1) Logging aggregation …
Centralized event and log data collection (5)
Event and log normalization/management (7)
Custom dashboards and workspaces (7)
Leaving a video review helps other professionals like you evaluate products. Be the first one in your network to record a review of AlienVault USM, and make your voice heard!
Entry-level set up fee?
- Setup fee optional
- Free Trial
- Free/Freemium Version
- Premium Consulting / Integration Services
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.
Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.
Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.
Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.
- Supported: Centralized event and log data collection
- Supported: Correlation
- Supported: Event and log normalization/management
- Supported: Deployment flexibility
- Supported: Integration with Identity and Access Management Tools
- Supported: Custom dashboards and workspaces
- Supported: Host and network-based intrusion detection
- Supported: AlienVault Open Threat Exchange
While it works with fully on-premise deployments (Exchange, file server etc), additional configuration for log correlations and alerting will likely be needed. Also for complex networks, getting the required port mirroring to ingest all network traffic can be difficult.
A MSP and especially MSSP would do well with this while organizations that pay for MSSP services might not need AlienVault USM.
The system may slow down considerably when a large number of events/logs are fed in the dashboard, so ensure there is enough storage each month.
It is very efficient as a supporting tool if SOC work is outsourced or the monitoring requirements are not very intense.