AlienVault OSSIM SaaS Review
April 11, 2019

AlienVault OSSIM SaaS Review

Tyler Michels | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Software Version

USM Anywhere (SaaS)

Overall Satisfaction with AlienVault USM

This is currently being used across our corporate environment to help monitor our firewalls that process all associate traffic, active directory, O365, etc. This product has helped us to gain more visibility into the traffic that is being sent across our network and help identify threats quicker. Currently, the Security department is in charge of all that is AlienVault, and have given read access to a few neighborliness departments.

Pros

  • Ability to tune alarms and events to your liking. Very easy to get rid of false positives that are known in your environment, and create actionable alerts for legitimate alerts.
  • The simplicity of the dashboard. Everything within AlienVault USM Anywhere is easy to navigate and configure. From sorting logs to creating new users, the layout is natural and easy to figure out.
  • The Architecture of the SaaS deployment went smoothly and is very simple and expandable. Very little to worry about on our side with great results.

Cons

  • Support response time and incident handling have some room to improve. We had major issues with a sensor, and it took several days to get a response. Once we got a response the issue was corrected, it just took a while to get our engineer on the phone.
  • Small bugs in the way that the syslog packets are read and normalized. Reading the time in the packet wrong has been the biggest issue we have found so far that is without a solution.
  • Complicated Architecture to fully use the product. Requiring port mirroring to use the IDS portion of Alienvault is quite challenging when dealing with a large network size and diverse locations such as ours.
Much cheaper and better testing experience than with Exabeam. The user interface and setup was much more smooth as well. Very similar platforms and functionality, but in the end price and performance played a large factor. For a product that would do the same things, and some things better, and a much better price, AlienVault was the way to go.
Has generated many actionable alerts that we chased down and identified as real threats in our environment. The correlation with OTX has proven to be quite useful and saved a lot of time when trying to determine if a specific host is malicious. The integrations with firewalls could be a bit better so that the IDS component in AlienVault can be fully utilized without using port mirroring.

Comments

  • Tami Andrews | TrustRadius Reviewer
    Tyler - thank you so much for taking time to provide your valuable feedback!

More Reviews of AlienVault USM