AlienVault USM: Simplifying Security with Cost-Effective Threat Detection.
Our organization uses AlienVault USM to enhance the security posture and streamline our clients' threat detection and response. The …
Starting at $1,075 per month
View PricingOverview
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as…
Recent Reviews
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Centralized event and log data collection (8)8.585%
- Correlation (8)8.585%
- Event and log normalization/management (8)8.080%
- Custom dashboards and workspaces (8)7.070%
Reviewer Pros & Cons
Pricing
Essentials
$1,075
Cloud
per month
Standard
$1,695
Cloud
per month
Premium
$2,595
Cloud
per month
Entry-level set up fee?
- Setup fee optional
For the latest information on pricing, visithttps://www.alienvault.com/products/pri…
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Features
Return to navigation
Product Details
- About
- Competitors
- Tech Details
- Downloadables
- FAQs
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.
Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.
Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.
Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.
AlienVault USM Features
Security Information and Event Management (SIEM) Features
- Supported: Centralized event and log data collection
- Supported: Correlation
- Supported: Event and log normalization/management
- Supported: Deployment flexibility
- Supported: Integration with Identity and Access Management Tools
- Supported: Custom dashboards and workspaces
- Supported: Host and network-based intrusion detection
Additional Features
- Supported: AlienVault Open Threat Exchange
AlienVault USM Screenshots
AlienVault USM Videos
AlienVault USM Competitors
AlienVault USM Technical Details
| Deployment Types | Software as a Service (SaaS), Cloud, or Web-Based |
|---|---|
| Operating Systems | Unspecified |
| Mobile Application | No |
| Supported Countries | Global |
AlienVault USM Downloadables
- Unified Security Management vs. SIEM: a Technical Comparison
- AlienVault USM Anywhere: Datasheet
- AlienVault Fast Facts
- AlienVault USM Anywhere: Datasheet
- Beginner’s Guide to Open Source Intrusion Detection Tools
- SIEM for Beginners: Everything You Wanted to Know About Log Management But Were Afraid to Ask
Frequently Asked Questions
Splunk Cloud and Fortinet on IBM Cloud are common alternatives for AlienVault USM.
Reviewers rate Deployment flexibility highest, with a score of 8.6.
The most common users of AlienVault USM are from Mid-sized Companies (51-1,000 employees).
Comparisons
Compare with
Reviews and Ratings
(735)
Community Insights
TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!
- Business Problems Solved
- Recommendations
Users have found AlienVault USM to be a valuable SIEM solution for centralizing and searching log data from a large number of network attached devices. This platform is being used for various use cases such as vulnerability management, scanning, malware detection, and monitoring malicious network traffic. It is considered a good SIEM solution for organizations new to security operational logging or those with a smaller staff and budget. The product has been praised for its integrated feature sets, including HIDS, NIDS, FIM, and security alerting capabilities. The inclusion of features like vulnerability scanning and file integrity monitoring has extended its value for organizations in the early stages of cybersecurity program development. Many users have experienced real-time alerts, enabling them to respond to security incidents and compromised passwords more quickly. Furthermore, AlienVault is used for a range of functions such as SIEM, vulnerability scanning, asset discovery, and investigations. It provides organizations with a centralized log collection site, allowing them to monitor and address new problems more effectively. The platform has been effective in helping organizations meet regulatory compliance requirements and improve SOC operations. Additionally, AlienVault is used to analyze network traffic, Windows Event Logs, and other security events, helping organizations improve network security and protect their customers. It solves security challenges related to device and software visibility, monitoring for anomalous events, and ensuring patch management. Users appreciate the simplicity of deployment and the robustness of the interface. The support team is highly responsive and knowledgeable.
AlienVault USM Anywhere is used by organizations to easily identify security incidents happening across their infrastructure and comply with PCI-DSS compliance requirements. MSSPs utilize AlienVault USM Anywhere to provide their customers with best-in-class threat monitoring and response services. It is also used to monitor cloud environments, scanning and alerting for any known vulnerabilities or activity on servers. AlienVault helps organizations with auditing purposes by monitoring cloud permissions and changes to security. Additionally, it is deployed to customers for monitoring and is used by NSOCs to monitor their networks. AlienVault has been implemented across organizations, covering server assets and providing granular logging on systems and networks. It helps in raising alarms/alerts and mitigating network-related activities. AlienVault collects and alerts on network and system activity across the entire organization, making it easy to filter for important data. The product centralizes log data and helps perform vulnerability analysis and threat detection. It assists in security patching and monitoring within AWS environments. Users appreciate the ease of use and configuration of the cloud-based panel. AlienVault is implemented and managed for clients as a recommended SIEM solution, collecting and normalizing logs from various data sources. It is used throughout organizations to gain insight into network and server events, manage and correlate logs, and recognize anomalous activity. Users have been able to set up alerts for specific events and policies, effectively managing systems and alerts in place, monitoring multiple client environments, and identifying issues that clients may have missed.
