Item: AlienVault USM
Rating: 10
Author: Verified User

Use Cases and Deployment Scope

We use AlienVault USM internally to view what kind of security events are going on in our PCI/DSS infrastructure. Additionally, we have an MSSP that has access to AlienVault to keep an eye on things for us after hours. As a merchant, having real-time updates to what is going on in our infrastructure is crucial.

Pros and Cons

Alerting.
Log aggregation.
Cloud management.

Slow when viewing lots of logs.
Buggy when removing assets.
Cannot automate reports.
Vulnerability scanning does not work.

Alternatives Considered

Graylog and Logstash

Graylog and Logstash are worlds faster than AlienVault. Additionally, we can automate report generation on these platforms. AlienVault USM however, gives us the benefit of cloud management, rather than relying on on-prem/cloud infrastructure. AlienVault USM also comes with many prepackaged defaults which make it easy for small teams without dedicated security engineers to get it up and running.

Likelihood to Recommend

AlienVault USM is very well suited for small to medium-sized organizations that do not have dedicated security engineers. For larger organizations with thousands or tens of thousands of log generating assets, I would recommend something else that has fewer bugs, automated reporting, and is faster when viewing large amounts of data.

Effective for small teams

Software Version

Overall Satisfaction with AlienVault USM

Use Cases and Deployment Scope

Pros and Cons

Alternatives Considered

Likelihood to Recommend