Purchased & Installed for Compliance
No photo available
March 29, 2016

Purchased & Installed for Compliance

Score 6 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with AlienVault Unified Security Management

We use AlienVault's UTM to help with our PCI compliance. We need a system that can centrally receive and inspect system logs, as well as run 'FIM' (file integrity monitoring) and provide an alert when something out of the ordinary occurs. AlienVault also has a built-in vulnerability scanner 'OpenVAS' that we use to scan for vulnerabilities within our Windows and Linux servers.
  • Overview of Log information from multiple sources (Trends, frequency, types)
  • Vulnerability scanning
  • Ticketing and Alerting
  • Extremely hard to set up
  • Hard to configure log filtering
We looked at LogRhythm, LogLogic and Splunk. LogRhythm and LogLogic are great products, but too expensive for a small environment; Splunk requires a lot of investment in time to set up and configure, so we went instead for AlienVault.
This is the first security tool that I've used of this type.
We are now spending more time on detecting and identifying threats than before; however AlienVault has given us new analysis tools and visibility that we simply did not have prior. We hope that AlienVault would alert and bring to our attention any usual activity within our systems, but I would not be confident in saying that it would definitely detect an intrusion.
AlienVault UTM is great for smaller organisations that need to meet compliance requirements, however it cannot be stressed enough that the cost of configuring the product should be considered as part of the initial purchase price. AlienVault does offer professional services for this very purpose, however their daily rate is high.

Using AlienVault Unified Security Management

2 - Security and compliance
2 - General IT abilities, plus we run AlienVault inside VMware so a basic ability to troubleshoot the VM.
In an ideal world, someone with IT security knowledge, and experience working with log files is the kind of person you need.
  • Central log collection
  • Log & event analysis
  • Alerting
  • File integrity monitoring
  • Network Intrusion Detection System
  • Vulnerability Assessment
It's the best product available to us right now, it gives us a lot of functionality that we need to meet compliance requirements at a reasonable price.

AlienVault Unified Security Management Support

They seem to really care, and take my questions seriously. I've never been left without a response and they track issues really well. In addition they can dial-in to our system and perform remote diagnosis.
ProsCons
Quick Resolution
Good followup
Knowledgeable team
Problems get solved
Kept well informed
No escalation required
Support understands my problem
Support cares about my success
Difficult to get immediate help
Yes - It is a mandatory element when purchasing the product.
On one particular issue I wanted to do something that wasn't strictly supported, but the support agent gave me their 'unofficial' solution anyway - and it worked [like] a treat!

Using AlienVault Unified Security Management

The UI looks great, but I think that a certain amount of knowledge is assumed. There is a lack of explanation built-into the UI so you have to know roughly how to do something in AlienVault before you begin.
Anything other than the basic configuration is a nightmare.
ProsCons
Like to use
Consistent
Unnecessarily complex
Difficult to use
Requires technical support
Slow to learn
Feel nervous using
Lots to learn
  • Looking at log files received by the system
  • Vulnerability scanning
  • System Updates
  • Setting up Alerting
  • Generating Custom Reports