This is One Alien You Want on Your Team
October 02, 2015
This is One Alien You Want on Your Team
Score 9 out of 10
Vetted Review
Verified User
Software Version
V 5.1.1
Modules Used
- SIEM, FIM, Vuln Scanning
Overall Satisfaction with AlienVault USM
I have used individual products in previous jobs for log collection, file integrity, and vulnerability scanning. Most were very complicated and time consuming to set up and manage. With AlienVault Unified Security Management, I was intrigued with an all-in-one concept, which so far as proven to be extremely beneficial. It does take time to thoroughly learn and manage correctly, but having it all in one place is better than trying to piece three different components together. For example, I enter all assets / devices once into the system, not three times. Presently I use it across our entire organization, and most definitely for our in scope devices in our PCI compliance effort. Being able to group the specific devices for PCI is helpful, as is the reporting on those devices.
- As far as setting up the product for log collection, it's fairly straight forward and relatively painless. After walking through the setup wizard for the main appliance, pushing out the agents to all your windows devices is quick and easy. Some tweaking needs to be done once deployed, but overall the process is better than what I have experienced in the past with prior companies.
- The vulnerability scanning aspect of AlienVault is once again very straightforward. Since assets are already in the system for SIEM, it's great to be able to immediately run an scan on a single device, a group of devices, a specific network, or the entire organization. It also gives you the ability to run a lighter scan or a deeper scan.
- FIM is a little more involved for getting setup, but once it is, it seems to produce the results you are most likely looking for. Other products provide more in depth analysis, but tend to be too complicated to configure accurately. With AlienVault, it gets the job done without too much hassle.
- Having a dashboard for all components in one place again is extremely helpful. One login to see everything you need from basic events to critical alarms
- Although the wizard for setting up the appliance was good, for me personally, I decided to not push out the agents to all my devices. When it came time to do that, I had to install them one by one. I wish there had been more explanation regarding that. A change has since been made so that you can push the agents out with one click, but I hear that functionality still needs improvement. So I think more detailed documentation during setup would be helpful.
- The way FIM works is a bit different than others, and I had some difficulty initially getting it setup correctly. Again I think more documentation regarding FIM would be helpful, in addition to some examples of best practices on what to monitor
- A lot of my initial concerns have already been addressed or will be addressed in newer versions that are in development. In working closely with professional services, as concerns arise and mentioned, I am usually informed that whatever I have found is a known issue or a feature that is widely needed, and being worked on has we speak.
Although each of the products I have previously used are great products, I found that they were much harder and time consuming to not only set up, but to configure and filter. AlienVault was a better selection for me since I presently am a one man security shop at my employer and don't have the time nor resources for a more complicated solution.