Overall Satisfaction with AlienVault USM
AlienVault Unified Security Management is being used across the whole organisation for event logging and monitoring, threat/vulnerability management and IDS.
- Alerting on correlated events - this has allowed us to capture malware ahead of time.
- Ease of device logging - once the logs are sent through, the data is available instantly.
- Actively reviewing and responding to vulnerabilities through an easy to use interface and schedule task format.
- More functionality pushed through the web interface would be useful.
- Asset management can be a little restricted when applying changes across a rule set.
- LogRythm, Alert Logic and QRadar
I reviewed LogRythm, QRadar, and Alert Logic:
- QRadar - out dated visually
- Alert Logic - had some cumbersome attributes and was sold more as SAAS
- LogRythm - closest to AlienVault but had outdated features when comparing the two and couldn't provide IDS
Using AlienVault USM
5 - They all represent IT, though we are reviewing the dashboard use to extend out to other business support departments to allow for a more rounded view.
2 - When supporting the product two types of people are required, one for the administrative side and one to develop the technical elements. The technical side would require some training unless the person has previous working knowledge of a SIEM solution.
- Determining malware has entered the organisation
- Communication failures between servers/services
- Activity on firewalls
- Changes on AD without the necessary approval authorities in place
- Triggering events in other monitoring systems
- Integrating with other monitoring products to give a more rounded view
- Utilising into quarter end reporting for excom updates
- Allow dashboard use throughout the business support units
- Centralised view for The SOC
- Interfacing into other products that fall outside of traditional security products
Evaluating AlienVault USM and Competitors
Yes - The main product to be replaced was splunk. Though splunk is a good product there was a requirement to have a more user friendly graphical interface that would allow ease of use as well as an integrated IDS. There was also an additional requirement to roll out the dashboard with limited access to the service desk team so a wider team could have access to logs and vulnerability information.
- Price
- Product Features
- Product Usability
- Analyst Reports
Cost has one of the most important factors as a budget had been set the previous year and IT was under scrutiny to reduce costs by 10-20%. The vendor understood these factors and worked with us to produce a solution the meet requirements and budget.
Our evaluation process is part of our policy governance therefore the actual process of vendor selection would not change.
AlienVault USM Implementation
AlienVault USM Support
Using AlienVault USM
Pros | Cons |
---|---|
Like to use Relatively simple Easy to use Technical support not required Well integrated Consistent Quick to learn Convenient Feel confident using Familiar | None |
- Dashboards
- Correlation Rule Set up
- Log Collection
- Asset Adding
- Vulnerability Scanning
- Creating parsers can be difficult unless regex is understood.