AlienVault USM Anywhere is praised for its cost-effectiveness compared to other SIEM solutions on the market. Users appreciate its threat intelligence capabilities, ease of use, user-friendly interface, and simplicity of deployment. The built-in correlation rules require minimal setup and provide high-quality results. Asset management and scanning features help users stay on top of monitoring assets, including dynamic and static asset lists. The integration of OTX into USM Anywhere allows for up-to-date threat intelligence and pulse subscriptions.
The software plays a crucial role in monitoring and alerting when anomalies occur, aiding in threat detection, compliance management, log collection, and vulnerability scanning. It helps organizations stay up to speed on new vulnerabilities and supports agile business initiatives by aiding analysts in identifying cyber threats and providing access to threat cross-referencing data. AlienVault USM Anywhere is deployed to monitor AWS cloud environments, attain compliance, identify threats, and facilitate auditing of non-emergency configuration changes and vulnerability monitoring.
Overall, AlienVault USM Anywhere provides centralized security monitoring, incident response capabilities, compliance reporting features, vulnerability assessment tools, real-time SIEM functionality, as well as asset discovery and user activity monitoring capabilities. It has been widely adopted across various industries for enhancing security posture and gaining comprehensive visibility into network activities.
Based on user recommendations, AlienVault USM receives the following common recommendations:
-
AlienVault USM is recommended for cost-conscious companies and small to medium businesses due to its affordability and effectiveness. Users find it to be a great tool for analyzing and reacting to threats, offering excellent value for the price.
-
Users suggest exploring alternative SIEM choices and discussing functionality and configuration requirements. Logrhythm is mentioned as a possible alternate SIEM choice, especially for high-end functionality needs. It is advised to compare features and select the SIEM system that offers the best cost for desired features.
-
To maximize the experience with AlienVault USM, users recommend taking advantage of training opportunities provided by AlienVault. Joining official training sessions allows users to learn best practices from other users and gain comprehensive knowledge of the product. Users also recommend utilizing forums, support, webinars, and videos offered by AlienVault to enhance understanding and achieve optimal results.
Overall, AlienVault USM is regarded as a cost-effective solution suitable for organizations with data privacy and security priorities. The product's flexibility, community-created intelligence, and continual improvement are also highlighted by users. While some mention areas for improvement, such as support stability and module quality, the general consensus is that AlienVault USM delivers reliable security enhancements and cost savings.
Attribute Ratings
Reviews
(1-25 of 177)Companies can't remove reviews or game the system. Here's why
Our organization uses AlienVault USM to enhance the security posture and streamline our clients' threat detection and response. The product helps us address critical business problems, such as identifying and mitigating security threats, monitoring network activity, and ensuring compliance with regulations. Our use case involves deploying USM across our network to monitor logs, detect anomalies, and respond to incidents effectively.
- Asset discovery.
- Real-time threat detection.
- Centralized log management.
- Provides actionable insights into emerging threats.
- Intrusion detection.
- Enhancing user interface intuitiveness.
- Granular customization options for alerts and reporting.
- Integration with third-party tools and expanding support for emerging threat intelligence sources would be beneficial since the alien app only supports a few.
June 03, 2023
Empowering Security Zenith with Unified Vigilance.
As an IT researcher at a university, we use AlienVault USM for centralized security monitoring, threat detection, incident response, compliance reporting, and vulnerability assessment to enhance our security posture. The scope includes network infrastructure, servers, and critical systems.
- Unified Security Monitoring and Threat Detection.
- Integrated Incident Response.
- Compliance Management and Reporting.
- User Interface and Ease of Use.
- Customization and Flexibility.
- Enhanced Automation and Orchestration.
June 01, 2023
will I continue to use USM, Yes I would
USM is our primary SIEM solution. The solution is not a standard SIEM but rather a SOAR, where one can add orchestration rules as well as run investigations. All of our network devices, servers, IPS IDS FW and more then all send the logs to this solution. Then the SIEM creates events which derive alerts and alarms.
