The right SIEM tool for small and mid-sized organisations
Updated August 03, 2017
The right SIEM tool for small and mid-sized organisations
Score 8 out of 10
Vetted Review
Overall Satisfaction with AlienVault USM
We've implemented and are currently operating AlienVault for few clients. Some clients use AlienVault to manage the security of a particular network. Another client is using AlienVault to offer managed security services. AlienVault has been improving the security visibility for our clients' infrastructure security. It helps those companies that are tight on budget for security spending. AlienVault helps us to maintain our service level agreement with our clients. After the tool is integrated with the infrastructure, it becomes easy to spot existing abnormalities.
- Easy to use dashboard
- Based on open source making it easy to customise the deployment
- Cost effective
- OSSEC agent integration enables file integrity monitoring
- Bulk sensors update
- Improving NIDS signatures
- Managing OSSEC agents from dashboard is limited and quite restricted
- Assets tracking
Evaluating AlienVault USM and Competitors
Yes - Yes, we replaced Splunk logs collector and manager with AlienVault OSSIM then AlienVault USM. Ofcourse at that time AlienVault was more comprehensive tools compared to a classical log collector and manager. AlienVault offered far more features combing multiple security tools with also the poer of events correlation. We finally ended up using AlienVault USM as our production SIEM tool.
AlienVault USM Support
Pros | Cons |
---|---|
None | Slow Resolution Poor followup Less knowledgeable Escalation required Need to explain problems multiple times |
No - I don't believe there will be an added value in terms of the speed to fix reported issues.
Yes - Bug fixes usually takes long time. Some deficiencies were reported but not fixed.
Best support can come during pre sales where we wanted to demonstrate how AlienVault can integrate with some technology vendor products. At that time the support team was exceptionally helpful and supplied us with the required plugins.
Using AlienVault USM
Pros | Cons |
---|---|
Like to use Relatively simple Easy to use Technical support not required Feel confident using Familiar | Slow to learn |
- Scanning and adding assets
- Creating correlation directives
- Users management
- Manage OSSEC agents
- Bulk updates for sensors
- tracking disconnected assets