AlienVault USM, a perfect ally for MSSP
Updated November 20, 2017

AlienVault USM, a perfect ally for MSSP

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review

Overall Satisfaction with AlienVault USM

Cable and Wireless offers our customers across the Latin America and Caribbean region a Security Monitoring service which is based on AlienVault USM technologies. We deploy sensors and servers on different customer locations and collect the alarms generated by those devices on a centralized AlienVault Federation Server which is continuously monitored from our SOC. The SOC analysts asses all the generated alarms and based on their knowledge and they provide the customer with the necessary visibility and corresponding information in order to know how to respond to a security threat or security incident.

We at C&W also use AlienVault USM technologies in order to monitor our network and datacenter infrastructure across the Latin America and Caribbean region.

AlienVault technologies has allowed us to offer a managed SIEM service
which is affordable and reliable, and can be provisioned in order to fulfill specific needs as all of our customers have different requirements and

  • AlienVault USM provides enough flexibility when collecting logs and monitoring systems that are not supported by default.
  • AlienVault USM has five different security monitoring capabilities that are focused on monitoring the health of a network and network systems and are included by default. Other SIEM vendors need to integrate additional products in order to generate the same visibility, which can make a project more complex and more expensive.
  • OTX has improved significantly the visibility of the existing threats and this information is not only valuable for the operation of the service we offer but it can be a great security ally for any other SOC.
  • As a young company, the documentation and support knowledgebase are still not completed and they can improve it in order to make an even better product.
  • As AlienVault comes from an open source product (OSSIM) the log collection relies on the use of third part agents (snare, nxlog, ossec), however regarding the professional version, there should be an Alienvault agent that could collect logs from different datasources. This will give our customers piece of mind as they will notice that even the agents are part of the same product they acquired.
When we evaluated other similar products (Arcsight, Envision, Q1, Nitro) we had into account the flexibility, features, the product development roadmap and the TCO. Other vendors offer a good product but were a lot more expensive and this made it very difficult to offer a managed SIEM service. Also the level of involvement that our company has on the product could not be the same with other product as other security vendors just offer their own professional services, which in our case is one of the principal and key points that makes us different from the competition; we know what we are offering as we truly understand and manage the product. We are not just a re seller.
The existing AlienVault USM appliances are somehow small (in terms of EPS capacity). There are scenarios where the EPS count will need a distributed AlienVault architecture, however with other vendors it can be managed from a single appliance. This characteristic is fine when we talk about several small branches, however when there is only one large site, higher capacity devices are in an advantage position.

Using AlienVault USM

25 - They are involved on implementation processes, SOC, customer service center and engineering areas.
10 - All staff involved are Alienvault certified (ACSA, ACSE) and they also have experience and knowledge on different aspects of security and networking. They are required to speak english and spanish and they are also involved into computer security groups. Some of our staff is also certified as ethical hackers and CISSP.
  • For monitoring customer infrastructure and security.
  • For monitoring datacenter infrastructure and security.
  • For monitoring other critical infrastructure inside the company.
  • We have been able to focus the service to our customer's business. The flexibility it offers has allowed us to monitor datasources that no other SIEM vendor could offer.
  • We have been able to integrate the AlienVault USM technologies with other services that we already offered in order to come up with an improved version of already existing services.
  • We have been able to offer POC scenarios to our customers of a technology that is somehow difficult to deliver (other vendors do not offers POC and the customers have to buy the product without proving is what they need)
  • We are trying to deliver visibility and reporting from other services which have these features but are somehow limited.
Although we have had a few bumps on the road, we believe AlienVault is a strong vendor on the SIEM market and it has been continuously working to improve it's product with new features and better functionalities. As AlienVault is mainly focused on SIEM, other vendors offer a lot of other products and the roadmap is limited.

AlienVault USM Support

They do have an excellent support attention, however although they have improved a lot regarding documentation I think it can still improve their online resources.

Using AlienVault USM

It is easy to use and very flexible. It has a tons of security features that can be used for different purposes. It has several wizards that can make the configuration task a easy task.