AV USM - give it a few tasks and let it be!
November 02, 2016
AV USM - give it a few tasks and let it be!
Score 6 out of 10
Vetted Review
Verified User
Overall Satisfaction with AlienVault Unified Security Management
We use AlienVault Unified Security Management (USM) to correlate logs from our various departments' own SIEM tools. We do not use USM as our master logger, but to pick out security concerns from all our other log management tools. We also have a few systems logging to USM directly. It provides us visibility into our vulnerabilities by performing scans and by looking for malicious patterns in network traffic.
- It has a good dashboard that provides a good sense of our overall security posture.
- It ties in well with emerging threats via its Open Threat Exchange system.
- It does a good job finding users out of compliance with our external VPN/Proxy policies.
- USM is great at identifying malicious network behavior.
- There is a big learning curve to the user interface. Once learned, its complexity makes it powerful.
- There are no alerts for system configuration alerts - such as full disks of the USM itself.
- There is no automatic offloading and archiving of old logs from the USM to an archival disk system. I have to manually SCP old logs off monthly.
- solarwinds lem
USM is a security focused, threat-finding system. It is not a great log manager. Logs can be hard to search in USM, and it can be hard to manage the storage space on USM.