For Managing Security through that Single Pane of Glass - Use AlienVault USM
Overall Satisfaction with AlienVault USM
AlienVault Unified Security Management is deployed for a part of our network, and is used to monitor network devices and a few servers with HIDS deployed. We do plan to deploy it across entire organization very soon. It gives an insight of what assets are present in the network, which otherwise are not known since we do not use any asset management tools. It gives a good picture of our network through net flow as well. HIDS is a very useful and powerful tool which reports all the activities and any suspicious behavior at the host level. It all works in a very good synergy. Reports and alerts are provided which are very useful to manage the security posture of the network.
Pros
- AlienVault Unified Security Management is very flexible to configure and collect information from devices, even those which are unknown to it via custom plugins. It can be highly customized to suit each organization's requirements.
- Open threat exchange (OTX) is a very important and useful feature which helps to trace the malicious IP with reputation back to its origin, so intent is clearly visible when analyzing security events. Pulses and IOCs are very interesting and useful as well.
- Reporting is very good, it has variety and huge options to choose from, though the output format has potential to improve.
- Policies and actions can be very useful for fine tuning the system.
Cons
- Ticketing system can be improved and integration with external ticketing systems can be made easier.
- Reports can be output in a number of formats such as MS Office etc.
- Creating of new policies can be directly provided from the the SIEM or events page. This will help in pre-population of data fields required to treat the events as either false positives or for writing actions for particular events. Currently, all the data fields have to be noted and included manually in the policy fields which can sometimes be erroneous.
AlienVault Unified Security Management solution is extremely flexible and customisable when compared to other SIEM tools such as Splunk, HP ArcSight, LogaRythm etc. The log collectors supported by most of the SIEM tools are mostly limited, and writing new collectors involves a lengthy and costly process sometimes. In the case of AlienVault Unified Security Management, custom plugins can be written by end-users with specific skills. Most of the other SIEM tools may or may not features such as vulnerability management, asset management, HIDS, NIDS, threat detection etc. AlienVault Unified Security Management provides all of these features and hence is a single pane of glass to manage the security needs of the organization in an extremely effective manner.
Comments
Please log in to join the conversation