AlienVault is the best SIEM out there - hands down!
Overall Satisfaction with AlienVault USM
I implemented first OSSIM, the community version, to see what type of intelligence it could give me. Before long I was feeding it information from my firewall and network devices. When people talk about a "single pane of glass", this must be the product they are referring too. I purchased the product and have it deployed across the enterprise now. I'm using it for two purposes really - to see what isn't normal - i.e. warn me about potential issues, and I'm using it to see what has happened (historical).
The interface really allows you to see what's hot - if a metric, when it changes, doesn't prompt you to get out of your chair and do something, it's a wasted metric. With AlienVault, all I see are metrics that make me do things when they aren't where they are supposed to be.
In my environment, I have 18 buildings spread across 72 square miles. We support 13,000 users on a daily basis, with 6,000 owned devices, and a ton of BYOD devices. With only 10 people in the department (including myself and my secretary), I couldn't imagine staying on top of this without AlienVault.
The interface really allows you to see what's hot - if a metric, when it changes, doesn't prompt you to get out of your chair and do something, it's a wasted metric. With AlienVault, all I see are metrics that make me do things when they aren't where they are supposed to be.
In my environment, I have 18 buildings spread across 72 square miles. We support 13,000 users on a daily basis, with 6,000 owned devices, and a ton of BYOD devices. With only 10 people in the department (including myself and my secretary), I couldn't imagine staying on top of this without AlienVault.
Pros
- Reporting, reporting, reporting. Setting it up so I get emailed reports has allowed me to know, even when I am not in the office, how my day is going to go. The breadth and depth of the reports, and the ability to customize so you get what you want is awesome.
- Dashboard. The visual dashboard with the circles (areas of concentration based on number of incidents) is brilliant. All I have to do is show that to people, and they want to install it.
- Ease of implementation. Turn it on, answer a few questions, point stuff at it, and you're done. Ok, there is a lot more - I mean a lot more - you can do to customize it, but if you're looking to quickly establish a baseline, that's all you need to do.
- Who else has a fully functional product (OSSIM) you can download and install for FREE to see how it will work in your environment?
Cons
- If it did a little more with IPFIX data (think NTOP).
- Otherwise, it's perfect.
I actually don't remember now what I evaluated. When I hit AlienVault I just stopped looking.
Evaluating AlienVault USM and Competitors
Yes - I was using both OSSIM and Lancope StealthWatch. Alien vault combined both the SipIEM and network monitoring into a single pane of glass. It also ads real-time threat analytics with its UTM features to give me one appliance to collect and view data.
- Price
- Product Features
- Product Usability
- Analyst Reports
- Third-party Reviews
At the end of the day, the product had to meet two critical criteria. It had to be easy to use, and it had to be reliable. AlienVault meets both criteria very well. I’ve gotten to the point where not only do I trust it, but I rely on it.
I would not change the evaluation process. Awesome that I can use an OSSIM for as long as I need to, to make sure it works, before purchase.
Comments
Please log in to join the conversation