Champ for SMBs
November 17, 2015
Champ for SMBs
Score 8 out of 10
Overall Satisfaction with AlienVault Unified Security Management
We are a MSSP company and we use AlienVault Unified Security Management to provide SOC services to our clients. It's also used for the internal SOC at Ebryx.
- Packaging opensource components like OpenVAS, Nagios, Nmap into one working bundle.
- Makes it easy to operate a SOC with one or few analysts.
- It has a minimal entry barrier to get started.
- Can't group few SIEM entries and create a ticket that points back to a group of selected events.
- The forensic evidence i.e. traffic pcap is very limited. It should at least provide some more traffic around that time.
- It should have data source plugins for all popular antivirus suites to ingest antivirus alerts and events
I have encountered very few false positives while using AlienVault Unified Security Management.
Yes, AlienVault Unified Security Management not only has a very minimum entry barrier but it's also very effective and you don't need a large team to operate it. Even the casual IT guy can make best use of it with a few days of training.
It's well suited for companies where they have one or few security analysts. Even if they don't have any, the IT guy can easily learn the operations in less time and make use of it. It doesn't compete well with other SIEM solutions in the market like HP ArcSight as they have more integrations with other products like antiviruses and firewalls and have official plugins to fetch data from them.
Using AlienVault Unified Security Management
Only the SOC team makes use of AlienVault Unified Security Management for monitoring the network.
3 - The SOC guys have fundamental network security monitoring (NSM) training.