- Investigations
- Event collection and alerting
- correlation rules
- N/A
- CBT training
- training
October 04, 2021
MSSP Review
Score 8 out of 10
Vetted Review
Verified User
AlienVault offers a different experience as opposed to other SIEM tools where it can be set up and configured properly in a shorter amount of time. The built-in correlation rules are of great quality with little-to-no setup required to switch on. Asset management and scanning is a great feature to keep on top of the list of assets to monitor, as well as dynamic and static asset lists. OTX is one of the best features to implement directly into USM Anywhere, with up-to-date threat intelligence as well as pulses to subscribe to.
- Threat intelligence look-ups
- Asset management
- Vulnerability scanning
- Better UI/workflow for alarms
- Better alarm management (add notes/set status)
Implemented in a SaaS company with resources in colocation and AWS. All server assets are covered however workstations are not. We like that it provides the opportunity of granular logging on all systems and networks.
- UX/UI responsive and easy to navigate.
- Covers wide variety of systems and devices.
- Ease of getting sensors up and running.
- More simplified dashboards would help not overwhelm new users.
- Use more industry-standard terms for items.
- Tech support that actually reads your questions prior to replying with canned responses.
- Update their KBs to reflect real-world scenarios. We've ran across several places where NxLog's settings in the KB were incorrect and support had no idea, kept telling us that we were wrong despite demonstrating to them the correct settings.
AlienVault is used across the organization, although only select individuals actually know that it is running. The software addresses the protection of mission-critical information and databases. The software is not useful for any other purposes outside of security of the networks.
- AlienVault makes following real-time threats very simple with its graphics interface.
- AlienVault is also easy to work with, and customer support is great.
- AlienVault works mainly automatically, which makes using it easy. If it required too much effort, the software tool would be replaced.
- The logs of AlientVault are harder to read through than other logs.
- Support is good, but not great.
- Resources for using the product could be made easier to search and understand.
AlienVault USM is being used by my entire organization for log aggregation and analysis in support of PCI compliance activities. It allows us to quickly identify security threats for 100+ remote and on-prem users, providing a 'single pane of glass' to view identity, networking, and workstation issues across the enterprise.
- Identifies possible spurious identify (Windows AD) changes and manipulation.
- Identifies installation of possible malware.
- Analyzed all activities and filters for only those with a potential negative security impact.
- Closing an Investigation does not close the attached alarms.
- Vulnerability Scanning interfaces/process is complicated to use.
- Vulnerability Scanning allows far too many assets to be specified at once, resulting in timeouts and ambiguous results.
July 13, 2020
AlienVault USM is a really beneficial SIEM solution.
We use Alienvault USM internally in our Security Operations Centre as part of our detection and response capabilities. We use it to monitor our on-premise networks and devices, our cloud servers as well as our cloud SaaS services. It allows us good visibility into our entire infrastructure and the events and alarms that we would otherwise miss.
We also implement and manage AlienVault USM deployments for clients as our recommended SIEM solution.
We also implement and manage AlienVault USM deployments for clients as our recommended SIEM solution.
- Ease of deployment and quick to get operating.
- Wide range of plugins and log receivers to ingest logs from many sources.
- Simple interface and dashboard makes daily operation quick and easy.
- Custom notification templates can be limited - it is not easy to get custom email alert content for example.
- Some network configuration on premise is needed to take full advantage of NIDS (port/traffic mirroring for example).
- Vulnerability scanning and reporting can be a bit sparse if you are used to the likes of Nessus.
Alienvault USM Anywhere touches all endpoints and networks of our organization. Is solves some big problems like:
1) Logging aggregation and actionable insights using log correlation.
2) Threat hunting & intel.
3) Vulnerability management and validation of our separate patch automation software.
4) Security orchestration.
5) Asset discovery and inventory management.
1) Logging aggregation and actionable insights using log correlation.
2) Threat hunting & intel.
3) Vulnerability management and validation of our separate patch automation software.
4) Security orchestration.
5) Asset discovery and inventory management.
- Log Correlation: The engineers at Alienvault/AT&T Cybersecurity have included a great integrated rule set (which continues to grow) to save analysts time on combing through logs and instead executing threat hunts, investigations, and remedial activities.
