AlienVault delivers out-of-this-world Integrated Security Management
Updated August 24, 2017
AlienVault delivers out-of-this-world Integrated Security Management
Score 9 out of 10
Vetted Review
Verified User
Software Version
5.1.1
Modules Used
- USMStandardServer, USMSensor, USMLoggger
Overall Satisfaction with AlienVault USM
AlienVault is being used for asset monitoring, log monitoring and event correlation, availability monitoring, vulnerability scanning, Host Intrusion Detection (OSSEC), Network Intrusion Detection (Snort / Suricata), and as a SIEM (OSSIM). It is being used mostly by IT Security, but also partially by IT Infrastructure System Administrators.
Pros
- AlienVault is the "glue" that integrates what could otherwise be maintained as a set of separate, open-source applications. Instead of having to install, configure, test and maintain separate packages for HIDS, NIDS, Vulnerability Testing and log monitoring, AV presents these various tools through a single integrated Web GUI.
- AlienVault's SIEM and Log monitoring/event correlation tools are very good. They make it easy to get a good overall picture of what's happening on the network, and then to zoom in on details down to single TCP flows or individual events on a workstation.
- AlienVault's vulnerability scanning has replaced Nessus for us in the Enterprise. We now have regular, scheduled, scans of all servers and workstations, and have a monthly remediation meeting with the Systems Administrators to work through how to address the more serious vulnerabilities.
Cons
- AlienVault's documentation is poor. Taking their one-week Security Analyst and Security Engineer certification training helped since the course documentation was more concise and centralized than anything I could find online.
- Reporting in AlienVault actually took a step backward recently when they eliminated their OSSIM reporting functionality and now only provide USM reporting. Some of the report modules are still not working properly.
- More consistent Case management would help tremendously. Usually they are responsive and effective, but on a couple cases that I've opened, their responsiveness has been very poor.
- Snort, nessus and Splunk
AV USM stacks up well against these other, individual products, especially when considered as an integrated package. The Suricata and OpenVAS modules are rule-compatible with their counterparts (Snort and Nessus), and offer the same functionality. The log management and correlation is probably not quite as strong as Splunk, but close.
Comments
Please log in to join the conversation