Don't be afraid of this Alien.
Overall Satisfaction with AlienVault USM
- Real-time access logs and scanning. Once the system was installed and configured it allowed our company to find that the network was being hit with a continued bruteforce attack. With this discovery we made a few changes for our remote users and reduced the unauthorized outside access attempts.
- Traffic monitoring. When first starting with the company part of my assignment was to find why the network was so lethargic. With the AlienVault system I was able to see the time periods of heavy internet and data usage. With this information I was able to determine the highs and lows of user access.
- OTX activity. After getting subscribed to the OTX community I was given frequent updates to the latest security threats and what to look for. To me the best aspect of the OTX activity monitoring is to know when the threat is directly affecting our network and keeping up to date on the threats.
- Initial setup and administration. I came into this company after the utility was deployed and what I have found in our setup was that the ESXi environment in our setup does not scan the entire network. Having an initial setup assistance program for the installation.
- Asset environment. In our current configuration we have all the servers and network appliances running with static ip's or reservations from our dhcp server, this works very well in our environment. What does not work well are the machines that are part of the dhcp pool, if the machines are configured as an asset and the ip address changes the description (identity) does not follow the device. I think that if we have the ability assign assets from the MAC address would eliminate this problem as I see it.
- Kick-off program. As part of the service we where invited to join a kick-off event that I personally attended (virtual class actually) what I discovered from this class was a more advanced configuration than what I had expected to see. While in provided good information and virtual labs, I think if the class is a kick-off then it should be about the basic installation and configuration of the appliance. The time spent on configuring rules out weighed how to get information to be read from the sensors.
Having been familiar with Cisco Solarwinds and what information is provided with their application I expected a similar result. I believe that gearing the appliance to a very specific task would be a greater service to the customer. What I mean would be to have a smaller footprint, say for the user that is looking to just monitor network traffic and network access that would be a single service or installation. Also, having another that would exclusively work with and integrate with virus software and provide central administration for the companies NOT using a server and endpoint environment.
My question to be asked, "Ultimately what do you expect to see the appliance provide you?"
Evaluating AlienVault USM and Competitors
AlienVault USM Implementation
Our company did not make the best choice on the computer that the service was installed on and it has led to some adverse effects that did not appear until now, almost 2 years later and needing to re-install the entire system all over again.
If you need the help, ask for it. The technical support team at alienvault and community forum members are always there to answer questions.
AlienVault USM Support
Kept well informed
Support understands my problem
Problems left unsolved
Using AlienVault USM
Like to use
Difficult to use
Not well integrated
Slow to learn
Feel nervous using