Overview
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as…
TrustRadius Insights
Empowering Security Zenith with Unified Vigilance.
will I continue to use USM, Yes I would
Excellent security for your machine
MSSP Review
Great product but out of the box it needs a lot of work.
AlienVault is about as user-friendly as it gets for threat detection
Great if you can deploy and manage on-premises SIEMs
AlienVault - Not Worth the Price
AlienVault USM Anywhere, a SIEM that is easy on your pocket.
Unbeatable Security Machine
AlienVault USM Provides Heightened Security Awareness in the Legal Services Industry
Best product I've seen for a smaller enterprise network.
Great SIEM for enterprise environments
AlienVault USM is a really beneficial SIEM solution.
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Centralized event and log data collection (8)8.585%
- Correlation (8)8.585%
- Event and log normalization/management (8)8.080%
- Custom dashboards and workspaces (8)7.070%
Reviewer Pros & Cons
Pricing
Essentials
$1,075
Standard
$1,695
Premium
$2,595
Entry-level set up fee?
- Setup fee optional
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Features
Security Information and Event Management (SIEM)
Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools
- 8.5Centralized event and log data collection(8) Ratings
Effectiveness of real-time centralized event and log data collection
- 8.5Correlation(8) Ratings
Correlation of logs and events to pinpoint significant threats
- 8Event and log normalization/management(8) Ratings
Ability to normalize event syntax so that logs can be compared and are machine-understandable
- 8.6Deployment flexibility(7) Ratings
Ability to tune system to maximize threat detection and minimize false positives
- 7.3Integration with Identity and Access Management Tools(5) Ratings
Integration with access control tools like Active Directory and LDAP
- 7Custom dashboards and workspaces(8) Ratings
dashboards that can be customized to meet the needs of specific groups
- 8Host and network-based intrusion detection(5) Ratings
Ability to detect both endpoint intrusion and network ingress detection
Product Details
- About
- Competitors
- Tech Details
- Downloadables
- FAQs
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.
Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.
Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.
Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.
AlienVault USM Features
Security Information and Event Management (SIEM) Features
- Supported: Centralized event and log data collection
- Supported: Correlation
- Supported: Event and log normalization/management
- Supported: Deployment flexibility
- Supported: Integration with Identity and Access Management Tools
- Supported: Custom dashboards and workspaces
- Supported: Host and network-based intrusion detection
Additional Features
- Supported: AlienVault Open Threat Exchange
AlienVault USM Screenshots
AlienVault USM Videos
AlienVault USM Competitors
AlienVault USM Technical Details
Deployment Types | Software as a Service (SaaS), Cloud, or Web-Based |
---|---|
Operating Systems | Unspecified |
Mobile Application | No |
Supported Countries | Global |
AlienVault USM Downloadables
- Unified Security Management vs. SIEM: a Technical Comparison
- AlienVault USM Anywhere: Datasheet
- AlienVault Fast Facts
- AlienVault USM Anywhere: Datasheet
- Beginner’s Guide to Open Source Intrusion Detection Tools
- SIEM for Beginners: Everything You Wanted to Know About Log Management But Were Afraid to Ask
Frequently Asked Questions
Comparisons
Compare with
Reviews and Ratings
(735)Community Insights
- Business Problems Solved
- Recommendations
Users have found AlienVault USM to be a valuable SIEM solution for centralizing and searching log data from a large number of network attached devices. This platform is being used for various use cases such as vulnerability management, scanning, malware detection, and monitoring malicious network traffic. It is considered a good SIEM solution for organizations new to security operational logging or those with a smaller staff and budget. The product has been praised for its integrated feature sets, including HIDS, NIDS, FIM, and security alerting capabilities. The inclusion of features like vulnerability scanning and file integrity monitoring has extended its value for organizations in the early stages of cybersecurity program development. Many users have experienced real-time alerts, enabling them to respond to security incidents and compromised passwords more quickly. Furthermore, AlienVault is used for a range of functions such as SIEM, vulnerability scanning, asset discovery, and investigations. It provides organizations with a centralized log collection site, allowing them to monitor and address new problems more effectively. The platform has been effective in helping organizations meet regulatory compliance requirements and improve SOC operations. Additionally, AlienVault is used to analyze network traffic, Windows Event Logs, and other security events, helping organizations improve network security and protect their customers. It solves security challenges related to device and software visibility, monitoring for anomalous events, and ensuring patch management. Users appreciate the simplicity of deployment and the robustness of the interface. The support team is highly responsive and knowledgeable.