- Single pane-of-glass for all security activities from the convenience and efficiency of a SaaS web console, being that USM has deep integrations with over a dozen major software platforms (Office 365, GSuite, ZScaler, Box, etc.) and what they call plugins which interpret log and SIEM data from hundreds of vendors and platforms like Meraki, CrowdStrike, Aruba switches and AP's, etc.
- Great value! You can pay the same or more for other big name SIEM vendors that offer less features than this platform. Plus, even if you begin ingesting too much log data, you can filter specifics types of logs (for example, ones that have no impact to security) to bring data ingestion in line with your subscription level. The onboarding team did a great job in right-sizing our subscription plan, so this hasn't been a problem.
- Vulnerability scanning is currently done by authentication into the host over the network, even when the AlienVault USM agent is installed on an endpoint. It would be nice to have near-real-time vulnerability information provided via the agents. This would also delete the need for specially-configured remote-access admin service accounts on endpoints, which is just another account that has to be administered, namely password management and auditing for potential abuse and compromise.
- Endpoint agent support for ARM architecture is just starting to get going -- wide availability across Linux and MS Windows/Server platforms won't be available until possibly circa mid-2021. Fortunately, at least general asset scan info, authenticated vulnerability scans, etc. still provide a good deal of security inspection into these devices.
- Making some UI settings persist across logins on the web console is still lacking. Would also be nice to change a "detailed view" to icons/thumbnails/tiles. UI is very efficient in some aspects but frustrating in others.
July 03, 2020
One of the best SIEMs out there
We use AlienVault USM to monitor our network flow and alert us if any of our alarms are triggered. We integrate our Cisco Umbrella and Meraki solutions so that it saves time, having a single dashboard without having to check each instance. We also like the ability to create custom alarms and us the threat exchange to be notified of any day zero vulnerabilities on the software we run in the office.
- Easy intergration using APIs
- Bespoke alarm configuration
- OTX database
- Needs to be fine tuned to get any valuable insight
- Requires alot of resourses when running in VMs
- Cost makes it hard to sell to smaller buisnesses
April 24, 2020
AlienVault USM anywhere
It addresses compliance and vulnerability assessments, which are critical in having a holistic view of mission-critical assets. USM also gives the ability to detect network threats before they are exploited by criminals, as well as forensic evidence of what happened when and how it happened. With the help of AlienApps, there is vast integration with existing security solutions.
- Authenticated vulnerability assessment
- Authenticated asset discovery
- Incident response
- Log correlation
- Ability to do an external vulnerability assessment.
- User training awareness through the console for administrators to educate users.
- Allow more remediation options for administrators to endusers.
March 18, 2020
AlienVault is amazing
We are using AlienVault USM to monitor our whole network. We then sell to and manage the app for clients.
- Simple UI
- Easy to use, even if you are not used to it
- It makes everything simpler to monitor.
- Difficult to get the files in the forensic area
- The investigations could be more user-friendly, or it could apply some AI to be quicker.
March 12, 2020
AlienVault USM for Investigation Efficiency
AlienVault USM is used by the Cyber Security Team of the company as a SIEM. Basically we use it for our investigation by utilizing the events and alarms section. AlienVault is actually easy to use and understand. It helps in making the investigation process a lot more efficient. It also provides Threat Intelligence that helps identify which of the alarms we should prioritize.
- AlienVault offers Rule Creation which helps in testing out new implementations such as alarm suppression, event suppression, etc.
- AlienVault is easy to navigate. At first, I was kinda confused watching my teammates use it but the more I spend my time with AlienVault the more I appreciate its features.
- For me, I really appreciate the filters. I can filter out events specifically, which reduces time spent on looking for a particular event.
- I think adding multiple events in the investigation would really help.
- When opening an alarm, I hope we could just open the events on another tab directly.
March 09, 2020
AlienVault USM Review
AlienVault USM is being used by the whole organization and our multiple clients. Being an MSSP Partner we use it starting from installation to incidence response, for threat intelligence, forensics, etc. AlienVault USM can address a wide range of issues, including basic issues like security monitoring, Office 365, end-point detection, behavioral monitoring, vulnerability management, IDS, IPS, etc. These are the basic issues that most SIEM solutions solve. What makes AlienVault USM different is its threat intelligence performance, fastest intrusion detection, and incidence response methods. It has more than 3000+ user directives built-in by AlienVault research labs.
AlienVault USM is the best in 3 categories compared to other tools on the market:
1. cost - traditional SIEM solutions include license, implementation costs, and renewal costs and additional training costs. Enterprise should consider SIEM as long-term investments in overall cybersecurity.
