Great product for small companies.
Updated August 31, 2017
Great product for small companies.
Score 10 out of 10
Vetted Review
Verified User
Overall Satisfaction with AlienVault USM
AlienVault is being used to actively and passively monitor hosts and networks within our organization. We use AlienVault to monitor our business network as well as our operations network. We needed capabilities to passively monitor operations networks and this was a really good fit. It was very easy to set up and configure. We have multiple alarms set up for what we consider significant security issues such as multiple account login failure, insertion/removal of USB devices, network scans from software such as Nmap and Nessus, and when user accounts are created, deleted, locked, and unlocked just to name a few. We are alerted to these alarms through emails. I would recommend this to a colleague who is seeking a solution that is easy to set up and manage. With AlienVault USM being an all in one appliance, everything can be run from one virtual appliance as opposed to some solutions that require setting up 3-4 virtual appliances to correlate information.
- Host IDS (HIDS) works very well for collecting information on the client machines and report that information back to the USM appliance.
- Network IDS (NIDS) works very well as an IDS platform. It catches all or more of the alerts that other IDS sensors that we have within our network.
- Logging is a very important feature that we utilize. It helps us to alert to changes in user account information as well a changes to the host system that is being monitored.
- I feel that AlienVault USM could benefit more from allowing an easier path to setting up specifics about what you would like to alarm on. We have some services that we keep getting alarms opened on that we would like to stop alarming on. This is the main issue I have for now.
- It would be nice to see a way to send alerts by multiple paths. Such as to a secondary syslog server or to SMS rather than just sending alerts via email.
- The vulnerability scanner used by USM works nice however, I've used better products to actively scan a host. I believe this could be a functionality that could be addressed.
AlienVault USM stacks up well against other products that I use and have used in the past in that it is an easy product to use as well as the pricing on AlienVault USM is very good compared to other systems. Yearly support for AlienVault is over three times cheaper in support cost as compared to two other products that I implement. With AlienVault USM having all functionality combined into one management interface, this makes for easier monitoring as well as setup compared to the other systems I've used. I was able to get AlienVault USM up and running on my own with nothing more than a setup manual from the website whereas with the other products, I spent at least a day (or more) with each vendor trying to get set up and was still confused at the end of the setup period on some of it.