Overall Satisfaction with AlienVault USM
- Alerting on correlated events - this has allowed us to capture malware ahead of time.
- Ease of device logging - once the logs are sent through, the data is available instantly.
- Actively reviewing and responding to vulnerabilities through an easy to use interface and schedule task format.
- More functionality pushed through the web interface would be useful.
- Asset management can be a little restricted when applying changes across a rule set.
- LogRythm, Alert Logic and QRadar
- QRadar - out dated visually
- Alert Logic - had some cumbersome attributes and was sold more as SAAS
- LogRythm - closest to AlienVault but had outdated features when comparing the two and couldn't provide IDS
Using AlienVault USM
- Determining malware has entered the organisation
- Communication failures between servers/services
- Activity on firewalls
- Changes on AD without the necessary approval authorities in place
- Triggering events in other monitoring systems
- Integrating with other monitoring products to give a more rounded view
- Utilising into quarter end reporting for excom updates
- Allow dashboard use throughout the business support units
- Centralised view for The SOC
- Interfacing into other products that fall outside of traditional security products
Evaluating AlienVault USM and Competitors
- Product Features
- Product Usability
- Analyst Reports
AlienVault USM Implementation
Initial implementation was okay, but we should have gone on the one week course first as an understanding of the features and what to look for would have been of great use. This is especially relevant when fine tuning and correlating events and creating parsers.
Once set up the system is pretty resilient and adding in configuration is quite an easy process. We only had on the odd few occasions had to progress any set up problems to tech support.
There are also some great whitepapers and set up articles on AlienVault's website support.
AlienVault USM Support
Additional support on other topics was also resolved under the same initial call which helped rather than closing the call off and starting again.
Further check backs were carried out before the case was closed so support was very useful throughout.
Using AlienVault USM
Like to use
Easy to use
Technical support not required
Quick to learn
Feel confident using