My experience with Aliens - AlienVault USM
Updated October 13, 2015

My experience with Aliens - AlienVault USM

Sasa Cakic, CISSP, ACSE, ACSA | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Software Version

5.1.1

Modules Used

  • All

Overall Satisfaction with AlienVault Unified Security Management

AlienVault Unified Security Management is being used by the IT department and IT Security Officer to manage daily IT security tasks and to keep those tasks in compliance with decisions made at the tactical and strategic level. In addition to IT security management AlienVault Unified Security Management is very useful in detecting various infrastructure problems.

Pros

  • The best part of AlienVault, in my opinion is how USM handles alerts and sorts them to several levels by severity. This gives us an opportunity to do a fast triage between those alarms and to dedicate valuable human resources to the alarms that matter.
  • Another thing I love about the AlienVault USM system is that you can check very quickly the external subject in whois database, domain or IP black lists, if they participate in any activity toward honeypot networks etc., from one trusted central point.
  • By vulnerability scanning you can check if a company or external resource is vulnerable and with that information forbid an external resource or remove vulnerability. Now we do not just sit in the dark, we can say that we efficiently manage IT security.
  • Also AlienVault USM becomes better and better with each new version.

Cons

  • In my opinion AlienVault has to improve the asset inventory management module and return OCS GUI for easier management. Also detection and deletion of objects that are withdrawn from service should exist.
  • Another thing that has a place for further improvement is automatic plugin generation and installation. Those operations are not so intuitive and manual writing and installation consumes lot of time.
  • In the future versions of AlienVault USM I would like to see some sandboxing technology and official documentation about integration with honeypots.
We chose AlienVault USM system because offers more than a classic SIEM system. We can collect events from multiple assets but AlienVault USM can cross/correlate those events, turn them into alarms and sort those alarms according to severity. That way it is much easier to do triage between alarms process relevant alarms.

I can't say if there are specific scenarios where it is well or less appropriate to use AlienVault Unified Security Management. I can say that in our scenario it is stable and works well. We established a stable, well working system after we answered a few questions during the planning phase:


1. Will we invest into infrastructure or outsource it?


2. What and where are the assets we will manage through AlienVault Unified Security Management?


3. Do we have a supporting infrastructure for AlienVault Unified Security Management at that locations?


4. How many traffic/events managed assets will be produced and will AlienVault Unified Security Management will be able to process them?


5. Do plugins for those assets exist or will we have to create them?

Comments

More Reviews of LevelBlue USM Anywhere

  1. Home
  2. Extended Detection and Response (XDR) Platforms
  3. LevelBlue USM Anywhere Reviews
  4. User Review of LevelBlue USM Anywhere