AV USM - give it a few tasks and let it be!
November 02, 2016

AV USM - give it a few tasks and let it be!

Anonymous | TrustRadius Reviewer
Score 6 out of 10
Vetted Review
Verified User

Overall Satisfaction with AlienVault Unified Security Management

We use AlienVault Unified Security Management (USM) to correlate logs from our various departments' own SIEM tools. We do not use USM as our master logger, but to pick out security concerns from all our other log management tools. We also have a few systems logging to USM directly. It provides us visibility into our vulnerabilities by performing scans and by looking for malicious patterns in network traffic.
  • It has a good dashboard that provides a good sense of our overall security posture.
  • It ties in well with emerging threats via its Open Threat Exchange system.
  • It does a good job finding users out of compliance with our external VPN/Proxy policies.
  • USM is great at identifying malicious network behavior.
  • There is a big learning curve to the user interface. Once learned, its complexity makes it powerful.
  • There are no alerts for system configuration alerts - such as full disks of the USM itself.
  • There is no automatic offloading and archiving of old logs from the USM to an archival disk system. I have to manually SCP old logs off monthly.
  • solarwinds lem
USM is a security focused, threat-finding system. It is not a great log manager. Logs can be hard to search in USM, and it can be hard to manage the storage space on USM.
It's well suited if your environment already has good log collection, and if you have the ability to TAP network traffic for your campus. It can be hard to implement if you have to convince everyone to send your their logs, or if you don't have equipment already in place for network TAPS, as those can be expensive.