AlienVault USM - Always watching, just let it know where to put the magnifying glass
Updated November 02, 2017

AlienVault USM - Always watching, just let it know where to put the magnifying glass

Anonymous | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User

Overall Satisfaction with AlienVault USM

We use AlienVault Unified Security Management for monitoring both within our own infrastructure as well as assisting other clients and customers implement and maintain AlienVault Unified Security Management in their own environments. We particularly use it for its purpose as a centralized log store and for the advanced correlation features to provide us specific and actionable custom alarms that we can specify, or by leveraging some of the couple thousand that are already in the product. It is fairly simple to get started, but like any good tool, its only as good as the user can configure it and it takes some maintenance to keep humming smoothly and giving you the alerts and actionable information you need. To make the most of AlienVault Unified Security Management, make sure you have a pretty thorough understanding of your surrounding network and other security tools that are in place. The more data you can get into the SIEM, the more intelligence you can get out of it. But make sure to prioritize the events you want to collect so that you don't drown in your informational events.
  • Easy initial setup.
  • Deep customization options for reporting, alerting, and custom actions.
  • Provides access to CLI for scripting capabilities and troubleshooting.
  • Limited disk resources (1.2 TB) means that you need to really understand and prioritize what logs you need if you have a larger environment.
  • Reporting is flexible, but more advanced grouping and customization options are desired.
  • When there is a higher event volume, SIEM event searching can slow down.
AlienVault Unified Security Management is the commercial version of OSSIM and features dedicated support, professional services, and MSSP partners. It also contains a more complete feature set for those looking to use AlienVault Unified Security Management in helping with compliance goals such as long term log storage. Having the support structure of the AlienVault team as well as the additional features that are added and supported with the commercial product were some of the key reasons that AlienVault was the right choice for us.
AlienVault Unified Security Management is an excellent product for medium to small businesses looking to get started in setting up a security and compliance program. It provides a wide array of features ranging from Host and Network IDS to basic vulnerability scanning. The product also provides an easy to use getting started wizard on setup that allows users using an all-in-one version of the product to quickly get a running start on getting deployed and monitoring their assets. For larger companies, it may be worth a look too, but careful consideration should be used if it's planned to be scaled out to a large number of systems and networks. AlienVault's architecture can be modular, but with the many special network configurations that come with larger environments come custom challenges that may take some work arounds to get the desired results out of the product.

Using AlienVault USM

Navigating the platform is really easy and quite intuitive . Reporting him scheduled reporting is easy to use and to set up with many options for report export; however, there are some limitations as to what type of grouping can be done within the premade report templates .