TrustNet Managed Security With AlienVault
Updated April 01, 2016
TrustNet Managed Security With AlienVault
Score 10 out of 10
- File Integrity Monitoring
- Log Management
- Asset Management
- Compliance Management
- Forensic Investigation
Overall Satisfaction with AlienVault Unified Security Management
TustNet is an AlienVault partner. We use the AlienVault platform to provide managed security services to our clients. We have clients that use the platform across their whole organization, and some that use it in specific departments. AlienVault USM has the tools built into it, that give us great visibility of suspicious activity occurring in our clients networks. TrustNet is also a QSA company. The AlienVault USM platform allows us to provide services to our clients that help them meet their compliance needs. It covers some of the major PCI compliance requirements, for example, Secure Log Management and storage, File Integrity Monitoring, Wireless network protection, and Vulnerability scanning and management.
- Log Management - AlienVault USM collects log data from all points in your network, analyzes it for suspicious activity and then stores it securely. This effectively means that you will always have an original copy of the logs in the event that a device is compromised and the logs on that device are altered.
- Asset Discovery - AlientVault USM make the creation and maintenance of the asset database simple. It auto-discovers devices on the network to build the database and add devices when they are added to the network. There is a passive and active scanning mode to do this. The active scan gives a lot more information about the devices which can include open ports and running operating systems.
- SIEM - AlienVault USM includes a comprehensive Security Event Management tool that analyzes all network traffic and data. There is a comprehensive rule set that is built into the system, and is updated regularly. The system gives administrators the ability to create custom rules and signatures including the cross-correlation of data from a large number of devices and software applications.
- One of the only issues that, we and some of our clients currently have, is the OpenVAS vulnerability scanning engine built into the platform. It has been our experience that the tool is not as reliable as many others on the market. It frequently misses vulnerabilities that other tools, for example Nessus and Nexpose, pick up. The vulnerability reporting also leaves a lot to be desired, and in large part does not include the detail necessary to perform remediation easily. Unfortunately, AlienVault has removed the support and functionality that it had in older versions of the software that enable you to load and use a different scanning engine.
- Alert Logic, RandomStorm and Clone Systems
AlienVault USM is hands down the best security management tool we have used for the market we service. All of the other platforms we have evaluated and used suffered from deficiencies, not only in the product, but in the service and support from the vendors that supplied them. AlienVault is responsive and their engineers are proficient. They also use recommendations from their users and partners, build some of these good ideas into their development roadmap. I've seen at least two of the recommendations that I've made personally (and I'm sure I'm not the only one that made them) find their way into the final product.
Because of its flexibility, and its ability to be deployed in a distributed manner, the platform is very scalable and can be used anywhere, from very small environments, to large enterprises. However, we have found that for very small companies the cost can be prohibitive if an appliance needs to be deployed.
Using AlienVault Unified Security Management
10 - USM runs in our datacenter and protects all of the users in our environment. We also use it as a platform to provide managed security services to all of our clients. Generally, the people involved with the system are our IT technical and security staff. This includes SOC operations and customer support.
3 - The type of people required to manage and support AlienVault Unified Security Management are typically highly skilled IT security individuals. This is necessary because of the type of data that is being dealt with in the system. The majority of IT administrators I've come across do not understand the data or it's impact on their networks. Getting certified on he USM platform is a worthwhile exercise in helping to understand the system, what it does, and how it works.
Evaluating AlienVault Unified Security Management and Competitors
Yes - We have evaluated many products including RandomStorm, Alert Logic, Clone Systems to name a few. Alienvault is the most comprehensive all-round product that allows us to service our clients in the most meaningful way. Alienvault has fuctionality and capabilities that most other product in the space do not, their development is professional and they list to their users and partners, and their support is first rate.
- Product Features
- Product Usability
- Product Reputation
- Prior Experience with the Product
The most important factor for us was the fact that the system is a combination of multiple tools that take care of different aspects of IT security which fit in very closely with the compliance requirements we help our clients with (specifically PCI). The fact that all of the tools incorporated in the system are managed from one central easy to use interface is a huge advantage.
I wouldn't change the process. We have evaluated a lot of products out there, and for us, the Alienvault USM is a great fit. One lesson we have learned though, is that it is definitely the right way to go to select a vendor that has a presence in your country. Dealing with a vendor that is in a time zone 7-10 hours away can pose serious challenges.
AlienVault Unified Security Management Implementation
Pre planning is crucial. We typically preconfigure all appliances before they are deployed to the client so that the only thing left to do is deploy the agents.
- Implemented in-house
- Professional services company
We (TrustNet) are the professional services company. We do the implementation and deployment for all of our clients.
Yes - Implementation is broken up into planning phase, pre-configuration, and deployment.
Change management was a small part of the implementation and was well-handled - There are certain aspects to the implementation that require change management, specifically installation of agents on network servers and workstations for log collection and FIM, and changes to syslog configuration on network devices such as firewalls and routers.
- Agent deployment. This has been greatly simplified in newer versions of the platform with the automatic deployment tool. However, if there are a large number of agents that need to be deployed, it is very time consuming as they can still only be done one-at-a-time. There is no ability to create a list of devices with their IP addresses that the system can use to automatically create and deploy the agents.
- Configuring WIDS can be complicated. The WIDS sensors are not standard or proprietary to AlienVault. We have found the hardware, and developed the imaged that gets deployed to it, to perform this functionality.