AlienVault USM Anywhere is used by organizations to easily identify security incidents happening across their infrastructure and comply with PCI-DSS compliance requirements. MSSPs utilize AlienVault USM Anywhere to provide their customers with best-in-class threat monitoring and response services. It is also used to monitor cloud environments, scanning and alerting for any known vulnerabilities or activity on servers. AlienVault helps organizations with auditing purposes by monitoring cloud permissions and changes to security. Additionally, it is deployed to customers for monitoring and is used by NSOCs to monitor their networks. AlienVault has been implemented across organizations, covering server assets and providing granular logging on systems and networks. It helps in raising alarms/alerts and mitigating network-related activities. AlienVault collects and alerts on network and system activity across the entire organization, making it easy to filter for important data. The product centralizes log data and helps perform vulnerability analysis and threat detection. It assists in security patching and monitoring within AWS environments. Users appreciate the ease of use and configuration of the cloud-based panel. AlienVault is implemented and managed for clients as a recommended SIEM solution, collecting and normalizing logs from various data sources. It is used throughout organizations to gain insight into network and server events, manage and correlate logs, and recognize anomalous activity. Users have been able to set up alerts for specific events and policies, effectively managing systems and alerts in place, monitoring multiple client environments, and identifying issues that clients may have missed.
AlienVault USM Anywhere is praised for its cost-effectiveness compared to other SIEM solutions on the market. Users appreciate its threat intelligence capabilities, ease of use, user-friendly interface, and simplicity of deployment. The built-in correlation rules require minimal setup and provide high-quality results. Asset management and scanning features help users stay on top of monitoring assets, including dynamic and static asset lists. The integration of OTX into USM Anywhere allows for up-to-date threat intelligence and pulse subscriptions.
The software plays a crucial role in monitoring and alerting when anomalies occur, aiding in threat detection, compliance management, log collection, and vulnerability scanning. It helps organizations stay up to speed on new vulnerabilities and supports agile business initiatives by aiding analysts in identifying cyber threats and providing access to threat cross-referencing data. AlienVault USM Anywhere is deployed to monitor AWS cloud environments, attain compliance, identify threats, and facilitate auditing of non-emergency configuration changes and vulnerability monitoring.
Overall, AlienVault USM Anywhere provides centralized security monitoring, incident response capabilities, compliance reporting features, vulnerability assessment tools, real-time SIEM functionality, as well as asset discovery and user activity monitoring capabilities. It has been widely adopted across various industries for enhancing security posture and gaining comprehensive visibility into network activities.
Based on user recommendations, AlienVault USM receives the following common recommendations:
-
AlienVault USM is recommended for cost-conscious companies and small to medium businesses due to its affordability and effectiveness. Users find it to be a great tool for analyzing and reacting to threats, offering excellent value for the price.
-
Users suggest exploring alternative SIEM choices and discussing functionality and configuration requirements. Logrhythm is mentioned as a possible alternate SIEM choice, especially for high-end functionality needs. It is advised to compare features and select the SIEM system that offers the best cost for desired features.
-
To maximize the experience with AlienVault USM, users recommend taking advantage of training opportunities provided by AlienVault. Joining official training sessions allows users to learn best practices from other users and gain comprehensive knowledge of the product. Users also recommend utilizing forums, support, webinars, and videos offered by AlienVault to enhance understanding and achieve optimal results.
Overall, AlienVault USM is regarded as a cost-effective solution suitable for organizations with data privacy and security priorities. The product's flexibility, community-created intelligence, and continual improvement are also highlighted by users. While some mention areas for improvement, such as support stability and module quality, the general consensus is that AlienVault USM delivers reliable security enhancements and cost savings.
Attribute Ratings
- 7.2Likelihood to Renew18 ratings
- 6.4Availability3 ratings
- 7.3Performance3 ratings
- 6.7Usability34 ratings
- 7.3Support Rating25 ratings
- 8.3Online Training6 ratings
- 4.5In-Person Training1 rating
- 6.4Implementation Rating38 ratings
- 8Configurability3 ratings
- 6.3Product Scalability3 ratings
- 7.3Ease of integration3 ratings
- 8.2Vendor pre-sale3 ratings
- 7.6Vendor post-sale3 ratings
Reviews
(326-350 of 390)Security Management with homework
- AlienVault USM has a large Open Threat Exchange network that reports and utilizes vulnerabilities from around the globe to allow users to better secure against attacks.
