Overall Satisfaction with AlienVault Unified Security Management
We use AlienVault USM for logging security information for all of the devices in our organization. As a healthcare provider, we need the information provided for both regulatory compliance and for our own internal security policies. USM gives us an easy to view dashboard for quick reference and also the ability to drill down into the information.
- USM collects, organizes, and correlates events from multiple sources into a single point for analysis.
- USM provides advanced threat information via OTX.
- USM provides HIDS and scanning.
- Parsing log entries can be difficult unless one is proficient at using regular expressions. My understanding is that AlienVault support will do this for any products that are currently in production, but for anything older you will be own your own.
- The GUI, while pretty good, could use a more logical design. Some of the entries are hidden in areas that aren't intuitive.
We liked AlienVault over the other products we looked at due to its lower cost and the number of features it packed into the product. For example, the base package gives you SIEM, Host-based Intrusion Detection (HIDS) via OSSEC, and Network Intrusion Detection via Suricata. Integrating these under a single pane of glass was easier and more cost effective than deploying them separately.