Overall Satisfaction with AlienVault USM
We use AlienVault Unified Security in the security operations department. We monitor traffic for the entire university campus and are looking at ways to allow departments to gain access and/or visibility at their level. We use it for asset discovery, SIEM, vulnerability scanning and as an intrusion detection system (IDS).
- The IDS works surprisingly well. Bumping the results up against APT specific devices, AlienVault catches a large percentage of that traffic.
- I love the open threat exchange (OTX). While we use several professional feeds, the OTX is fairly robust and provides a decent threat feed.
- I think the frequency of updates is great as well. I like knowing that there is a team of folks constantly trying to improve the product.
- I think the native reporting for vulnerability scanning is not very clean and does not effectively display the information our analysts are looking for. It's there, just not clear.
- I think the policy rule structure is a little convoluted. It works, but it has a learning curve.
- I wish that scanning was just automatic for assets rather than having to schedule a scan.
- Damaballa and FireEye
AlienVault Unified Security does surprisingly well as an IDS as well as a capture tool for malware. It does have some intel with the OTX so that is helpful. So, there are some overlaps but my comparison is like the bell curve. AlienVault catches that 60-70% range of the middle stuff, but not necessarily the fringes. That's what the other tools do in conjunction. But obviously, AlienVault Unified Security has the SIEM piece which is a huge win.