December 04, 2015
Score 8 out of 10
Overall Satisfaction with AlienVault Unified Security Management
AlienVault USM is used across large portions of our network to address network intrusion detection, host intrusion detection, file integrity monitoring, vulnerability assessment, and security information event management.
- I view the primary strengths of AlienVault as flexibility, unified management, and cost-effectiveness.
- Flexibility: The systems are Linux-based and the customer is afforded the latitude to customize and build upon the foundation provided. One is only limited by imagination and scripting knowledge.
- Unified Management: Within a single pane of glass a security analyst may monitor and investigate correlated events from an array of log streams across the organization, deploy Host Intrusion Detection agents, deploy and customize File Integrity Monitoring, execute Vulnerability Assessments, accept input from Threat Intelligence feeds, and utilize correlation to "bubble-up" what needs to be addressed.
- Cost Effectiveness: Take a look at the cost and complexity of deployment and ongoing maintenance for SIEM, NIDS, HIDS, FIM, Vulnerability Assessment, & Log Management technologies. Wrapping them up into a single package for deployment and maintenance is a very attractive option.
- AlienVault's strengths may also result in its weaknesses. This is a bleeding-edge product based on open source technology and mentality. Beneath the interface lies a suite of opensource products whose versions may not be ready for prime time. New versions appear to be released without the extensive testing expected from more main-stream closed source products. Using the product to its fullest will result in frustration with bugs and some components which flat out don't work as intended. The interface and functionality provided lacks "polish".
In my opinion, for each component found within AlienVault you'll find better functionality within a different commercial product. QRadar's SIEM will be faster, Arcsight's parsing superior, Tripwire's FIM more robust, and Sourcefire's detection unparalleled. What you get with AlienVault is good capability within all of those areas in a single package that is infinitely customizable. This results in greatly reduced cost and administration providing you have people with the interest and skill set to take advantage of it.
This product, at its current maturity level, would be well-suited for a small to mid-sized organizations looking to save on the cost and complexity of deploying the myriad of technologies that AlienVault Unified Security Management provides. Having highly skilled security analysts to configure and maintain the system is a must.