AlienVault is no Alien when it comes to Security
Updated December 15, 2017

AlienVault is no Alien when it comes to Security

Philip Clarke | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with AlienVault USM

AlienVault Unified Security Management is being used across the whole organisation for event logging and monitoring, threat/vulnerability management and IDS.
  • Alerting on correlated events - this has allowed us to capture malware ahead of time.
  • Ease of device logging - once the logs are sent through, the data is available instantly.
  • Actively reviewing and responding to vulnerabilities through an easy to use interface and schedule task format.
  • More functionality pushed through the web interface would be useful.
  • Asset management can be a little restricted when applying changes across a rule set.
  • LogRythm, Alert Logic and QRadar
I reviewed LogRythm, QRadar, and Alert Logic:

  • QRadar - out dated visually
  • Alert Logic - had some cumbersome attributes and was sold more as SAAS
  • LogRythm - closest to AlienVault but had outdated features when comparing the two and couldn't provide IDS
AlienVault is well suited to environments where there isn't always a dedicated SOC reviewing output, a lot of its competitors are unable to cover this area.

Using AlienVault USM

5 - They all represent IT, though we are reviewing the dashboard use to extend out to other business support departments to allow for a more rounded view.
2 - When supporting the product two types of people are required, one for the administrative side and one to develop the technical elements. The technical side would require some training unless the person has previous working knowledge of a SIEM solution.
  • Determining malware has entered the organisation
  • Communication failures between servers/services
  • Activity on firewalls
  • Changes on AD without the necessary approval authorities in place
  • Triggering events in other monitoring systems
  • Integrating with other monitoring products to give a more rounded view
  • Utilising into quarter end reporting for excom updates
  • Allow dashboard use throughout the business support units
  • Centralised view for The SOC
  • Interfacing into other products that fall outside of traditional security products
Still after the original product view AlienVault is still ahead of the game and have added even more capabilities

Evaluating AlienVault USM and Competitors

Yes - The main product to be replaced was splunk. Though splunk is a good product there was a requirement to have a more user friendly graphical interface that would allow ease of use as well as an integrated IDS. There was also an additional requirement to roll out the dashboard with limited access to the service desk team so a wider team could have access to logs and vulnerability information.
  • Price
  • Product Features
  • Product Usability
  • Analyst Reports
Cost has one of the most important factors as a budget had been set the previous year and IT was under scrutiny to reduce costs by 10-20%. The vendor understood these factors and worked with us to produce a solution the meet requirements and budget.
Our evaluation process is part of our policy governance therefore the actual process of vendor selection would not change.

AlienVault USM Implementation

Initial implementation was okay, but we should have gone on the one week course first as an understanding of the features and what to look for would have been of great use. This is especially relevant when fine tuning and correlating events and creating parsers.

Once set up the system is pretty resilient and adding in configuration is quite an easy process. We only had on the odd few occasions had to progress any set up problems to tech support.

There are also some great whitepapers and set up articles on AlienVault's website support.

AlienVault USM Support

Support was initially slow but once engaged resolution was fast and efficient.

Additional support on other topics was also resolved under the same initial call which helped rather than closing the call off and starting again.
Further check backs were carried out before the case was closed so support was very useful throughout.

Using AlienVault USM

USM is one of the easiest to use on the market and has very informative dashboards.
Like to use
Relatively simple
Easy to use
Technical support not required
Well integrated
Quick to learn
Feel confident using
  • Dashboards
  • Correlation Rule Set up
  • Log Collection
  • Asset Adding
  • Vulnerability Scanning
  • Creating parsers can be difficult unless regex is understood.