Overall Satisfaction with AlienVault USM
We use AlienVault USM to monitor and secure our AWS, Azure, and Office 365 environments. The primary use of the product is to maintain PCI compliance. The various PCI reports save a significant amount of time each year during our security audits. We use it to collect logs from Windows, Linux, and cloud environments into one convenient location.
- The integrations are very end-user friendly.
- The user interface is fairly intuitive.
- The PCI reports are extremely time-saving.
- The cross-platform compatibility makes hybrid environment management much easier.
- The "Agent" has caused many problems in our environment.
- The AlienVault server seems to get overwhelmed quickly and could use an option for greater scaling for larger installations.
- The documentation is often lacking on details. The documentation often covers what specific steps to take but does not cover why or how certain items work.
- The user interface is missing many features for bulk/large-scale operations. Such as the ability to close more than one page of alarms at once.
- The "report false positive" does not provide a way to easily remove items so they still show up in audits.
- There is no way to reconfigure many checks to avoid false positives.
- The system lacks transparency for many security or infrastructure operations.
I have not used any other platforms that are supposedly specifically for security only purposes. I have used many management applications such as SCCM, Nagios, Puppet, Chef, OSSEC, etc. AlienVault lacks transparency and customization that I would prefer from a centralized portal. Having to log in to yet another portal gets tiresome. Those procedures which it does accomplish it does very well. The reporting and user interface is much simpler than most software and portals I use.