I'm Not Saying it's Aliens, but it's AlienVault.
Updated September 01, 2017

I'm Not Saying it's Aliens, but it's AlienVault.

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Software Version

5.1.1

Overall Satisfaction with AlienVault USM

We currently use AlienVault as our IDS, HIDS, FIM, vulnerability scanning, log storage, SIEM, and incident response solution at Save Mart Supermarkets. It is also used in a lesser degree for asset inventory within specific areas of our company. It was purchased primarily in order to help us comply with PCI (the main driver behind purchasing AlienVault) and for security in general. The Networking and Security team are the primary users of this tool but it is used to monitor across the entire enterprise.

Pros

  • AlienVault has a broad selection of tools all within the same user interface. We have been able to cover several security needs with one product that previously were done with several different tools. This has made it a lot easier to manage as we have to learn one tool rather than many different tools. It was also much more cost effective than it would have been buying a multitude of point products. AlienVault enabled smoother compliance with PCI because we were able to get many of the required security controls in place more easily. In our particular case this was especially because of using the vulnerability scanning, file integrity/host intrusion detection, and network intrusion detection modules within AlienVault.
  • I have always had excellent experience with AlienVault's support. Any issue I have had they worked with me to resolve quickly. I have also had the opportunity to speak to several individuals within AlienVault to discuss problems I have had with the product or features that I would like to see. They have always listened to me and almost all of the things that I wanted to see have actually been added to the product in the time I have used it. It has improved considerably over the year that I have been using AlienVault. I am quite happy with the ability to give feedback that I know is listened to. In fact I consider this to be one of the best things about this product. It is pretty solid and has quite a bit of usefulness to begin with but no product is ever perfect. We are all aware of products that don't live up to marketing hype. Which of course means having a company that listens to feedback very important so they can constantly improve and refine their solution.
  • Complete access to the underlying OS. I am not particularly fond of products that limit access to all aspects of the product. It is one thing to have proprietary code it is another to limit root or admin access to a box your company paid for. In AlienVault you can get into the command line anytime you want (it is built on a Linux OS). If you need to do some troubleshooting with which the UI is simply not sufficient, you can! There are issues that I have resolved with support that now I can resolve entirely on my own because I retain the capabilities to fix the problem they have (for support issues it is really a lack of knowledge on my part rather than lack of capability). I have had bad experiences with products that require calling support and waiting for them to do something.
  • OTX (Open Threat Exchange) went from something that was merely interesting and possibly useful to something that is extremely interesting and very useful for incident response. It has a lot of really good information on the many threats that you would see out in the world. It is really handy in order to hone in on the threats that actually matter to you (plus ignoring threats that do not matter). In our case POS (point of sale) malware represents the greatest current threat. I now have a good idea of the kind of POS malware there is. AlienVault will correlate all of the data from OTX so you will know if any behavior from any of the threats listed in OTX can be found in your environment.

Cons

  • I have had several "teething" issues with AlienVault. While I have been able to resolve pretty much all of them with support they were irritating to deal with. It has required fixes that had sometimes taken hours to resolve certain issues. None of them were crippling or extremely serious but I have run into enough of them that it was a problem. These ranged from issues with the local backups taking up way too much space because they did not rotate properly to issues with the asset inventory database.
  • Performance issues have been a problem, especially earlier. Sometimes pulling data from the event log is very slow. To the point of being unusable. It has improved considerably as not too long ago they upgraded their back end database that increased performance in a very noticeable way. I personally would like to see a much faster way to look through individual events. It can take a while to look through several of them. It keeps improving but they definitely have some room to grow here.
  • I do not like dealing with the plugins for data. Some of this could be merely my lack of ability in log reading and writing filters but the feature I want to see most improved is how you use plugins within AlienVault. It can definitely be streamlined and made more user friendly. I buy tools like this so I do not have to write my own correlation rules and log interpretation filters. It is certainly usable but kind of clunky.
I would argue AlienVault Unified Security Management could fit almost any scenario. One of the main reasons to get AlienVault is so that you can solve several security "problems" in one fell swoop. Rather than buying a large number of point products instead you have something that can serve many needs while reducing the amount of expertise you need to have in house. It can also make the jobs of your security team much easier by giving them something they can get a large amount of information from all in one place.

Evaluating AlienVault USM and Competitors

Yes - Tripwire and Nessus were replaced. Primarily because AlienVault could take the place of both for a reduced cost and with the same level of functionality for FIM and vulnerability scanning. Besides that AlienVault provided much other functionality neither of those tools possessed. AlienVault gave a single UI and point of management for various aspects of security controls. This made administration much easier especially in comparison to Tripwire which was an administrative burden.

AlienVault USM Implementation

Using AlienVault USM

The user interface is pretty intuitive in how to use it. The majority of the functions within AlienVault are easy to utilize without requiring you reading a large amount of documentation. Fiddling with some of the custom policies takes a bit of using to get used to but not hard to do overall. I did not need to request help from support to use most things and the times that I did were dealt with pretty easily.

Comments

  • Tami Andrews | TrustRadius Reviewer
    Tami Andrews
    (Vendor Representative) commented 8 years ago
    Thanks for your comments & feedback!
  • Skylar Talley | TrustRadius Reviewer
    Skylar Talley
    (Vendor Representative) commented 8 years ago
    This is incredible feedback. Thank you so much! As the Product Manager for USM Appliance, I wanted to let you know that we're actively working on making major infrastructure improvements to the SIEM view. In addition, we've recently rolled out the Custom Plugin Builder, which should make onboarding new log sources to your USM easier than it's ever been. Please feel free to drop me a note at stalley@alienvault.com if you'd like to discuss these and/or any other points of feedback we have and thanks for being a great customer!

More Reviews of AlienVault USM

  1. Home
  2. Security Information and Event Management (SIEM) Software
  3. AlienVault USM Reviews
  4. User Review of AlienVault USM