In Aliens We Trust
November 28, 2015

In Aliens We Trust

Giuseppe Trolio | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Overall Satisfaction with AlienVault Unified Security Management

AlienVault Unified Security Management is the main SIEM device in our organization. Primary use is in collecting our fw / IDS / security devices logs, to obtain enriched information on security scenarios and general status. We've got a special interest in the Environmental Awareness alerting functions, by which we have spotted some misconfiguration cases inside our IT infrastructure. We are experiencing some difficulties in making custom plugin datasources behave like the officially supported ones: alerting and correlation features are not working at their best, so we are trying to workaround that issue. Except for this, we definitively love AlienVault USM :)
  • Simple and easy deployment
  • Powerful correlation features
  • A complete tool to deploy in poor security scenarios
  • There is some difference in working with official plugins rather than custom ones
  • No visual flagging is possible in SIEM events, so working cuncurrently is hard
  • We don't agree with using 2 different storage technologies for security database and logger database
We are a SMB security firm, so we have a focus on analyzing complex events/ attacks trends, possibily leveraging not-so-expensive security products: AlienVault USM has a perk on that, by delivering an essential but state-of-the-art analysis environment.
No doubt on that, AlienVault USM makes the difference when you have to address security controls and processes in SMB companies - there are situations in which security is often mistreated, by using old, or poor, instrumentation.