Overall Satisfaction with AlienVault Unified Security Management
Our USM is primarily used as an importing building block in our Security Operations Center (SOC) and Network Security Monitoring (NSM) activities. It's used by the members of the security team alone, as they are responsible for all these activities. The USM is used to improve security visibility throughout the whole organisation, and to detect security incidents while they are happening.
- USM incorporates different technologies (HIDS, vulnerability scanning, netflow, NIDS...)
- USM is quite open, and you are pretty free to do what you want by using the command line (although that's less and less supported by AlienVault, which is a pity)
- Quite easy to scale up or down
- Not so easy to develop custom plugins compared to other vendors
- Not so easy to set up correlation rules compared to other vendors. For example, you cannot correlate on correlation rules.
- It's difficult to deal with static data (for example, personnel list), USM can only deal well with dynamic data like syslogs, netflow, data captures, etc...
- You can not use netflow in correlation rules.
- Data stored in the "Logger" is difficult and inefficient to query.
- Custom reporting is very limited. For example, it's impossible to create a bar chart to visualize most common attacked ports.