AlienVault helps scan for bad behavior not just known threats.
November 20, 2015

AlienVault helps scan for bad behavior not just known threats.

Greg Baugh | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with AlienVault Unified Security Management

We are using AlienVault for host based intrusion detection, log aggregation and screening, network monitoring, and vulnerability assessments.
  • Host based Intrusion detection works well on Windows servers, and monitors for a number of security related events. Also contains event log monitoring.
  • Ease of deployment to Windows Servers.
  • Ability to add custom plugins when needed.
  • Log file normalization.
  • Integration with Open Threat Exchange, and use of IP reputation information.
  • There is a lot to it. This is a strength and a weakness. This is a powerful set of tools, it can take a little work to understand everything it can do.
  • Navigation can be a bit tricky, i.e. I know it does this, I have seen that option before, but where is it.
We have used some other Intrusion Detection Systems, and made other attempt at log file aggregation and event management, but AlienVault brings these tools and more together under one appliance.
AlienVault has detected suspicious activity before our antivirus software could, seeing the activity prior to the scan or prior to a virus definition being written. It has also reported a number of vulnerabilities we did not know we had, and in some cases helped us to trouble shoot bad settings, and faulty programs by showing us the suspicious activity. It looks at activity and behavior, not just comparing programs to a list of known viruses.
We would never have the time to develop tools for all the activity it looks at, or know what patterns to look for. The threats and IP reputation information are always being updated, and shared with others in the OTX.
Cost and complexity are always concerns, but If you buy the right package and deploy it correctly it can cover any environment. There are simple deployments, complex deployments, and even manged deployments. It can cover your needs if set up correctly.

I would like to see automated responses, other than alerts. I believe they may be working on this, so that it can actually take action not just warn you of the incident.