Conspiracy Theory - No Aliens here!
Updated November 20, 2017
Conspiracy Theory - No Aliens here!
Score 9 out of 10
Vetted Review
Verified User
Overall Satisfaction with AlienVault USM
We are using AlienVault USM for log monitoring and retention. We also monitor the alarms dashboard to be aware of anything that may be penetrating our network. We have just started using it within the last couple of months so do not have it fully tweaked, but will be creating directives and policies to alert our tier 2 support team of possible incidents that require investigation.
- Log capturing and retention. Easily searchable.
- Behavioral monitoring. AlienVault is able to look at all events and correlate them, taking that workload off of staff.
- Open Threat exchange. AlienVault is on top of the current threats and updates database regularly to optimize protection.
- Intrusion detection.
- Vulnerability scanning. The reports are horrendous and do not provide an easy way to sort through them. Perhaps there is something I am missing, but I would like to be able to break it down by the vulnerability and list all hosts that have that vulnerability.
- GUI does not keep track of what page you are on. If you make a change, it refreshes and you are back on page one. Would also be nice to be able to have a GoTo Page option.
- Vulnerability scanning takes much too long to run. I am running scans with another system and am able to easily scan our entire network over the weekend. It times out a lot with small subsets of our network. It also seems to be locking out the account used for authentication. I verified it has the correct password and used the system to test connectivity, which it passed.
- EventTracker
The GUI was much better designed for monitoring and interpretation. The cost was also a factor. The configuration setup for AlienVault was very straightforward and quick to be up and running. Support for the POC from AlienVault was impressive. AlienVault was also a more comprehensive product and did not require a dedicated security staff to manage.
Using AlienVault USM
- Set up alerts for when a user has locked out their account. The alert goes to helpdesk so that they can contact the user, sometimes before they even realize they have locked their account. Also provides security in knowing that the user is the one indeed locking out their account.
- Use the vulnerability scanning to address vulnerabilities so when the auditors scan we have a much cleaner report as well as secured our environment.
- Set up alerts to go to Sys Admins when domain group memberships change. This provides an audit for privileged groups as soon as they occur.
Evaluating AlienVault USM and Competitors
Yes - A portion of Solarwinds was replaced with Alienvault. The log collection and correlation was not robust enough to meet our needs. AlienVault met those needs as well as added features such as vulnerability scanning and threat identification. We needed the full coverage and flexibility that a SIEM like Alienvault USM provides.
- Product Features
- Product Usability
The product needed to be able to handle log management as well as provide us to some insight on possible threats in our environment. The added vulnerability scanner was a nice feature.
Would not change anything. We did a POC on several solutions to see the results first hand in our own environment rather than just a demo so the value was easy to see when choosing AlienVault over the others.