- AlienVault USM accurately monitors network devices for vulnerabilities.
- AlienVault USM provides flexibility in device monitoring with the ability to create/modify plugins to parse information from a variety of log sources.
- The technical support is not very detailed with their responses. It almost feels as if the issues are brushed off rather than addressed in a detail oriented manner (i.e. "Everything looks good." as opposed to "Here is what I did...").
- The Asset Manager does not update IP to device name correlation accurately. If you have a DHCP network with short leases, tracking issues by device name can be problematic.
- It does not integrate with Office365.
What's a three letter word for security? USM!
- USM collects, organizes, and correlates events from multiple sources into a single point for analysis.
- USM provides advanced threat information via OTX.
- USM provides HIDS and scanning.
- Parsing log entries can be difficult unless one is proficient at using regular expressions. My understanding is that AlienVault support will do this for any products that are currently in production, but for anything older you will be own your own.
- The GUI, while pretty good, could use a more logical design. Some of the entries are hidden in areas that aren't intuitive.
AlienVault does the job and then some
- Support
- Ease of Use
- Powerful threat management tools
- Has to be run on VMware hosts.
- Log/event management of multiple servers
- Event/alarm reporting
- Vulnerability testing/hardening of servers
- Community based log correlation
AlienVault...Truely a security platform from another world.
- AlienVault gives us insight on the network intrusion inside of the external firewall.
- The HIDS agents collect a great number of data points letting us know what is going on.
- Asset management and detection has been easy to use and has given us an inventory of everything on our network.
- I think the biggest room for improvement is more documentation of what is going on behind the scenes with the different plugins.
AlienVault has worked really well for our one man security department. It has allowed us to get most of the security metric all in one place to be reviewed with ease and speed.
I can see AlienVault working in most environments.
AlienVault, it's out of this world
- User Friendly
- Cost Effective
- Comprehensive solution
- User interface is easy to use but not always intuitive
- Need to use command line to get some settings setup
- High pressure sales team, make sure to ask questions
- AlienVault USM will find numbers of assets just by monitoring the traffic and identify what kinds of devices are connected to your networks.
- The embedded rule set is pretty smart and helps dramatically reduce the numbers of security incidents which need to be taken care.
- AlienVault USM is an internet friendly solution and can easily forward significant incidents to outside SOC for further analysis.
- It must have a feature to support daily log rotation operation when it is used with syslog servers. The current implementation will lose log entities when log rotation occurs. It should keep on reading from the older log files for 10 to 30 seconds before it switches to the newer file when it detects log rotation events.
- AlienVault USM for AWS has greater features than a USM 5.x for on premise. AlienVault should merge the features or release the same functionalities ASAP.
- Log search features are poor and it needs to be improved. The AWS version may have a better feature set so it should be ported to on-premise versions.
AlienVault, hear it before you see it.
- I thought it was easy to install and get started
- Adding events from other network equipment
- Easy to manage and update
- The training at the beginning was too simple, if you have any knowledge on a SIEM, that training was not helpful.
- Support can be over your head at times when they are talking about things inside the system.
AlienVault - Out of this world SEIM
- It HAD to be easy to implement
- It needed to be multi task capable
- As a small agency price was critical
- None really
Just buy OSSIM if you have the skills!
- Easy to set up.
- Good pre-packaged signatures, and signature update service.
- As of latest version, very good interface (UI)
- Software updates and patches across an infrastructure are a nightmare.
- The physical install involves a lot of individual boxes in a datacenter... this could be consolidated.
- Support knowledge of their own product is sometimes lacking.
AlienVault is the way to go
- Once set up AlienVault does a very nice job monitoring incoming and outgoing connections looking for potential security issues. With the ability to monitor all the different aspects of our network it is a complete solution rather than having a patchwork of security pieces in place to monitor.
- The tie in to the AlienVault community further enhances the functionality of the solution by offereing early warnings on new threats and possible solutions for problems.
- The AlienVault system runs so well and quietly we occasionally let it slip on checking on current issues. This could be remedied by setting up notifications but we have not done that yet.
