AlienVault is a very good investment
No photo available
Updated July 27, 2017

AlienVault is a very good investment

Score 9 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with AlienVault USM

It'a very good product to manage and monitor the network. It's very powerful; it has to be well configured.
The support is available to help if needed!
It helps to better understand what happens on the network as well.

  • Monitoring: The possibility to monitor all devices of your network with SNMP management
  • Vulnerability scan: Very simple and powerfull feature. It scans your network and gives you all device vulnerabilities on your LAN.
  • Nagios module: Integrated Tools in AlienVault Unified Security Management Platform. Very useful to have all theses tools in one place.
  • False positive: there are still too much false positives detected when we use the alarm module. A lot of packets are caught in severity medium or high but are not threats. It is just standard traffic.
It unifies a lot of network tools in one product including Nagios.
AlienVault has proved today again how effective the threat intelligence tool is. Despite the false positive alerts, AlienVault put the finger on attacks and threats. It gives you details and network captures about the attack. It is very useful and efficient to work with AlienVault.
In our case, it didn't reduce the work, but now we can do things that we couldn't yesterday without AlienVault. Every time there is an attack, with AlienVault we have traces and capture that we can analyse to have more knowledge about what happened and how to prevent future attacks.
AlienVault Unified Security Management is well suited in a complex LAN infrastructure.
AlienVault Unified Security Management is less appropriate in a small network.

Using AlienVault USM

2 - System and network administrator and a system and network manager.
We are using the product to supervise the network.
Every time we have needs on the product we have to call the support [team].
  • Security threats
  • Log tracks
  • Alerts
  • To generate attack list before the weekly security meeting
  • Alert every time there is a change in AD or in the firewall
It is complicated and time consuming to configure and use.

Evaluating AlienVault USM and Competitors

  • Price
  • Product Features
  • Product Reputation

AlienVault USM Implementation

Our in house technician didn't finish configuring AlienVault.
Yes - installation
configuration
quick training
Change management was minimal
  • Configuration on our infrastructure

AlienVault USM Training

  • Online training
  • Self-taught
It is a good training, but 1 day is definitely not enough to be able to use the product. 5 days training is from my point of view the minimum to get the minimum knowledge.
According to me, minimum training is inevitable.

Configuring AlienVault USM

I don't think that the product's configurability is too limited or too extensive but for sure it's complex. There is no way to configure it without a proper training.
If there is more than one person using AlienVault in the company I would recommend writing "best practices" documentation to do things the same way.
No - we have not done any customization to the interface
No - we have not done any custom code
I haven't really done any customisation so far. But I certainly will.

AlienVault USM Support

Good support
ProsCons
Quick Resolution
Good followup
Knowledgeable team
Problems get solved
Kept well informed
No escalation required
Support understands my problem
Support cares about my success
Quick Initial Response
Difficult to get immediate help
Yes - the support told me that it should be resolved in a future update. Not done yet...

Using AlienVault USM

It can be easy to use but it depends what you want to do.
ProsCons
Like to use
Well integrated
Difficult to use
Requires technical support
Slow to learn
Cumbersome
Feel nervous using
Lots to learn
  • List the past attacks
  • Sending an email with understandable details of the event every time it happend

AlienVault USM Reliability

The product's overall scalability seems very good. With this kind of tool, the potential is nearly infinite.

AlienVault Unified Security Management is definitely available when I need it. The only problem is the glitch with the vulnerability scan that works only once and then you need to restart the appliance to run a second time. It's not really handy when you want to scan your network. The support team said that it should be fixed in a future version.
AlienVault Unified Security Management's overall performance is good.
Reports complete in a reasonable time frame.
AlienVault Unified Security Management integrates with any other software or systems, and does not tend to slow them down.

Integrating AlienVault USM

It is very complicated to configure
  • Active directory
  • Firewall
  • Switch
All logs are routed to AlienVault.
  • SNMP traps of all network devices
Yes
Do the training before you use it.

Relationship with AlienVault

Upgrading AlienVault USM

Yes - It went smoothly and with minimal down time.
There were no unexpected impacts.
  • fix the glitches still not fixed.