AlienVault USM- Beginning Thoughts
Overall Satisfaction with AlienVault Unified Security Management
We are currently using AlienVault Unified Security Management across our entire enterprise. We are using it to correlate and store logs from all devices to monitor for network and host intrusion detection. We also use it to do our vulnerability assessment, as well as our network inventory. It's part of our layered approach to security monitoring.
Pros
- The AlienVault NIDS has proven to be very valuable in helping us identify traffic on our network. It has identified unauthorized traffic that was going out of our network.
- The alarms generated from our realtime events have helped us to respond to and track our responses.
- It has helped us with change management with realtime updates to any changes in configuration.
Cons
- Inventory is terrible. Expect to spend some time fixing details on your inventory. This is particularly frustrating as often vulnerabilities are tied to specific versions of Windows or software. I mean there is a world of difference between Windows 7 and Windows 98. Its inability to differentiate is a big issue.
- I would like to see the alerting functionality improved. Such that if you see an alarm that you want to be notified about every time it happens you can just right click on and say alert me next time this event happens.
- AccelOps
The only reason we didn't go with AccelOps is because it lacked NID/HID functionality. It would have required us to purchase additional products to reach the completeness of the AlienVault solution.
Using AlienVault Unified Security Management
2 - It Security
1 - You need the skills of a network administrator and a sysadmin as well as that of a security administrator. You will need to be able to interpret the alarms that AlienVault is generating. In theory you will need someone who has had broad exposure to the IT world in order to facilitate understanding of what is happening.
- Network intrusion detection
- Host Intrusion detection
- Malware/Trojan/Etc. detection
- We've used it to validate some of our Regulatory requirements. as In we performed this exercise was AlienVault able to detect that activity
- We've used for network change management. When It makes a change Security is notified and IT has to signoff that they made the change.
- IF they ever get the asset discovery to the point where it's accurate, we can see using it for inventory.
- We would like to use it to alarm us when a new piece of equipment is connected to the network. I suspect that is in there already. Haven't figured out how that would be accomplished yet.
Evaluating AlienVault Unified Security Management and Competitors
- Product Features
- Product Usability
- Third-party Reviews
Usability was a big factor in our decision making process. There is no need for a product that those who have to use can't use it or find it clunky to use. AlienVault does provide a very workable user interface, and it helps that the underlying technology behind the product has been proven to work over time.
If I had to redo it again I probably would end up picking AlienVault with all things being the same with AlienVault and it's competitors.
AlienVault Unified Security Management Implementation
- Implemented in-house
Change management was minimal - IT showed us how much change does happen on our network and we don't always know in advance...
- Training and approvals
AlienVault Unified Security Management Support
Pros | Cons |
---|---|
Quick Resolution Good followup Knowledgeable team Problems get solved Kept well informed No escalation required Immediate help available Support understands my problem Quick Initial Response | None |
Yes - It makes since to get premium support for a product of this nature. I am by no means a Unix Guru and the underpinning of Alienvault is Nix. I have found that you will occasionally need to go into that Unix side. I frankly rather have a very knowledgeable support staff going in there with me. For the first year anyway it's well worth the money.
I was having an issue where after i Upgraded to 5.1.1 where the video vanished. You would boot up see the bios and nothing after that. It turned out to be a Bug in 5.1.1 and 5.2. I opened a ticket and within an hour I believe i had a tech on the phone and he knew exactly what the issue was and the workaround. The speed to resolution was frankly amazing.
Using AlienVault Unified Security Management
Pros | Cons |
---|---|
Like to use Relatively simple Well integrated Consistent Convenient Feel confident using Familiar | Difficult to use Requires technical support Slow to learn |
- The directive events are fairly easy to adapt to your environment
- Deployment of HIDS was very simple. This is in a windows environment
- The asset discovery is particularly cumbersome as it's inaccurate, and you end up spending lots of time fixing it.
- Vulnerability assessment caused many issues with our printers. We ended up having to skip our printers and the way to do that is very cumbersome. instead of being able to say exclude these IP's you had to only include the IP's you wanted inventoried by listing the subnets xxx.xxx.xx.xxx/xx you wanted included.. a lot of /32's
Comments
Please log in to join the conversation