Overall Satisfaction with AlienVault USM
We have used Alienvault USM in our PCI environment to detect the most common threats. We have discovered it added extra value to our organization by creating visibility on security issues we didn't know of before. On the downside, the on-premise version of Alienvault USM can get slow after loading it with a lot of machines (when doing big queries) and doesn't adapt very well to dynamic environments, but their on cloud version is definitely making that better.
- Reports most common threats, real-time and take immediate automatic actions. I think this is strong if you don't have a team monitoring 24/7.
- Connects with signature providers and keeps up-to-date well with 0 vulnerabilities. I don't need to explain why you may want to be protected against the newest threats.
- The UI is very easy to get used to, which will make you adapt to its use quickly.
- This tool will become slower and slower as you start adding devices to it, the on-premise version has a lot of room for improvement here, the database is slow.
- The on-premise version of Alienvault USM will not support dynamic environments where people is constantly removing/adding new virtual machines and doesn't cope with puppet management.
- Only the most common hypervisors supported, it could be good to have an image for XEN.
The on-premise version of Alienvault will be very good for environments that don't change a lot over time, it will provide good information about security issues on your premises. I would not recommend using this if you have a big private cloud where a lot of changes are being made. Go with the cloud version if that's your case.