- Correlates data to find threats on the network
- Scans equipment for vulnerabilities and provides information on how to remediate
- Provides easy to read reports
- The AlienVault does not have a plug-in for our particular brand of network switch. Therefore, it cannot read those logs properly and detect threats internally in our network.
- There's no easy way to automate updates
AV USM - Jack of all trades or master of none?
- Customization: this is one point where AlienVault (AV) outshines the competition in capability of customization to perform threat detection, asset discovery, threat scoring, APT detection etc.
- AV Sensor performs asset discovery, vulnerability assessment, threat detection, and behavioral monitoring in addition to receiving raw data from event logs and helping in monitoring network traffic (including flow). The sensors also perform normalization of the received raw events and communicates them to the AV Server for correlation and reporting.
- AV Logger provides the capability to archive log files for purposes of forensic analysis and to meet compliance requirements for long term retention and management.
- Flexible architecture: all components including the sensor, the logger, the correlation engine etc., can be deployed tier based, isolated or in a consolidated all-in-one style. This wide variety of deployment options helps to have flexible and open architectures. This also helps us control a cost deployment - we bought only USM and the rest of OSSIM components are free, deployed as VM across the enterprise
- Open Threat Exchange (OTX) is a great community sharing platform that helps to share IP and URL reputation information so that all AV customers can benefit. This is true community sharing modeled on the likes of the Splunk Community (for app development). This has the potential to grow into a large source of real world ontelligence and what AV intends to do with this data remains to be seen. For now, it is being used by USM Correlation engine to provide better context and content for security monitoring.
- Price is way better than other vendors.
- A Jack of All trades, but King of None: the correlation engine is no where close to the likes of ArcSight , QRadar or Splunk etc. The threat Intelligence is not as good as QRadar, McAfee, RSA etc. And so on and so forth. So when it comes to critical functionality expertise, AV USM is found lacking.
- Product Stability: the biggest issue is its poor stability. With way too many components, myriad integration, a ton of scripts, the product is really unstable. Every version upgrade is a nightmare. Re-installation or re-start is the most common solution for the product to start working again. One of the most common and frequently failing components is the DB. We quite often experienced issues like DB corruptions, unresponsive queries etc. We think this is mostly attributed to MySQL DB as it by definition a structured DB. USM can hugely benefit from moving to a Non-DB Log storage architecture, thereby giving more flexibility in data management and improve scalability.
- Correlation & Workflow: AV USM has a strong foundation in correlation using XML driven directives and alarms thresholds, however, it falls terribly short when it comes to predefined rules, directives and workflow.
- Starting from version 5.2 AV broke a distributed Vulnerability scanner model for OSSIM (free components), based on remote sensors serve as relay to pass the result to USM (central aggregation point).
- Technical Support is inconsistent and poor quality. They support only USM and never a free version (OSSIM) For OSSIM support will refer you to documentation. Most of the times, the solutions rely on re-install or re-start or a bug-fix, because there are way too many components to troubleshoot and this leaves support to resort to re-install or re-start, without thorough root cause analysis.
Basic review of AV
- Alarms dashboard provides a great overview of all alerts, makes it easy to see what I need to focus on and what is noise
- Easily connects to all my desktops/servers using the HIDS agent, makes it simple to get setup
- As a solution, it was relatively cheap in comparison to it's competitors.
- Does not play well with CheckPoint firewalls, this has been a major pain point for me
- Would be great if there was a quick way to dismiss normal activity
Not suited to environments that are not standard plug in's, such as a heavy CheckPoint firewall environment unless you have some coders on your team that can write the necessary code to program the AV to read input data.
AlienVault USM, making available the capabilities of big systems for the small business
- USM makes available the tools and ability systems that cost up to 10x the cost. Is it as polished as the "store bought" proprietary systems? No. Does it do the same things? You bet. The Alienvault team is constantly working to make it better with more features, great technical support, and collaboration.
- Day one on site and as usual it looks ugly after a vulnerability scan and the clean up begins. You never know how well you have been doing until you verify systems. Patching, configuration, and more is revealed and remedied. Meeting regulatory requirements.
- OTX integrated into the working system is one way information gets into it, rule updates come down frequently as do feature set updates. Coupled with a Next Generation firewall in front of it with two sources of threat data, it doesn't get any better than that.
