AlienVault and an honest comparison to Darktrace
June 10, 2019
AlienVault and an honest comparison to Darktrace
Score 8 out of 10
Vetted Review
Verified User
Software Version
USM Appliance (On-Premises)
Overall Satisfaction with AlienVault USM
We are using AlienVault USM as the cornerstone of our layered security model. We use it for Incident Management, Event Logging and Anomaly Detection.
We have a Global Security Operations Centre and are deploying AlienVault globally. We want to standardize our security incident responses globally to ensure that we can implement a true 'follow the sun' model. AlienVault has a global presence and we want to leverage that capability to support our security teams.
We have a Global Security Operations Centre and are deploying AlienVault globally. We want to standardize our security incident responses globally to ensure that we can implement a true 'follow the sun' model. AlienVault has a global presence and we want to leverage that capability to support our security teams.
Pros
- Excellent feedback and reviews from external organisations and in-house experience
- Good value for money
- A reliable, all-round tool to avoid duplication / overlap with other products
- Allowed us to build a security tool-set without wasting money on duplicated (and unused) functions
- Global presence
Cons
- Other products, like Darktrace, provide exceptional automatic isolation and intrusion protection. I want AlienVault to provide equivalent protection / isolation to protect environments out of working hours (public holidays etc)
- External threat monitoring is a great way to identify threats mobilizing before they attack (horizon monitoring). Intsights (https://intsights.com/) provides this for a fee, but I would like to see a capability for monitoring key assets, such as domain names, C-Suite personnel etc.
- Some simple mechanisms to reduce white noise. We are gradually improving our filtering, but machine learning (aka Darktrace) would be helpful to allow the system to 'learn' behaviours and then allow to be filtered by an administrator. Full AI learning is difficult (hence the costs for Darktrace) but a configuration dashboard to reduce 'noise' should be easy to deliver, rather than having to edit and apply filters individually.
- Dashboards for ISO27001 and PCI. ISO27001 KPIs such as Threats Detected, Threats automatically prevented, Threats requiring human intervention etc are simple and should be easy to provide.
- Anything you can do to link with Vulnerability Management, such as Nessus, Cyberark DNA etc would be helpful. Currently these are managed separately, but would be great if these could be integrated for running routine scans from a single dashboard, or reporting on a dashboard.
AlientVault does not compare to Darktrace anomaly detection with AntiGena. This is a superb product but does not include a SIEM.
AlienVault includes SIEM and Anomaly detection, although less mature than Darktrace. I hope and expect that AlienVault orchestration can work towards the performance of Darktrace, but I'm not entirely confident that it will be able to do so. AlienVault is cheaper and selection of your product avoided paying for unused functionality. But... Darktrace have agreed to match the AlienVault pricing for me if your orchestration fails to deliver!
We are happy to work with AlienVault to help mature the orchestration capability if that would be of interest.
AlienVault includes SIEM and Anomaly detection, although less mature than Darktrace. I hope and expect that AlienVault orchestration can work towards the performance of Darktrace, but I'm not entirely confident that it will be able to do so. AlienVault is cheaper and selection of your product avoided paying for unused functionality. But... Darktrace have agreed to match the AlienVault pricing for me if your orchestration fails to deliver!
We are happy to work with AlienVault to help mature the orchestration capability if that would be of interest.
Comments
Please log in to join the conversation