Item: AlienVault USM
Rating: 8
Author: James Ellsworth

Use Cases and Deployment Scope

The implementation of AlienVault Unified Security Management was the result of a network wide virus infection and not knowing where the virus originated required that all servers and workstations be scanned for infection. The system was deployed across the entire network for a centralized point of administration verifying network integrity and system security protocols.

Pros and Cons

Real-time access logs and scanning. Once the system was installed and configured it allowed our company to find that the network was being hit with a continued bruteforce attack. With this discovery we made a few changes for our remote users and reduced the unauthorized outside access attempts.
Traffic monitoring. When first starting with the company part of my assignment was to find why the network was so lethargic. With the AlienVault system I was able to see the time periods of heavy internet and data usage. With this information I was able to determine the highs and lows of user access.
OTX activity. After getting subscribed to the OTX community I was given frequent updates to the latest security threats and what to look for. To me the best aspect of the OTX activity monitoring is to know when the threat is directly affecting our network and keeping up to date on the threats.

Initial setup and administration. I came into this company after the utility was deployed and what I have found in our setup was that the ESXi environment in our setup does not scan the entire network. Having an initial setup assistance program for the installation.
Asset environment. In our current configuration we have all the servers and network appliances running with static ip's or reservations from our dhcp server, this works very well in our environment. What does not work well are the machines that are part of the dhcp pool, if the machines are configured as an asset and the ip address changes the description (identity) does not follow the device. I think that if we have the ability assign assets from the MAC address would eliminate this problem as I see it.
Kick-off program. As part of the service we where invited to join a kick-off event that I personally attended (virtual class actually) what I discovered from this class was a more advanced configuration than what I had expected to see. While in provided good information and virtual labs, I think if the class is a kick-off then it should be about the basic installation and configuration of the appliance. The time spent on configuring rules out weighed how to get information to be read from the sensors.

Alternatives Considered

I could not offer a proper evaluation of these systems. While I have configured the Solarwinds product, the time I have spent with AlienVault would not provide a comparable opinion.

Likelihood to Recommend

Having been familiar with Cisco Solarwinds and what information is provided with their application I expected a similar result. I believe that gearing the appliance to a very specific task would be a greater service to the customer. What I mean would be to have a smaller footprint, say for the user that is looking to just monitor network traffic and network access that would be a single service or installation. Also, having another that would exclusively work with and integrate with virus software and provide central administration for the companies NOT using a server and endpoint environment.

My question to be asked, "Ultimately what do you expect to see the appliance provide you?"

Products Replaced

Implementation Rating

The best recommendation I can offer is understand the system that is being installed. Knowing how to configure and specific expectations that you expect from the machine. I would say to watch the tutorials and the online video's, get yourself involved with the community forum and ask the questions if you do not understand.
Our company did not make the best choice on the computer that the service was installed on and it has led to some adverse effects that did not appear until now, almost 2 years later and needing to re-install the entire system all over again.
If you need the help, ask for it. The technical support team at alienvault and community forum members are always there to answer questions.

Support Rating

I have a 50/50 rating on this because they have been helpful in one aspect but not in another. They seem to be fairly responsive to requests, but like with my most recent request no solution offered. that is not truly a fair statement, but rather no solution unless I agree to pay additional fee's. From conversations with both our sales rep and another representative they both indicate that we have 3 years of extended support, but the problem reported to them is not covered under our support agreement.

AlienVault USM Customer Support Pros and Cons

Pros	Cons
Kept well informed Support understands my problem	Problems left unsolved

Bug Resolution

Exceptional Examples of AlienVault USM Support

Not sure if this an AlienVault thing directly or not. Working with our consultant Shawn he was able to create a custom plugin for our QNAP Enclosure to support my sys log from the device. It was crucial for us to read these logs and since all other event logs are going into AlienVault this was an ideal situation. After gathering some info logs from the QNAP device Shane had a plugin created for me in 2 days and deployed. That was an invaluable effort on the part of AlienVault and Shane.

Usability

The product once properly configured seems to offer a wealth of information but has it's issues. I feel that the initial setup/ installation should include technical support to get up and running. My personal experience from the configuration as installed indicates that the network adaptors are not properly configured to read information. The network ports where configured to only ready 1/2 the network?? So having help to get the system up and running should be part of the initial purchase.

Usability Pros and Cons

Pros	Cons
Like to use	Unnecessarily complex Difficult to use Not well integrated Inconsistent Slow to learn Cumbersome Feel nervous using

Easy Tasks

Real-time scanning
OTX activity
Easy to read dashboard

Difficult Tasks

Configuring the ESXi network adaptors
Understanding how to create rules
Not knowing what many of the rules meant or what they do.

Please log in to join the conversation

Tami Andrews
(Vendor Representative) commented 7 years ago
James - Thank you so much for the updated review. The feedback you've provided is invaluable to the AlienVault team.
Skylar Talley
commented 7 years ago
Hi James! To echo Tami's comment, we really appreciate the feedback! I've passed your comments concerning our training programs to our Senior Director of Training. In regards to the issues with asset scanning in your particular environment, it's unfortunate that we weren't able to catch these together sooner. I'm sure if you had been a part of the initial implementation, the customizations needed to support your particular VMware configuration would have been addressed much sooner. In addition, I wanted to let you know that we are actively working on better support for environments that utilize a DHCP pool. Once we have something prototyped, I may reach out to you to get some initial feedback. Please let me know if you'd ever like to jump on the phone with the Product Team and thanks again for the review!

Don't be afraid of this Alien.

Overall Satisfaction with AlienVault USM