when required, and alienvault requires an agent to be deployed to each. Unfortunately an auto-deployment function is not included, and we had to script our own process - requiring extra upkeep and maintenance.
- Drilling down to find specific logs is awkward and clunky (especially compared to some of the competition in this area).
- There is no functionality to automatically remove agents/assets that have been disconnected for a period of time. This means it is a constant manual job to make sure old agents aren't still in the system (as you will soon get IP collisions when using DHCP or in a limited IP range on the cloud).
- Some competitors use machine-learning to alter which events raise alarms - Alienvault doesn't have this functionality meaning I have to be constantly adjusting rules.
- Struggles finding DNS names for our cloud servers, meaning a lot of our assets are named something like Host-192-168-1-1. We have found ways to script around this, but this is another thing that isn't supported by AlienVault.
- Agent deployment to Linux can't be done from the AlienVault UI, and has to be done manually on each Linux instance (or by creating unsupported scripts as we did).
- Can't digest cloud infrastructure logs without additional scripting and writing own plugins.
Into the mind of a programmer
- Monitors the network for various attack vectors. We were notified of an attack vector via Remote Desktop where we were able to take action and close up those ports.
- It was able to handle the thousands of messages (syslog) it was receiving from both our API web servers.
- The search needs to be better polished as it makes it difficult to search by multiple parameters (i.e. we have custom user fields and we wanted to search by two fields, and it does not allow us to do so).
- The steep learning curve is a big stumbling block. The UI needs to be more polished and easier to use. Perhaps having a basic and advanced screens.
- There should be an easier way to bump up the mysql connection pool without having to jailbreak to the command prompt and modify the configurations. We initially were constantly getting a "Too many connections" error, but once I bumped up the connection pool limit, the problem went away. It would've been nice if we could do this from the UI.
AlienVault USM good for your business?
- Traffic Analysis
- OTX feed intelligence
- File Integrity Monitoring
- Threat Scanning
- Asset Management depends too much on DNS
- Threat scanner could have more functionality
- Dashboards.
- Using trends in industry such as OTX pulses.
- The alarms are easy to track and start an investigation.
- More graphs like PRTG.
- More hands on labs.
- A faster learning curve.
AlienVault USM - The SEIM has landed.
- The price point is amazing.
- Directives are highly customizable.
- The open threat exchange is quite valuable as an open threat and IOC exchange.
- The UI has a bit of a learning curve.
- I would recommend a strong Linux background if you are going to do any custom plugins or directives.
- Some events are fairly generic in terms of naming convention, which can require more hands on investigation.
Alien Vault has been a great choice
- Built in correlation and directive rules. This fits the out of the box need.
- Ease of use. Of the four SIEM tools we investigated, Alien Vault was the only one to show in a demo how easy it was to use. Others made promises but Alien Vault showed proof. That has continued in our experience as well.
- Solid 3rd party monitoring and professional services. The company that performed the install was excellent. They helped us work through some configuration issues in our environment. We also decided to utilize a 3rd party for 24/7 monitoring and they have been excellent and responsive as well.
- Frequent improvements. Alien Vault appears dedicated to improving its product. In the relatively short time we've had it in place we have received several updates to features and functionality.
- The ad hoc search feature doesn't always return relevant results. Some of this may be a learning curve but some default queries would be helpful.
- Nothing else to really add. We've been very impressed with it so far.
AV USM - give it a few tasks and let it be!
- It has a good dashboard that provides a good sense of our overall security posture.
- It ties in well with emerging threats via its Open Threat Exchange system.
- It does a good job finding users out of compliance with our external VPN/Proxy policies.
- USM is great at identifying malicious network behavior.
- There is a big learning curve to the user interface. Once learned, its complexity makes it powerful.
- There are no alerts for system configuration alerts - such as full disks of the USM itself.
- There is no automatic offloading and archiving of old logs from the USM to an archival disk system. I have to manually SCP old logs off monthly.
Basic review of AV
- Alarms dashboard provides a great overview of all alerts, makes it easy to see what I need to focus on and what is noise
- Easily connects to all my desktops/servers using the HIDS agent, makes it simple to get setup
- As a solution, it was relatively cheap in comparison to it's competitors.
- Does not play well with CheckPoint firewalls, this has been a major pain point for me
- Would be great if there was a quick way to dismiss normal activity
Not suited to environments that are not standard plug in's, such as a heavy CheckPoint firewall environment unless you have some coders on your team that can write the necessary code to program the AV to read input data.