AlienVault USM - Surfing with the Alien
September 29, 2015
AlienVault USM - Surfing with the Alien
Score 8 out of 10
Vetted Review
Verified User
Software Version
5.1
Modules Used
- SIEM
- Vulnerability Scanner
- Reporting
Overall Satisfaction with AlienVault Unified Security Management
We deploy AlienVault sensors across 32 business units in 34 different Countries. We use the platform to gain visibility of the threats present in our network and directed at our critical IT assets. We use the SIEM to collect logs from a variety of systems and analyse them for security information and trends. We do not currently have any compliance requirements addressed by the product.
- The automated reporting and report distribution has been extremely useful, allowing us to schedule reports on things like asset updates, discovered vulnerabilities and systems being attacked. We automate these reports and distribute them by mail without additional intervention.
- The unified view of threats in the network has proven extremely useful in identifying false positives, as well as trends in attacks across the business. We can see if attacks are targeted at a particular business unit, or have been scaled up to impact the group as a whole. This allows us to gauge our response
- The integration of an asset inventory with details such as asset value, OS, location has allowed us to pinpoint areas of threats, and target our incident response much more accurately
- The use of a SEIM to analyse security alerts has reduced the amount of time we spend chasing false positives
- Reporting although good misses some simple enhancements. There are views in the console for example which assets have been scheduled for a vulnerability scan, which can not easily be extracted in to a report. Although there are a large number of canned reports, the addition of a simple report builder would significantly enhance the product's usefulness
- The vulnerability scanner reports are likewise an area where improvements could be made. For example it is difficult to identify a list of hosts that have had a particular vulnerability identified for targeted remediation.
- The asset import / export feature claims to use CSVs but the format is somewhat non-standard, and loading/saving the files in Excel does not result in easily managed files. Again, the asset information lacks some derived information such as alerts, scheduled for vulnerability scans, groups, etc. All of which can be derived elsewhere but with some effort
- The dashboard screens are useful but need to be expanded in to more areas of the products. For example rate of vulnerability remediation, or number of assets actively scanned / detected by the platform
AlienVault as a single platforms incorporates a number of open-source products and binds them together in a useful and innovative way. The individual components are not always the best available, and purchasing these products separately may result in better service in individual areas. However it is the integration of the different products, the unifying intelligence behind them, and the consolidated reporting that makes AlienVault far stronger than the sum of its parts. The Open Threat eXchange (OTX) is a valuable addition for threat intelligence and the product even includes a basic ticketing system for managing findings. These strengths combined with a much lower purchasing cost were deciding factors for my company