Good for static networks; too slow for cloud
June 12, 2017
Good for static networks; too slow for cloud
Score 7 out of 10
Vetted Review
Verified User
Software Version
USM Appliance (On-Premises)
Overall Satisfaction with AlienVault USM
AlienVault is used by our information security team for log management, SIEM, and vulnerability scanning. Our network is split across on-premise and multiple cloud accounts. Alarms are raised for any issues detected, and then are investigated by the infosec team.
- Good detailed vulnerability scanning using OpenVAS
- Logs are correlated well
- HIDS Agents are easy to deploy to static servers
- Access to the linux back-end of the server for adding additional functionality
- Frequent correlation updates
- Alienvault becomes pretty inflexible when working in rapidly-changing transient cloud environments. Our servers can automatically rebuild when required, and alienvault requires an agent to be deployed to each. Unfortunately an auto-deployment function is not included, and we had to script our own process - requiring extra upkeep and maintenance.
- Drilling down to find specific logs is awkward and clunky (especially compared to some of the competition in this area).
- There is no functionality to automatically remove agents/assets that have been disconnected for a period of time. This means it is a constant manual job to make sure old agents aren't still in the system (as you will soon get IP collisions when using DHCP or in a limited IP range on the cloud).
- Some competitors use machine-learning to alter which events raise alarms - Alienvault doesn't have this functionality meaning I have to be constantly adjusting rules.
- Struggles finding DNS names for our cloud servers, meaning a lot of our assets are named something like Host-192-168-1-1. We have found ways to script around this, but this is another thing that isn't supported by AlienVault.
- Agent deployment to Linux can't be done from the AlienVault UI, and has to be done manually on each Linux instance (or by creating unsupported scripts as we did).
- Can't digest cloud infrastructure logs without additional scripting and writing own plugins.