AV is ready for cloud?
Updated July 16, 2019

AV is ready for cloud?

Anonymous | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User

Software Version

USM Anywhere (SaaS)

Overall Satisfaction with AlienVault USM

Currently, it is used by the IT Security team. Before it, we didn´t know exactly who was doing what and when in our infrastructure since we work with a lot of providers with access to our servers and cloud services. Now, we get alerts for suspicious login, modifications, cyberattacks, among others.
  • Logs collection
  • Cloud-aware
  • Suspicious events detection
  • Dynamic infrastructure detection (e.g. autoscaled instances are not detected when terminated).
  • File integrity monitoring rules cannot be customized.
  • Agents are manually deployed.
  • Agents get disconnected from time to time.
AlienVault is heavily utilized in our region for on-premise infrastructure. It was selected, mainly, because of pricing options.
It is well suited for logs parsing, events generation and threat detection coming from SaaS products. It doesn't seem to integrate very well with cloud servers since it depends on servers IPs (which is a problem when servers get created from an image/template) and still requires manual scans to discover new or non-existent assets.

AlienVault USM Training

Training is good for beginners. It's not that good if you wan to get certified.