Conspiracy Theory - No Aliens here!
Updated November 20, 2017

Conspiracy Theory - No Aliens here!

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Overall Satisfaction with AlienVault USM

We are using AlienVault USM for log monitoring and retention. We also monitor the alarms dashboard to be aware of anything that may be penetrating our network. We have just started using it within the last couple of months so do not have it fully tweaked, but will be creating directives and policies to alert our tier 2 support team of possible incidents that require investigation.
  • Log capturing and retention. Easily searchable.
  • Behavioral monitoring. AlienVault is able to look at all events and correlate them, taking that workload off of staff.
  • Open Threat exchange. AlienVault is on top of the current threats and updates database regularly to optimize protection.
  • Intrusion detection.
  • Vulnerability scanning. The reports are horrendous and do not provide an easy way to sort through them. Perhaps there is something I am missing, but I would like to be able to break it down by the vulnerability and list all hosts that have that vulnerability.
  • GUI does not keep track of what page you are on. If you make a change, it refreshes and you are back on page one. Would also be nice to be able to have a GoTo Page option.
  • Vulnerability scanning takes much too long to run. I am running scans with another system and am able to easily scan our entire network over the weekend. It times out a lot with small subsets of our network. It also seems to be locking out the account used for authentication. I verified it has the correct password and used the system to test connectivity, which it passed.
  • EventTracker
The GUI was much better designed for monitoring and interpretation. The cost was also a factor. The configuration setup for AlienVault was very straightforward and quick to be up and running. Support for the POC from AlienVault was impressive. AlienVault was also a more comprehensive product and did not require a dedicated security staff to manage.
AlienVault is a good solution for a SIEM if you do not have a dedicated staff person (or team) for security. It is fairly easy to use and to navigate.
We had thought we may be able to replace our current vulnerability scanning system with AlienVault, but it has not proven to be comparable at this point and I have discontinued use of the AlienVault vulnerability scanning.

Using AlienVault USM

  • Set up alerts for when a user has locked out their account. The alert goes to helpdesk so that they can contact the user, sometimes before they even realize they have locked their account. Also provides security in knowing that the user is the one indeed locking out their account.
  • Use the vulnerability scanning to address vulnerabilities so when the auditors scan we have a much cleaner report as well as secured our environment.
  • Set up alerts to go to Sys Admins when domain group memberships change. This provides an audit for privileged groups as soon as they occur.

Evaluating AlienVault USM and Competitors

Yes - A portion of Solarwinds was replaced with Alienvault. The log collection and correlation was not robust enough to meet our needs. AlienVault met those needs as well as added features such as vulnerability scanning and threat identification. We needed the full coverage and flexibility that a SIEM like Alienvault USM provides.
  • Product Features
  • Product Usability
The product needed to be able to handle log management as well as provide us to some insight on possible threats in our environment. The added vulnerability scanner was a nice feature.
Would not change anything. We did a POC on several solutions to see the results first hand in our own environment rather than just a demo so the value was easy to see when choosing AlienVault over the others.

AlienVault USM Implementation

The implementation was very straight forward and was set up quickly. The implementation project was managed well, and the vendor installing and configuring the product was very knowledgeable. As we had done a proof of concept trial, it was trivial to convert our install into production.

AlienVault USM Support

Have had good support and have had poor where they just want to direct you to pay for consultant services or training. Usually the support rep is pretty good and works to resolve/answer the issue/question, but a few times they have not been willing to look into it very far and push off to services/training.

Using AlienVault USM

The dashboard for alarms is extremely useful for a quick glance at what is going on in the environment. It also allows you to drill into an alarm to get more granular details on what generated it. Reporting and flexibility of dashboards could use some improvements, but overall a very useful tool.