Don't be afraid of this Alien.
Overall Satisfaction with AlienVault USM
The implementation of AlienVault Unified Security Management was the result of a network wide virus infection and not knowing where the virus originated required that all servers and workstations be scanned for infection. The system was deployed across the entire network for a centralized point of administration verifying network integrity and system security protocols.
Pros
- Real-time access logs and scanning. Once the system was installed and configured it allowed our company to find that the network was being hit with a continued bruteforce attack. With this discovery we made a few changes for our remote users and reduced the unauthorized outside access attempts.
- Traffic monitoring. When first starting with the company part of my assignment was to find why the network was so lethargic. With the AlienVault system I was able to see the time periods of heavy internet and data usage. With this information I was able to determine the highs and lows of user access.
- OTX activity. After getting subscribed to the OTX community I was given frequent updates to the latest security threats and what to look for. To me the best aspect of the OTX activity monitoring is to know when the threat is directly affecting our network and keeping up to date on the threats.
Cons
- Initial setup and administration. I came into this company after the utility was deployed and what I have found in our setup was that the ESXi environment in our setup does not scan the entire network. Having an initial setup assistance program for the installation.
- Asset environment. In our current configuration we have all the servers and network appliances running with static ip's or reservations from our dhcp server, this works very well in our environment. What does not work well are the machines that are part of the dhcp pool, if the machines are configured as an asset and the ip address changes the description (identity) does not follow the device. I think that if we have the ability assign assets from the MAC address would eliminate this problem as I see it.
- Kick-off program. As part of the service we where invited to join a kick-off event that I personally attended (virtual class actually) what I discovered from this class was a more advanced configuration than what I had expected to see. While in provided good information and virtual labs, I think if the class is a kick-off then it should be about the basic installation and configuration of the appliance. The time spent on configuring rules out weighed how to get information to be read from the sensors.
I could not offer a proper evaluation of these systems. While I have configured the Solarwinds product, the time I have spent with AlienVault would not provide a comparable opinion.
Evaluating AlienVault USM and Competitors
AlienVault USM Implementation
AlienVault USM Support
Pros | Cons |
---|---|
Kept well informed Support understands my problem | Problems left unsolved |
Not sure if this an AlienVault thing directly or not. Working with our consultant Shawn he was able to create a custom plugin for our QNAP Enclosure to support my sys log from the device. It was crucial for us to read these logs and since all other event logs are going into AlienVault this was an ideal situation. After gathering some info logs from the QNAP device Shane had a plugin created for me in 2 days and deployed. That was an invaluable effort on the part of AlienVault and Shane.
Using AlienVault USM
Pros | Cons |
---|---|
Like to use | Unnecessarily complex Difficult to use Not well integrated Inconsistent Slow to learn Cumbersome Feel nervous using |
- Real-time scanning
- OTX activity
- Easy to read dashboard
- Configuring the ESXi network adaptors
- Understanding how to create rules
- Not knowing what many of the rules meant or what they do.
Comments
Please log in to join the conversation