Overall Satisfaction with AlienVault Unified Security Management
We are using AlienVault for host based intrusion detection, log aggregation and screening, network monitoring, and vulnerability assessments.
- Host based Intrusion detection works well on Windows servers, and monitors for a number of security related events. Also contains event log monitoring.
- Ease of deployment to Windows Servers.
- Ability to add custom plugins when needed.
- Log file normalization.
- Integration with Open Threat Exchange, and use of IP reputation information.
- There is a lot to it. This is a strength and a weakness. This is a powerful set of tools, it can take a little work to understand everything it can do.
- Navigation can be a bit tricky, i.e. I know it does this, I have seen that option before, but where is it.
- StillSecure and Cisco Sourcefire SNORT
We have used some other Intrusion Detection Systems, and made other attempt at log file aggregation and event management, but AlienVault brings these tools and more together under one appliance.