2. poor correlation rules - one SIEM problem enterprise faces is failing to maintain proper event correlation information. This solution works on threat intelligence to potentially detect threats.
3. ease of use - complexity remains one of the most commonly referenced SIEM problems. This SIEM solution possesses a user interface that works best for an IT security team and environment.
AlienVault USM is the best in 3 categories compared to other tools on the market:
1. cost - traditional SIEM solutions include license, implementation costs, and renewal costs and additional training costs. Enterprise should consider SIEM as long-term investments in overall cybersecurity.
2. poor correlation rules - one SIEM problem enterprise faces is failing to maintain proper event correlation information. This solution works on threat intelligence to potentially detect threats.
3. ease of use - complexity remains one of the most commonly referenced SIEM problems. This SIEM solution possesses a user interface that works best for an IT security team and environment.
- Correlation Directives - USM has 3000+ default directives, which reduces time and man-power.
- SOC building is much quicker and can be complete in 3 months, which is very difficult with other tools that are currently in the market.
- Yearly subscription of USM product is equal to 3-4 months of others currently in market
- OTX pulse is the world's biggest forum, which helps in threat hunting and management.
- Less involvement of man-power and cost
- Raw log feature is a little slow with limited features
- Very few, infrequent updates
- Backup log is not effective and not easy
- Storage issues
February 27, 2020
AlienVault USM is quite cost effective.
AlienVault USM is one of the tools that we use across the entire organization. It is used to monitor the traffic in our cloud infrastructure and also allows us to centralize the login information in one place, which is the AlienVault Secure Cloud. If there is a triggered alarm for suspicious traffic, it will track that.
- Ability to identify issues
- Reduces workload
- No auto-investigation
- Multitasking ability
January 28, 2020
AlienVault USM Review
We use USM to monitor our organization and we deploy it to our customers so we can monitor them with our NSOC.
- It does a great job of correlating the traffic that it sees and compares it to Open Threat Exchange.
- It's easy to read and set-up.
- When looking at events from a destination IP, the USM doesn't show you the total number of these until you find the last page. It just says "XXXX of 4,000,000".
December 31, 2019
AlienVault USM is good overall
My organization is using AlienVault USM as one of the internal security operation solutions. It helps us to perform operations such as vulnerability analysis and threat detection. It also helps us to centralize the log data to be stored in one place, which is AlienVault Secure Cloud, a certified environment.
- Fast and inexpensive.
- Easy to deploy.
- Tedious in customizing rules.
- Filters are hard to use.
December 06, 2019
The most approachable threat management system!
As an MSSP our company utilizes AlienVault USM Anywhere to provide our customers with best-in-class threat monitoring and response services.
- With the Open Threat Exchange, AlienVault USM Anywhere is able to quickly identify emerging indicators of compromise and alert on threats as they arise.
- We've found the improvements in the authenticated vulnerability scanning engine to reduce the number of false positives and increase the integrity of vulnerability reports.
- Speed of deployment is a strength, particularly with the AlienVault agent which utilizes os query to collect typically important data.
- Alien apps provide us with the ability to integrate third party security packages and swiftly take action on alarms.
- More Alien app integrations with emerging EDR solutions would be useful.
- A catalogue of commonly filtered events would make on-boarding much quicker and easier.
November 27, 2019
AlienVault USM Anywhere
Our organization provides multiple security services to clients. These services fall into three broad categories: Offensive consulting services, such as penetration tests and vulnerability assessments; Defensive consulting services, like digital forensics and incident response; and security operations, which consist of continuous network and endpoint security monitoring and threat detection. AlienVault USM is one of the many solutions used to perform security operations for our clients.
- AlienVault USM is simple and easy to deploy. Sensors can be deployed in as little as 15 minutes through the setup wizard.
- The USM UI is easy to understand. I've trained multiple analysts who are able to perform their duties on their first day, in part because of USM Anywhere's ease of use.
- Top-notch built-in compliance templates and reporting features.
- Filtering using built-in search statements is difficult to pick up and run with.
- When creating custom rules for reports, there can be too many options, and often have little use for the task at hand.
- You sometimes need product-specific knowledge, like AlienVault field names, to find the information you're after.
November 14, 2019
AlienVault USM Anywhere Review
We utilize the AlienVault USM Anywhere solution for threat detection in our corporate networks. The new cloud-based panel is great! Very easy to use and configure.
