Overall Satisfaction with AlienVault USM
We are using AlienVault as our central source of all security related information giving the team the visibility of everything that connects to the network. Without having to worry about going over on EPS, like some vendors that charge based on EPS, we are able to send any and all logs to the server allowing us the ability to tune the device for maximum security visibility.
- Easy to manage and customize the configuration to match your needs.
- No limits on EPS (events per second) like other vendors that make you tune out information that might help you identify a threat but due to cost for EPS you have to dump it.
- All security information in one location and dashboard.
- The reports are not very user friendly, seem to be a left over from the 90's era of formatting.
- Dashboard could also use a good facelift to make it easier to view when on the big screen in an operations center.
I have used several SIEM type products like Splunk, ArcSight, QRadar, and LogRythm. These do their job well but are limited to doing log management type of work where as AlienVault does so much more than just manage logs. The other big elephant in the room is the large price tag that comes with these solutions, the more events that you want to pull in the more it will cost you. With AlienVault you purchase based on the number of assets, allowing you to send as many events as you want to the system.
AlienVault USM Implementation
- Implemented in-house
- Professional services company
We did most of our implementation in-house but had a local AlienVault Professional Services provider, CyberCon Security Solutions, help with customization.
Yes - Phase 1: Over all planning and gathering of inventory that we wanted to collect logs from as well as network layout.
Phase 2: Installation and initial configuration of the USM.
Phase 3: Configuration of network equipment, firewall, IPS, switches, etc, to send logs to the USM.
Phase 4: Deployment of agent to servers.
Phase 5: Deployment of agent to workstations.
Phase 6: Tuning and customization of events.
Phase 7: Release to full production.
Phase 2: Installation and initial configuration of the USM.
Phase 3: Configuration of network equipment, firewall, IPS, switches, etc, to send logs to the USM.
Phase 4: Deployment of agent to servers.
Phase 5: Deployment of agent to workstations.
Phase 6: Tuning and customization of events.
Phase 7: Release to full production.
Change management was a small part of the implementation and was well-handled - Having everything mapped out ahead of time in phase 1 allows you to identify who needs to be involved from all the various departments. This also opens up the communication ahead of time so that you when you do ask for their help they know what you are referring to.
- Identification of all network devices and who has access to make changes.
- Configuration of custom applications or appliances that AlienVault did not have plugins for. This is were Professional Services really helps out.
- Tuning out of all the noise to get to the data that matters.