AlienVault USM Review
May 05, 2017
AlienVault USM Review
Score 7 out of 10
USM Appliance (On-Premises)
Overall Satisfaction with AlienVault USM
AlienVault USM is being used across the entire organization to address threats and to aggregate logging functions into one easy-to-read report. It also handles vulnerability scanning across the network, showing which machines have what vulnerability, and what needs to be done to mitigate that vulnerability. It is also being used to help generate our inventory records.
- Very in depth on scanning for inventory! This allows one to get the "50,000 feet" view of the organizations IT assets, and can narrow down on a specific inventory item with just a few clicks.
- Conducts detailed vulnerability scans. While it doesn't mitigate the vulnerabilities, it gives us instructions on how to mitigate them..what steps we need to take.
- The reporting function is phenomenal. It aggregates logs from other hardware and software, and can present a in-depth report based on that data.
- It can be difficult to set up correctly. I found the documentation sparse in some instances.
- It can generate a ton of alerts, again if not set up correctly. I recommend taking the engineer's class for it, so that you can get the most out of your investment.
- The vulnerability scans can eat up a lot of resources, as well as be a bit pushy. Running a scan against one of our printers resulted in that printer constantly flooded with inventory scan requests by AlienVault, which rendered said printer unusable. Make sure you break out your networks when doing scans!
We looked at a number of other products besides AlienVault. Most of them were software packages that had OK reviews, but would have been costly to implement and time-consuming to maintain. AlienVault was an all-in-one appliance, though it comes in a virtual machine that you can run as well. We chose the USM because of our virtualization resources were getting pretty tight at the time we chose AlienVault, and we prefer hardware appliances.
We've not really used anything other than AlienVault for threat detection intelligence. We use endpoint protection products such as Kaspersky, however. We use the Reputation report to show which machines might be infected and talking to known bad IP addresses (based on the OTX reputation), and can deal with those machines that endpoint security was not effective in protecting.
My organization uses a number of reports that are generated by logs sent to and aggregated by the AlienVault USM. As manpower resources are limited, the AlienVault USM helps us to get the overall health of our network environment and assists in keeping watch over our environment by emailing reports and notifying us of any problems.
AlienVault is well suited for businesses that lack someone who specializes in information security. As new threats emerge daily, as long as updates are taking place and the system is set up correctly, you'll be notified of suspicious activity. I find the Reputation report to be invaluable, as it shows what machines within the organization are talking to known bad IP addresses (based on the OTX reputation...make sure you opt into OTX).