Russian looks for USM
Updated May 26, 2017
Russian looks for USM
Score 7 out of 10
Overall Satisfaction with AlienVault USM
It adresses meeting PCI DSS compliance. It used only in the department of IT security.
- It deployes very easy and fast.
- It provides not only SIEM. It delivers very good benefits with the vulnerability scanner and NIDS/HIDS.
- It has an OS based system, so you can add any changes in to the system and add additional functionality.
- Open Threat Exchange (OTX) is a very good idea to get information about the newest vulnerabilities and malicious hosts.
- Threre is multilevel role administration.
- As a virtual appliance it delivers a near to full view of security of the company.
- There are no other supported languages - only English and Spanish. OSSIM has more languages.
- AlienVault Unified Security Management uses the "latin1" alphabet, which gives Eastern Europe very big problems with logs (there are shown wrong and can't be correlated), for example to work with the Cyrillic alphabet.
- There is no possible way to see what signatures in which modules were updated.
- It's not possible to disable an alarm for current values in current type. It does not support the ability to disable a group of alarms with play load.
- The price with multi tier and disturbed infrastructure going for 150k USD, it very expensive and in this price [range] there a lot of good competitors.
- Raw logs search works very slowly.
- There is no way to work with Suricata signature with user interface.
- The opportunity with company is very very bad. The company manager doesn't give partners a Not For Resale license of products for webinars, demonstration to customers to add changes in system and other.
- Sales managers have low qualifications in information security sphere.
- AlienVault Inc. doesnt do anything to improve product quality with partners. We made a patch to AlienVault USM that fixes problems with Cyrrilic and we wanted to give this solution to development team of AlienVault, but they aren't interested in this.
- There is no documentation for OSSEC corelation. No inforation in interface, no example.
- HP Arcsight
It's all because of price. Price for virtual deployment is really good and cheap. The update costs for every year are also low, nearly 30% of first year license price. So few companies often look for USM. Also there an AlienVault Labs, that look like they working, but it's not possible to check how they are working. Because maybe they are only using some outsourced threat feed updates.
It's very good for PCI DSS 3.0 compliance. It's fast deploying and cheap to go through the auditors. Usually people who have used OSSIM, transfer to AlienVault Unified Security Management very easily, because they need to work with logs in PCI DSS. There is no possible way to use the solution with SCADA. This is too hard to integrate in Eastern European countries because there is no support for distribution companies and no support of the Cyrillic language and alphabet.