A great one-stop-shop security management platform
August 15, 2019
A great one-stop-shop security management platform
Score 9 out of 10
Vetted Review
Verified User
Software Version
USM Anywhere (SaaS)
Overall Satisfaction with AlienVault USM
AlienVault USM is being used for asset discovery, vulnerability management, and security event monitoring across all networks. Sensors are deployed within VMware currently. It solves a number of security challenges: device and software visibility, monitoring for anomalous events on those devices, and making sure that our patches are being applied as we expect them to be.
Pros
- It's incredibly easy to get up and running. The sensor is simply a VM download that you link to a console, and away you go. We'd scanned most of our networks within a couple of days.
- The insight it provides into our environment has been invaluable, especially in terms of discovering BYOD and other unmanaged devices in use.
- Having a number of functions (asset discovery, vulnerability management, SIEM) in a single platform gives a great bird's-eye view of security.
Cons
- There could be a greater degree of flexibility in terms of roles and permissions management. There is only 'Manager,' 'Analyst,' and 'Read Only,' all with pre-defined permissions.
- All logs, even for cloud services (linked via AlienApps) have to be forwarded to a sensor. For example, if you want to monitor a cloud service such as Box, you need to forward logs to your sensor (which is likely behind your firewall). It would be better if you could forward straight to AlienVault cloud.
- There's not much documentation or recommendations in terms of how much CPU, RAM, etc. your sensor requires in relation to how much scanning and monitoring you'll be doing. Even just 'ballpark' recommendations would be useful.
I came from using the Logrhythm (SIEM) and Greenbone GSM (Vulnerability management) platforms. I'd say that both platforms required a lot more set up and configuration time, and the learning curve for each was much steeper. These platforms are better suited to specialists in each field in my opinion. It's also much harder to correlate information from one platform to another when everything is not all "under one roof."
Comments
Please log in to join the conversation