Overall Satisfaction with AlienVault Unified Security Management
We use AlientVault Unified Security Management across our entire organization to address PCI compliance and to improve our security posture. We use it to correlate and monitor security logs, for network intrusion detection, and for local host intrusion detection and file integrity monitoring.
- The cross-correlation in the SIEM module is very advanced. It will take in input from as many devices as you can throw at it, and will set up alarms when it sees suspicious activity.
- Having one central web-based location to view all security events and potential threats is incredibly useful.
- AlienVault USM provides an easy way to manage some very difficult, opaque technologies such as Ossec and Snort. These two technologies while powerful, on their own each require a lot of management without great support. AlienVault takes the management hassles out of your hands while still providing the functionality.
- Being able to access IP blacklists and community threats through the OTX functionality allows you to identify known bad external actors and correlate with internal network activity.
- There are a ton of built-in reports, however there is not a lot of guidance available on building customized reports, and the tools are not as robust as I would like.
- Plug-ins are available to parse syslog from different devices, but in my case at least none were available/up-to-date for my particular brand of hardware. Writing your own plug-ins is difficult and time consuming.
- Pre-sales set up support is fantastic, but once the sale is done if you need configuration support instead of technical support you're expected to pay separately. Not enough documentation available for tweaking and problems.
- OSSEC, Snort and GFI
We previously had GFI LanGuard for the vulnerability management, GFI EventsManager for SIEM, and various open source tools such as OSSEC and Snort. These were all very time consuming to manage and finetune. AlienVault USM replaces all of these with one unified console, plus it offers additional features with the OTX feeds and net flow monitoring.