- Network IDS sees everything and can pick out bad things inflight on the network. Having eyes on network, firewall, and OS events the only thing left is watching over the user. Moving from firewall and AV to a more comprehensive across the board posture is all made possible by USM.
- USM needs to mature with the user control interface. Making things easier to get done without "Google", blogs, or support. Plugin support is growing slowly. The ability to have granular control over system behavior needs to mature.
First try with AlienVault USM
- OTX is a great tool, sharing security events between customer around the globe is the way to go!
- I like how AlienVault USM display data, it's easy to browse!
- The solution is very flexible, I haven'T already tested everything but when I cant to do something, there's always a way to do it!
- I haven't used the solution enough to find points where improvement is needed yet.
Keep the Aliens out of your Vault
- Cleartext passwords sent across the Internet (Wordpress sites)
- Knowing systems that are not fully patched. Windows machines are the worst for this.
- Seeing in-depth information from the firewall for sites that are attacking the network.
- Supporting more systems than VMWare. Hyper-V and Scale Computing come to mind.
- Allowing additional time for implementation. When you purchase installation services and then run out of time during installation, you can lose it. However, they have been flexible for extending the installation services for us.
Alienvault USM: Navigating the Infosec Universe
USM compiles/correlates logs from devices so that we can show evidence of PCI compliance by tracking and reporting on system administration activities such as additions/changes to privileged accounts, group policy objects, and firewall rules.
- AlienVault USM does log aggregation and quick analysis very well. There is an analysis screen which provides the ability to group events by signature for quick "big head and long tail" analysis. Looking at the most common events and the least common events often highlight misconfigurations, device errors, and security concerns. The analysis screen also provides the ability to filter events by signature, then select fields of interest within those events. Once this is done, it's just a few clicks to create a custom view and report module so that an analyst can quickly find and report on key pieces of information in the future.
- AlienVault USM provides powerful out of the box correlation rules which generate alarms on security concerns, misconfigurations, and vulnerabilities. Analysts can add their own rules to alert on just about anything in the environment, such as a specific user logging into a specific machine, a machine going offline, or configuration change to a critical device.
- Another thing AlienVault does well is providing administrative access to the underlying Linux system giving the analyst the ability to quickly troubleshoot issues within the SIEM implementation itself. Access to the underlying OS also provides the ability to make changes to configurations of the underlying well-known security tools to weed out noise events before they can start to consume higher level compute resources.
- Although the creation of custom report modules is powerful and easy, incorporating them into reports that are readable by non-technical staff without some interpretation is not so easy. Section headers can't be customized, and full log events cannot be presented in reports.
- Normalization (extraction/parsing of log fields and mapping them to actionable fields in the SIEM) needs to be done in further detail. There are times when I want to search on a particular field in a log, and can't do it because it's not normalized. I'm sure that it's a bit of a cat and mouse game with device vendors and operating systems, but more actionable fields in the database would be better. Fortunately, I can go into the underlying Linux system and do it myself, but it is quite time consuming to do so.
- A faster, more convenient way to weed out false positives would speed up the journey to SIEM success. I envision an interface similar to Micorosoft Outlook's rules, in which an analyst can look at an alarm from the USM, select the criteria on which she wants to suppress the event, create the rule, then hit a button to "delete existing alarms that match these criteria". I've shared this vision with AlienVault, and have my fingers crossed for the next version.
- Exploit detection
- Vulnerability Scanning
- SIEM
- IDS
- AlienVault is excellent at finding issues/exploits and providing the information necessary for forensics. It could be nice if instructions for remedies could be provided as well.
TrustNet Managed Security With AlienVault
- Log Management - AlienVault USM collects log data from all points in your network, analyzes it for suspicious activity and then stores it securely. This effectively means that you will always have an original copy of the logs in the event that a device is compromised and the logs on that device are altered.
- Asset Discovery - AlientVault USM make the creation and maintenance of the asset database simple. It auto-discovers devices on the network to build the database and add devices when they are added to the network. There is a passive and active scanning mode to do this. The active scan gives a lot more information about the devices which can include open ports and running operating systems.
- SIEM - AlienVault USM includes a comprehensive Security Event Management tool that analyzes all network traffic and data. There is a comprehensive rule set that is built into the system, and is updated regularly. The system gives administrators the ability to create custom rules and signatures including the cross-correlation of data from a large number of devices and software applications.
