AlienVault proved itself after one day.
Overall Satisfaction with AlienVault USM
Currently it's only being used by the IT department to identify suspicious network activity, which we did not monitor prior to implementing AlienVault. One day after implementing AlienVault, we were notified of a bitcoin miner on our FTP site. Sure enough, when I logged into that machine and ran a malware scan, it picked up a Bitcoin Miner.
Pros
- Report suspicious network activity.
- Display all threats in a nice dashboard.
- Notify me of what other people have encountered with "Pulses."
Cons
- Make initial setup easier.
- Make their certification test not so ridiculously tedious with oddly specific questions.
- Provide better remediation steps.
- AT&T Threat Intellect
I might be mistaken in the application name, but I recall using a product from Dell or ATT that provided a data lake of information that would do this log gathering. What didn't impress us very much was the cost and usability.
Comments
Please log in to join the conversation