Overall Satisfaction with AlienVault USM
We have a large campus with multiple IT support departments spread across it. Using AlienVault Unified Security Management, we are able to collect, interpret, and act upon log information from hundreds of devices all over campus. The ability to get intel on traffic crossing the network allows us to see threats before they cause damage, and the automated actions we can code using correlations (that we can also define ourselves) allows us to address those threats in a timely manner. AlienVault Unified Security Management is highly customizable and we have yet to come across a device or service that we can't interface with it.
- Correlations out of disparate data sources.
- Wide range of utilities baked in.
- Not scalable to very large networks.
- Requires lots of tuning to squelch false positives.
- Is not easily backed up.
AlienVault Unified Security is too expensive for small operations and not scalable enough for very large operations. I would recommend this for companies that have maybe five thousand hosts at most, and no less than a few hundred. This software works better in environments where security is the top priority, rather than the ability of users to BYOD and browse the internet freely.