AlienVault Can Work For You if You Have the Time to Work For It.
November 01, 2016

AlienVault Can Work For You if You Have the Time to Work For It.

Anonymous | TrustRadius Reviewer
Score 6 out of 10
Vetted Review
Verified User

Overall Satisfaction with AlienVault Unified Security Management

It is monitoring network traffic and host file integrity to identify any potential intrusion or data security compromise. This information is used by Information Technology and Cyber Security only.
  • The depth of what it can discover is vast. If set up to monitor network traffic in the proper place, it can detect any aberrant (and possibly malicious) network traffic.
  • It's very easy to install the HIDS agent via the management interface, as long as the systems are Windows based.
  • There are a ton of correlation directives already set up to help make sense of all the data coming into this box.
  • Process for installing the HIDS agent on Linux could be easier. It's currently a manual process, and nowhere near as convenient as its Windows counterpart.
  • WAY too many false positive alerts right out of the box. Without consultants to help fine-tune the rules, it would be useless, as any legitimate alert would be lost in a sea of false positive alerts.
  • The inventory process needs to be better at tracking DHCP assigned hosts. Once a host gets inventoried, it doesn't take well to IP address changes. After that moment, anything with that IP address, whether it's the same host or not, will be identified as the original inventoried host.
It is not an effective tool for preventing malicious attacks or for preventing data loss. It is only for identifying if something bad has already happened. If you're tight on IT staff, it will be more of a hassle than a help. Better to prevent the attack with a proactive IPS than to report an attack with an IDS.
It works well if you have staff to devote to its maintenance and tuning. It is for identification purposes only, but it does not work as a preventative measure.