Overall Satisfaction with AlienVault Unified Security Management
We use USM in two ways, 1) it is our IDS and Security foundation, 2) We are an Alienvault MSSP and provide security services to our customers and hopefully new ones too. We support many medical clinics and services outside of hospitals, and small business types. Alienvault enables them to step up from the insufficient firewall and anti-malware posture and into security from firewall to network and endpoint devices. This transformation bring the technology monitoring into a HIPAA/PCI compliant stance that has been eluding them at the technology level and at a cost they can afford. Reporting, monitoring of firewall, network traffic, and OS events.
- USM makes available the tools and ability systems that cost up to 10x the cost. Is it as polished as the "store bought" proprietary systems? No. Does it do the same things? You bet. The Alienvault team is constantly working to make it better with more features, great technical support, and collaboration.
- Day one on site and as usual it looks ugly after a vulnerability scan and the clean up begins. You never know how well you have been doing until you verify systems. Patching, configuration, and more is revealed and remedied. Meeting regulatory requirements.
- OTX integrated into the working system is one way information gets into it, rule updates come down frequently as do feature set updates. Coupled with a Next Generation firewall in front of it with two sources of threat data, it doesn't get any better than that.
- Network IDS sees everything and can pick out bad things inflight on the network. Having eyes on network, firewall, and OS events the only thing left is watching over the user. Moving from firewall and AV to a more comprehensive across the board posture is all made possible by USM.
- USM needs to mature with the user control interface. Making things easier to get done without "Google", blogs, or support. Plugin support is growing slowly. The ability to have granular control over system behavior needs to mature.
Compared to the lack of technology in most IT shops it is amazing at the viability it gives you, it tells me what is traversing my network, where my systems are going, and what threats that they may have stepped into. Granted it is detection only, but knowing something is happening rather than the average 6 to 18 month discovery of a breach is a game changer. It does have the ability to run scripts in response to a detection, there is the opportunity to start adding IPS abilities. Today it warns us, tomorrow it will take actions limited only to our imaginations.
USM has detected things that we could never have done without it. There is no way for a human to monitor a firewall and correlate events into a meaningful discovery. Hostile traffic from malware or hacking is identified, as is file integrity. So it is doing the work that was not possible without added FTE time. It is making our business as a HIPAA Business Associate compliant at a low cost and big return.
AlienVault Unified Security Management (USM) is suited for the small office/business that could never afford the high end systems, and it can scale to large networks. PCI regulated businesses and HIPAA doctor offices and medical suites can be more secure and HIPAA compliant where it wasn't possible or practical before. It fills a niche where there were no options before.