- Easy to Install
- Cloud Alert Console
- Relevancy of Data/Alerting
- Adding additional plugins and applications can be difficult
- Extensive filtering required to streamline event collection
November 13, 2019
AlienVault USM for Small Business
The business problem it addresses is derived from governance and compliance set by the USG and the DFARS regulations to have a SEIM. I have experience with paid products such as QRADAR and Splunk, and open source products such as Graylog/Elk/Wazah/security_onion. This is a department tool to consume the whole organization's security related data. We currently use it as the SEIM.
- It's a decent log aggregator.
- Does correlation between events well, if set up correctly.
- Control on attribute mapping within USM Anywhere or fully disclose the mappings between ingested raw logs and attributes those values map to, in order to be searchable, and give power to the end user to create meaningful alerts and queries for the right content.
- Notifications for alerts tend to lack the essentials to make a determination off of the email. Often times alerts within cloud products are benign and part of the user experience and behavior, but get classified as violations, because they meet the criteria of equivalent alerts that are actionable.
November 04, 2019
Cost effective and easy to use
It is being used by our Network Operations Center to monitor potential security alerts and suspicious activity. It is also used as an additional investigation tool if users or customers report potentially malicious activity.
- Easy to set up/use
- Cost-effective
- Interface is slow and quirky
- Lacks functionality compared to other products
- Documentation (both troubleshooting and informative) is lacking detail
- Ease of use also has downfalls in that when detailed information is needed it's harder to obtain when investigating/troubleshooting
We use AlienVault across the org, with accumulator appliances in two offices and in our cloud infrastructure. These devices are syslog targets and are used to scan traffic in each location. In addition, I also have deployed the AlientVault USM agent script to all servers and user systems. AlienVault sometimes notifies me of problems within integrated systems such as Sophos before that service itself. Notifications as simple as an improperly configured SSH config or something as significant as signs of SPECTRE traffic are delivered to my inbox so I may deal with these alerts ASAP.
- Alienvault USM is THOROUGH. We have a highly integrated workspace that's most SAAS, and I monitor those integrations and their security with AV. If I am trying to track the uptime of a laptop, I don't go to VPN or our Directory Services... I go to AV.
- As I mentioned before, we use Sophos to protect our laptops. If a questionable file shows up on someones laptop, I hear about it from AlienVault before I hear about it from our Sophos service.
- The OTX Pulse feature is a built-in feature that lets you subscribe to industries and you are notified about new threats that affect that industry on a daily basis. The pulse alerts are added to your AV watchlist.
- Personally, I've wished I could purchase a service that would configure AV for my environment. I get a lot of traffic on a daily basis and I almost need to hire an analyst that just works on AV.
- Some of the filters when looking for a specific alert aren't that easy to use.
October 29, 2019
AlienVault working reliably to protect your office network.
AlienVault is used to monitor traffic in our offices and the VPN for suspicious activity. Additionally, deployed agents monitor event-logs and several streams from our Syslog to ensure we can see any bad-auths. AlienVault helps to identify bad traffic, suspicious user behavior and outdated software on those hosts with the agent deployed.
- Through the open threat exchange, I get the latest indicators of bad actors and can, on the other hand, add my own indicators if I feel something is missing.
- Filter-/Alarm-rules are easy to set up, so I can distinguish the important bits from noise in the logs
- Deploying the agents is very easy through the provided PowerShell scripts.
- Setting up a working stream of the windows-event-log (not using local agents) seems impossible, and AlienVault's support wasn't very helpful in this matter. We finally decided to drop this (it ran for a while, then stopped for no apparent reason, seemingly a problem with certificates) and use local agents instead.
- Sometimes agents don't update themselves, and it's hard to diagnose what causes this.
- Also, the updater of the sensor-appliances doesn't seem to run very reliably. From time to time I have to re-install the sensor-appliance, as it doesn't want to update itself.
October 25, 2019
My Experience using AlienVault
In our organization we use AlienVault USM for threat detection and to keep up to date with patches needed to cover for known vulnerabilities in our servers.
- Threat Detection
- Scanning for Vulnerabilities in servers
- Event handling
- Integration with other product like Google Suite to create security reports.
- When handling alarms, I'd like to be able to select all the resulting alarms at once after filtering and not by groups of 100 like it's possible now.
- I think filtering could be improved in the Alarms and Events sections.