AlienVault USM saves your time for security operations.
July 27, 2016

AlienVault USM saves your time for security operations.

Kozo Nakatani | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Overall Satisfaction with AlienVault Unified Security Management

Our company uses AlienVault Unified Security Management as a service tool that actively monitors our customers' business environment and security threats. The tool is well-designed to fit in the mid-size customers' networks and provide multiple highly practical and useful utilities in a unified form. AlienVault USM makes the customers see what security incidents they are having in their business environment in 3 to 4 hours after its deployment.
  • AlienVault USM will find numbers of assets just by monitoring the traffic and identify what kinds of devices are connected to your networks.
  • The embedded rule set is pretty smart and helps dramatically reduce the numbers of security incidents which need to be taken care.
  • AlienVault USM is an internet friendly solution and can easily forward significant incidents to outside SOC for further analysis.
  • It must have a feature to support daily log rotation operation when it is used with syslog servers. The current implementation will lose log entities when log rotation occurs. It should keep on reading from the older log files for 10 to 30 seconds before it switches to the newer file when it detects log rotation events.
  • AlienVault USM for AWS has greater features than a USM 5.x for on premise. AlienVault should merge the features or release the same functionalities ASAP.
  • Log search features are poor and it needs to be improved. The AWS version may have a better feature set so it should be ported to on-premise versions.
ArcSight might be better in merely SIEM features. AlienVault USM comes with multiple features tightly integrated and that is very handy. If you already have IPS, HIDS, a sandboxing solution, and endpoint log collectors, then Arcsight or Splunk may be the better suited solution for you. Even in such cases, we use AlienVault USM as an NIDS to monitor the entire network health. We do not hesitate to use duplicated features because AlienVault USM is connected to the network where commercial IPS products exist and it still finds some significant security events.
It is well suited for mid-size organizations or corporations with distributed branch offices. It may be difficult to monitor the large enterprises with a high volume of network traffic.