AlienVault USM
Overall Satisfaction with AlienVault Unified Security Management
AlienVault currently acts as the network IDS and SIEM engine for the organization. Keeping track of network traffic and correlating that to events that occur within the network is invaluable with the current level of cyber threats making the news almost weekly. The IT department has gained some incredibly valuable data from the AV-USM since its deployment in February of 2015.
Pros
- AlienVault does a great job of tying network data together with log information to generate alerts that actually matter. The correlation engine within AlienVault is quite impressive. The overall end result comes from a number of locations- from firewall data to windows logs and netlow, the USM provides tons of data in a simplistic user interface.
- The deployment and ease of use within AlienVault makes for an intuitive and easy to understand network device.
- The Open Threat Exchange (OTX) network also provides an easy way to collaborate with other security folks in the community.
Cons
- The documentation can be spotty at times. Finding what you need to understand how to take full advantage of the appliance can be a bit difficult at times.
- The vulnerability scanning within the USM is a nice feature that doesn't execute well. Getting the scans to complete in a timely manner- or at all sometimes- can be a pain. There are other scanners out there that do a much better job of finding the holes than this.
Comments
Please log in to join the conversation