AlienVault Can Work For You if You Have the Time to Work For It.
November 01, 2016
AlienVault Can Work For You if You Have the Time to Work For It.
Score 6 out of 10
Vetted Review
Verified User
Overall Satisfaction with AlienVault Unified Security Management
It is monitoring network traffic and host file integrity to identify any potential intrusion or data security compromise. This information is used by Information Technology and Cyber Security only.
- The depth of what it can discover is vast. If set up to monitor network traffic in the proper place, it can detect any aberrant (and possibly malicious) network traffic.
- It's very easy to install the HIDS agent via the management interface, as long as the systems are Windows based.
- There are a ton of correlation directives already set up to help make sense of all the data coming into this box.
- Process for installing the HIDS agent on Linux could be easier. It's currently a manual process, and nowhere near as convenient as its Windows counterpart.
- WAY too many false positive alerts right out of the box. Without consultants to help fine-tune the rules, it would be useless, as any legitimate alert would be lost in a sea of false positive alerts.
- The inventory process needs to be better at tracking DHCP assigned hosts. Once a host gets inventoried, it doesn't take well to IP address changes. After that moment, anything with that IP address, whether it's the same host or not, will be identified as the original inventoried host.
- Sophos UTM and Palo Alto Networks PA-3000 Series
It is not an effective tool for preventing malicious attacks or for preventing data loss. It is only for identifying if something bad has already happened. If you're tight on IT staff, it will be more of a hassle than a help. Better to prevent the attack with a proactive IPS than to report an attack with an IDS.