AlienVault - Value for the Money
Updated October 26, 2017
AlienVault - Value for the Money
Score 6 out of 10
Overall Satisfaction with AlienVault USM
AlienVault Unified Security Management is utilized internally by our company, as well as our clients, as a central cog in the wheel of information security management. The main problem we were trying to address was to have information security visibility that was easily scalable and cost effective. By utilizing AlienVault USM we were able to check those boxes.
- Value proposition - AlienVault is a package of tools that perform functions that pretty much every business needs including security information event management, intrusion detection, vulnerability scanning, availability alerting, and reporting.
- Stability - Considering the multiple functions this software performs, stability and availability have been pretty good for us.
- Plugins - There are some plugins that aren't out of the box or some tweaking is required to get the reporting correct.
- Reporting - This can be a garbage in/garbage out scenario for our clients that use this. Some of the reports aren't applicable depending on the information being collected and the canned reports can have gaps. There's a good base of content to do custom reports, but other products seem to do reporting better and more coherently out of the box.
- Menu layout - Minor gripe, as for day to day tasks the layout is fine, but for some administrative and configuration tasks there is a bit of hunting to do and drilling down to be able to get to the right spot so you can perform your task.
- Integrated Threat Intelligence - The industry is changing and this is where we've had to turn to additional threat feeds and other vendors for help.
Comparisons with other products can be tricky, since AlienVault packs a lot into its product, and that essentially is its main strength vs. the competition. For people just looking for SIEM like functionality it is definitely compatible to other products, but some of the traditional SIEM products have more polished dashboards. There are some areas such as advanced malware prevention for which you will need another product such as Cisco's FireSight AMP or FireEye. As an example, with Cisco's acquisition of Sourcefire they got a pretty decent front end for their IPS, and their advanced malware is a pretty good product. We've found by utilizing AlienVault we have budget left for purchasing one or two specialized tools that give us a broad range of coverage, vs. trying to purchase multiple separate products to meet our needs.
AlienVault Unified Security Management works in an environment where an all in one solution is preferred, or in an environment where additional security tools such as IPS/IDS, SIEM, and vulnerability scanners are still needed. Unfortunately while AlienVault may be a cost effective choice for the SMB area, I would say it has rapidly fallen behind in being able to innovate. Other SIEM vendors have come along to offer some level of security orchestration, and I'm not seein that with AlienVault.
AlienVault USM Support
Support is friendly but response time has been spotty. Also initially when we signed up there was a lot of pointing us at the documentation, which has been spotty and ad-hoc for what is supposed to be a commercial product. Overall the feel of AlienVault and the support has been of a very new and startup company that is trying to grow up out of it's open source roots, and I'm not sure if they've totally been able to make the transition to being able to meet the expectations of the enterprise customers.