TrustRadius
AlienVault ~6 Month Review
https://www.trustradius.com/security-information-event-management-siemAlienVault USMUnspecified7.9591101
AJ Gumataotao profile photo
April 17, 2018

AlienVault ~6 Month Review

Score 10 out of 101
Vetted Review
Verified User
Review Source

Software Version

USM Appliance (On-Premises)

Overall Satisfaction with AlienVault USM

AlienVault is currently being used in my organization to provide visibility on the activities we cannot see from the edge firewalls such as user to server or server to server traffic. Combined with the HIDs we are able to identify security vulnerabilities down to the source machine and or user, and either at the top (egress) or bottom (client/endpoint) most point in our network infrastructure. This overall helps with the tightening of the policies on the network security assets as we now have data showing endpoint and activity correlations.
  • Up to this point, I have had no issues integrating with a system we currently have in production. while AlienVault stays on top with plugin updates.
  • Te dashboard is very informative when you figure out how to navigate around it and tweaked to your organization needs.
  • Correlation of events is probably my favorite as I normally only need to jump on the AlienVault dashboard to hammer down on network traffic/activity details.
  • At times I do find navigating the dashboard for very specific functions to be difficult.
  • For entry level security analysts or administrators I feel can get overwhelmed with the amount of data available from a single platform (in a good way)
  • helpful to understand Linux for certain tasks
None at the time as the product was purchased before I joined the organization.
Where AlienVault has become a major asset in is when digging into historical information for data gathering. At times it can get difficult without AlienVault as you have to dig through firewall logs (network and endpoint), DNS servers, Domain Controllers, IDS solution, or even web filtering products all together to identify a compromised endpoint. With AlienVault USM I find it extremely beneficial and productive to only need to look at a single platform and that is the AlienVault Dashboard.
This has helped tremendously as stated in the previous question.
In my organization's scenario, the on-premise appliance provides great value as we are a small company with site inter-connectivity. Where I am not too sure of is how exactly the product scales with very large networks with separate Windows and network domains.