AlienVault ~6 Month Reviewhttps://www.trustradius.com/security-information-event-management-siemAlienVault USMUnspecified7.95911012018-04-17T15:54:42.184Z
April 17, 2018
AlienVault ~6 Month Review
Score 10 out of 101
USM Appliance (On-Premises)
Overall Satisfaction with AlienVault USM
AlienVault is currently being used in my organization to provide visibility on the activities we cannot see from the edge firewalls such as user to server or server to server traffic. Combined with the HIDs we are able to identify security vulnerabilities down to the source machine and or user, and either at the top (egress) or bottom (client/endpoint) most point in our network infrastructure. This overall helps with the tightening of the policies on the network security assets as we now have data showing endpoint and activity correlations.
- Up to this point, I have had no issues integrating with a system we currently have in production. while AlienVault stays on top with plugin updates.
- Te dashboard is very informative when you figure out how to navigate around it and tweaked to your organization needs.
- Correlation of events is probably my favorite as I normally only need to jump on the AlienVault dashboard to hammer down on network traffic/activity details.
- At times I do find navigating the dashboard for very specific functions to be difficult.
- For entry level security analysts or administrators I feel can get overwhelmed with the amount of data available from a single platform (in a good way)
- helpful to understand Linux for certain tasks
None at the time as the product was purchased before I joined the organization.
Where AlienVault has become a major asset in is when digging into historical information for data gathering. At times it can get difficult without AlienVault as you have to dig through firewall logs (network and endpoint), DNS servers, Domain Controllers, IDS solution, or even web filtering products all together to identify a compromised endpoint. With AlienVault USM I find it extremely beneficial and productive to only need to look at a single platform and that is the AlienVault Dashboard.
This has helped tremendously as stated in the previous question.