- One of the only issues that, we and some of our clients currently have, is the OpenVAS vulnerability scanning engine built into the platform. It has been our experience that the tool is not as reliable as many others on the market. It frequently misses vulnerabilities that other tools, for example Nessus and Nexpose, pick up. The vulnerability reporting also leaves a lot to be desired, and in large part does not include the detail necessary to perform remediation easily. Unfortunately, AlienVault has removed the support and functionality that it had in older versions of the software that enable you to load and use a different scanning engine.
Purchased & Installed for Compliance
- Overview of Log information from multiple sources (Trends, frequency, types)
- Vulnerability scanning
- Ticketing and Alerting
- Extremely hard to set up
- Hard to configure log filtering
AlienVault USM
- AlienVault does a great job of tying network data together with log information to generate alerts that actually matter. The correlation engine within AlienVault is quite impressive. The overall end result comes from a number of locations- from firewall data to windows logs and netlow, the USM provides tons of data in a simplistic user interface.
- The deployment and ease of use within AlienVault makes for an intuitive and easy to understand network device.
- The Open Threat Exchange (OTX) network also provides an easy way to collaborate with other security folks in the community.
- The documentation can be spotty at times. Finding what you need to understand how to take full advantage of the appliance can be a bit difficult at times.
- The vulnerability scanning within the USM is a nice feature that doesn't execute well. Getting the scans to complete in a timely manner- or at all sometimes- can be a pain. There are other scanners out there that do a much better job of finding the holes than this.
Still in development/test
- Integrates several tools together into one interface.
- Represents data about alerts and threats into an easy to use dashboard.
- Configuration of the various tools AlienVault uses is a bit complex requiring the manual editing of text files. Additionally since AlienVault brings together so many tools it requires the AlienVault engineer to be very familiar with each of the tools. This breadth of knowledge is uncommon and expensive. Would suggest working to provide a simpler configuration experience similar to what AlienVault has done with tying the information from all the tools into one interface.
- Upgrading to the newest revision is painful and fraught with peril. We recently upgraded and then had to rebuild the entire system.
- Approach to HA could use a bit of development.
AlienVault - Best Security Appliance
- It is a good logging device which helps you to monitor the activities on your devices.
- It helps you to know which user made changes at certain time.
- The alarms help with seeing any attack or interesting behavior of a device.
- It has good customized reports but I think they should be worked on to make it easy for users.
- It is difficult to use the traffic capture.
- I would like to see sms alerting on devices.
- AlienVault USM automatically correlates audit log data with security intelligence to identify policy violations.
- Provides a solid security awareness to IT environments.
- If you can get a log or event sent to the USM server, you can generate any alerts or emails, self healing remediation scripts etc. Very Cool feature!
- The vulnerability scanner provides solid and little known information about assets.
- I thought I'd mention that most organizations forget that any security tools always need someone to manage them. Any tool needs constant care and feeding. This tool minimizes and simplifies the daily care and feeding into a manageable security tool set.
- AlienVault USM is not an approved PCI ASV (PCI approved scanning vendor).
- The VPN setup and configuration could be made simpler and easier to configure. Configuration of VPN needs to be added to the web management UI.
AlienVault USM
- I view the primary strengths of AlienVault as flexibility, unified management, and cost-effectiveness.
- Flexibility: The systems are Linux-based and the customer is afforded the latitude to customize and build upon the foundation provided. One is only limited by imagination and scripting knowledge.
- Unified Management: Within a single pane of glass a security analyst may monitor and investigate correlated events from an array of log streams across the organization, deploy Host Intrusion Detection agents, deploy and customize File Integrity Monitoring, execute Vulnerability Assessments, accept input from Threat Intelligence feeds, and utilize correlation to "bubble-up" what needs to be addressed.
- Cost Effectiveness: Take a look at the cost and complexity of deployment and ongoing maintenance for SIEM, NIDS, HIDS, FIM, Vulnerability Assessment, & Log Management technologies. Wrapping them up into a single package for deployment and maintenance is a very attractive option.
- AlienVault's strengths may also result in its weaknesses. This is a bleeding-edge product based on open source technology and mentality. Beneath the interface lies a suite of opensource products whose versions may not be ready for prime time. New versions appear to be released without the extensive testing expected from more main-stream closed source products. Using the product to its fullest will result in frustration with bugs and some components which flat out don't work as intended. The interface and functionality provided lacks "polish".