Out of this World, Out-of-the-Box
May 13, 2019
Out of this World, Out-of-the-Box
Score 9 out of 10
Vetted Review
Verified User
Software Version
USM Anywhere (SaaS)
Overall Satisfaction with AlienVault USM
AlienVault USM Anywhere is a perfect fit for the protective monitoring of our organisation's web facing services. It was important for us to have a real-time monitoring solution in place which could be accessed remotely by analysts such as myself. Our offices are geographically separated from our data centre so we do not have direct access to the network infrastructure. AlienVault USM helps to keep us informed of anything suspicious or unexpected which may require further investigation and more recently, with the launch of the new Investigations function, it has become even more useful as a tool for cataloguing and responding to potential incidents.
- Alarms - These are one of the products strengths in that they provide detailed breakdowns of the information that a security analyst is looking for in order to understand what is happening on the network
- Investigations - The best feature of the product is the ability to create investigations, assign events and alarms to them, and then gather evidence, make a determination and react/respond based on the nature of the incident
- Dashboard - This gives a useful at-a-glance summary of the current security posture and recent trends in alarms
- The main criticism I had with USM Anywhere was that initially it was lacking the Investigations functionality which often meant that alarms were investigated but there was no record of this work that could serve for audit purposes or to look at long term trends. Now that this has been added I have very little to criticise about the product and I use it more than ever.
While they have a comparable range of features and functionality as SIEM's, QRadar was built to be a SIEM first and foremost where AlienVault USM has amore rounded all-inclusive set of features. Despite having more elements, AlienVault USM Anywhere is the more intuitive and easy-to-use solution. In addition, AlienVault's popular OSSIM Open Source project has cultivated a strong, loyal base among the open source community and therefore is superior to QRadar in terms of community support.