Item: AlienVault USM
Rating: 9
Author: Verified User

Use Cases and Deployment Scope

We use AlienVault to provide alerts for any irregular login activity along with other network behavior that is outside normal expectations. AlienVault also aggregates all our log files from network and edge devices into a single, searchable database. It corroborates events from various systems to better report on any unusual activity.

Pros and Cons

Alerts on login activity from unexpected locations (countries)
Aggregating log files for easy searching

Better interpretation of errors into more natural language
Easier grouping or categorization of alerts in order to assign them more efficiently to appropriate users/groups

Alternatives Considered

Other solutions out there typically focus on one or more aspects of protection such as log inspection. Alien Vault does the job of several tools and simplifies the process of guarding your systems. Other applications may also be somewhat harder to configure such as Splunk. The trade off is usually capability versus ease of use. Other systems (Solarwinds) focus on the network activity and may have limited understanding of some devices. They may also not work with as wide a variety of vendors.

Likelihood to Recommend

AlienVault is well suited for environments with multiple locations and multiple internet connections. The more complicated the network topology, the better AlienVault shines. That's not to say that it is not well suited to smaller organizations with fewer links, it works fine there as well. It also is well suited in complex environments where a variety of equipment is used and where little, if any, synergy exists between disparate systems. AlienVault easily takes from, and understands, log entries from various types of systems and interprets them as a whole.

AlienVault USM - Threat detection done right

Software Version

Overall Satisfaction with AlienVault USM

Use Cases and Deployment Scope

Pros and Cons

Alternatives Considered

Likelihood to Recommend