Overall Satisfaction with AlienVault Unified Security Management
AlienVault is being used as a SIEM and IDS at our co-location environment. When I purchased AlienVault I thought I was going to spend a lot of time tweaking it to filter out all the noise. However, that has not been the case. I just let it run and address the very few alarms that come in. We also have not run a lot of scans to this point. Most of the vulnerabilities have been false positives or risks that my company have been willing to accept.
- Displays alarms in a manner that is easily interpreted out of the box. We do not have a security admin so ease of use is important to us. The alarm panel is very easy to read and dig into when needed.
- Easy implementation. They give all sorts of resources when implementing, but it is intuitive and easy to deploy.
- Asset groupings are easy to manage.
- Even though the AlienVault documentation is good, I would like to see documentation on security strategy. This product is focused on smaller companies that may not have a security admin so simple general practice strategy would be helpful.
- This may be repetitive, but documentation on what to do or how to interpret alarms would be helpful. For example, what are the varying degrees of response to a nmap port scan.
I hate to say it, but one of the main reasons we selected the AlienVault was the price. Some of the cheaper options seemed too difficult to manage and the more expensive options were both expensive and difficult to manage. We don't have a Security Admin so simplicity was a big factor.
The main reason I would recommend AlienVault is because of its niche market. This product is perfect for the small to mid size company. Having the USM really simplifies all your tools into one interface. You really don't need a Security Admin to manage this tool. I am just assuming that it would not work well for large companies that have entire security teams that manage different areas of security.