In Aliens We Trust
Overall Satisfaction with AlienVault Unified Security Management
AlienVault Unified Security Management is the main SIEM device in our organization. Primary use is in collecting our fw / IDS / security devices logs, to obtain enriched information on security scenarios and general status. We've got a special interest in the Environmental Awareness alerting functions, by which we have spotted some misconfiguration cases inside our IT infrastructure. We are experiencing some difficulties in making custom plugin datasources behave like the officially supported ones: alerting and correlation features are not working at their best, so we are trying to workaround that issue. Except for this, we definitively love AlienVault USM :)
Pros
- Simple and easy deployment
- Powerful correlation features
- A complete tool to deploy in poor security scenarios
Cons
- There is some difference in working with official plugins rather than custom ones
- No visual flagging is possible in SIEM events, so working cuncurrently is hard
- We don't agree with using 2 different storage technologies for security database and logger database
- Splunk, HP Arcsight and McAfee Enterprise Security Manager
We are a SMB security firm, so we have a focus on analyzing complex events/ attacks trends, possibily leveraging not-so-expensive security products: AlienVault USM has a perk on that, by delivering an essential but state-of-the-art analysis environment.
Comments
Please log in to join the conversation