Not the best, but not the worst. Robust data analysis with an OK user interface.
May 16, 2019
Not the best, but not the worst. Robust data analysis with an OK user interface.
Score 6 out of 10
Vetted Review
Verified User
Software Version
USM Anywhere (SaaS)
Overall Satisfaction with AlienVault USM
AlienValut USM is deployed throughout our entire server and database architecture primarily in the cloud in Linux environments. It's managed and orchestrated by one department but secures data integral to the entire business.
Pros
- Data analysis at the endpoint
- Functions independent of directory services if necessary
- Well-rounded approach to data gathering (e.g. asset discovery, vulnerability assessment, intrusion detection, behavioral monitoring, etc.)
Cons
- They nickel and dime you on the processing of data, and you have to create different kinds of filtering rules and purge rules so that you don't hit your data limits. It's not uncommon to charge for data processing in this industry. That's not what I have a problem with. Most data analytics tools will do that, but the way they tier it (at least when we looked at it) was pretty aggravating. You really couldn't use their lowest tier unless you weren't planning on retaining and processing much of the data, which defeats the whole purpose.
- The way the different rules (e.g. filter vs purge) are laid out and configured isn't very intuitive. Their UX guys have a lot of work to do.
- "Sensors" aren't just sensors. They do the bulk of the heavy lifting. I'm not a fan of allocating those kinds of resources on an endpoint to an agent (sensor). I would much rather the agents be lightweight and funneling the info back to a server that does the computing. If you want a cloud-deployable and managed solution, and you want quick, thorough analysis, it has to be done on the endpoint instead of the management server in the cloud. I wish that weren't the case and would love to see that workload shifted off of my endpoints if possible.
AlienVault USM does a good job of thorough analysis, but it puts more load on my endpoints than SentinelOne. It's more thorough and well-executed than SecureWorks. At the end of the day, I would go with SentinelOne over USM any day of the week. Not only is SentinelOne more robust, it's more intuitive and lighter weight on my endpoints.
Comments
Please log in to join the conversation