Great product for small companies.
Updated August 31, 2017
Great product for small companies.
Score 10 out of 10
Overall Satisfaction with AlienVault USM
AlienVault is being used to actively and passively monitor hosts and networks within our organization. We use AlienVault to monitor our business network as well as our operations network. We needed capabilities to passively monitor operations networks and this was a really good fit. It was very easy to set up and configure. We have multiple alarms set up for what we consider significant security issues such as multiple account login failure, insertion/removal of USB devices, network scans from software such as Nmap and Nessus, and when user accounts are created, deleted, locked, and unlocked just to name a few. We are alerted to these alarms through emails. I would recommend this to a colleague who is seeking a solution that is easy to set up and manage. With AlienVault USM being an all in one appliance, everything can be run from one virtual appliance as opposed to some solutions that require setting up 3-4 virtual appliances to correlate information.
- Host IDS (HIDS) works very well for collecting information on the client machines and report that information back to the USM appliance.
- Network IDS (NIDS) works very well as an IDS platform. It catches all or more of the alerts that other IDS sensors that we have within our network.
- Logging is a very important feature that we utilize. It helps us to alert to changes in user account information as well a changes to the host system that is being monitored.
- I feel that AlienVault USM could benefit more from allowing an easier path to setting up specifics about what you would like to alarm on. We have some services that we keep getting alarms opened on that we would like to stop alarming on. This is the main issue I have for now.
- It would be nice to see a way to send alerts by multiple paths. Such as to a secondary syslog server or to SMS rather than just sending alerts via email.
- The vulnerability scanner used by USM works nice however, I've used better products to actively scan a host. I believe this could be a functionality that could be addressed.
AlienVault USM stacks up well against other products that I use and have used in the past in that it is an easy product to use as well as the pricing on AlienVault USM is very good compared to other systems. Yearly support for AlienVault is over three times cheaper in support cost as compared to two other products that I implement. With AlienVault USM having all functionality combined into one management interface, this makes for easier monitoring as well as setup compared to the other systems I've used. I was able to get AlienVault USM up and running on my own with nothing more than a setup manual from the website whereas with the other products, I spent at least a day (or more) with each vendor trying to get set up and was still confused at the end of the setup period on some of it.
I find the threat detection effectiveness of AlienVault USM very good as compared to a couple of other products that I have used. One example is that I was able to find a device on my network with AlienVault USM, during my trial set up period, that was attempting to exploit another machine. This was not picked up by two other security systems that we use so I consider the threat detection effectiveness to be very good as compared to my other two systems.
Threat detection simplification is one of the best features that we have with AlienVault USM. I've stated this in some of the previous questions, but it is very easy to set up. I set the USM product up on my own with nothing more than the help of the online manual in a manner of an hour or so whereas other products have taken a day (or longer in some cases). Also, the ability to manage everything from one interface cuts way down on the time and work required needed to manage USM.
AlienVault USM is a good fit for small companies. As I previously stated, AlienVault is very easy to roll out and mange from one interface. This cuts down on the amount of work that is needed to manage USM as a whole. I can do updates to USM in a manner of minutes where as on other products that are similar I've spent over a day and a half trying to get them upgraded to the latest version. This can be a great time saver for IT departments that are short staffed.
AlienVault USM Implementation
AlienVault USM was a very simple to implement and get up and running. We started with a trial version and had that up and going within an hour of receiving email instructions from the sales engineer. We never had to contact support to get the system up and going. It was extremely easy to convert over to a full license once we started with a paid version.
Using AlienVault USM
AlienVault USM is a very easy product to implement and use. The implementation takes less than a few hours and that using the instructions from the website and not having to contact customer support. The USM console is very easy to navigate. I am also able to set up console and email alerts we ease. I had USM installed, up and going with all my customizations within a day or two whereas, other SIEM products have taken multiple weeks to get tweaked to meet my needs. Overall, this is a very good product for a SMB seeking a SIEM solution.