A great one-stop-shop security management platform
August 15, 2019

A great one-stop-shop security management platform

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Software Version

USM Anywhere (SaaS)

Overall Satisfaction with AlienVault USM

AlienVault USM is being used for asset discovery, vulnerability management, and security event monitoring across all networks. Sensors are deployed within VMware currently. It solves a number of security challenges: device and software visibility, monitoring for anomalous events on those devices, and making sure that our patches are being applied as we expect them to be.
  • It's incredibly easy to get up and running. The sensor is simply a VM download that you link to a console, and away you go. We'd scanned most of our networks within a couple of days.
  • The insight it provides into our environment has been invaluable, especially in terms of discovering BYOD and other unmanaged devices in use.
  • Having a number of functions (asset discovery, vulnerability management, SIEM) in a single platform gives a great bird's-eye view of security.
  • There could be a greater degree of flexibility in terms of roles and permissions management. There is only 'Manager,' 'Analyst,' and 'Read Only,' all with pre-defined permissions.
  • All logs, even for cloud services (linked via AlienApps) have to be forwarded to a sensor. For example, if you want to monitor a cloud service such as Box, you need to forward logs to your sensor (which is likely behind your firewall). It would be better if you could forward straight to AlienVault cloud.
  • There's not much documentation or recommendations in terms of how much CPU, RAM, etc. your sensor requires in relation to how much scanning and monitoring you'll be doing. Even just 'ballpark' recommendations would be useful.
I came from using the Logrhythm (SIEM) and Greenbone GSM (Vulnerability management) platforms. I'd say that both platforms required a lot more set up and configuration time, and the learning curve for each was much steeper. These platforms are better suited to specialists in each field in my opinion. It's also much harder to correlate information from one platform to another when everything is not all "under one roof."
AlienVault USM Anywhere is great if you have limited dedicated security resource. It's also great if you'd like to do as much as possible with a single platform. The option to hand over your instance to an MSSP is also a great option if you discover that there's more going on in your environment than expected. I can imagine for experienced SOC analysts there may be a lot of flexibility and customization missing when compared to individual, more traditional SIEM or vulnerability management platforms.