Champ for SMBs
Overall Satisfaction with AlienVault Unified Security Management
We are a MSSP company and we use AlienVault Unified Security Management to provide SOC services to our clients. It's also used for the internal SOC at Ebryx.
- Packaging opensource components like OpenVAS, Nagios, Nmap into one working bundle.
- Makes it easy to operate a SOC with one or few analysts.
- It has a minimal entry barrier to get started.
- Can't group few SIEM entries and create a ticket that points back to a group of selected events.
- The forensic evidence i.e. traffic pcap is very limited. It should at least provide some more traffic around that time.
- It should have data source plugins for all popular antivirus suites to ingest antivirus alerts and events
- HP ArcSight
I've evaluated HP ArcSight but it's very costly.
Using AlienVault Unified Security Management
Only the SOC team makes use of AlienVault Unified Security Management for monitoring the network.
3 - The SOC guys have fundamental network security monitoring (NSM) training.
- Intrusion Detection
- Log Analysis for security alerts
- SIEM
- None at the moment
- Log archive for security audits