How we Improved Infrastructures log Monitoring using AlienVault USM Anywhere
August 28, 2019

How we Improved Infrastructures log Monitoring using AlienVault USM Anywhere

Pankaj KC | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Software Version

USM Anywhere (SaaS)

Overall Satisfaction with AlienVault USM

We use it to detect network risks and vulnerabilities to a reasonable and appropriate level. Using across the whole organization. It's also being used to comply with current legislation (security related logs should be recorded).
  • As for us, it casually integrated to AWS cloud and local infrastructures, in simple words easy to implement
  • Processes different types to logs using its very own inbuilt plugins and display it in an understandable manner for the non-technical users as well
  • Has its own very accurate correlation rules to generate alarms from the processed logs
  • Has an open threat intelligence community which can be integrated with the AlienVault account
  • In order to collect the system logs from various servers, it has an AlienVault agent that can be installed on the windows, MAC and Linux. It collects the various types of logs such as user activity, shell history, file integrity, etc., logs
  • Any suspicious alarm can be added as a ticket on its console and can be processed according to severity type.
  • Server and Network vulnerabilities details can be scanned through the USM.
  • Customizable dashboards view in the console makes easy to monitor logs from the different sources.
  • Events view can be customized according to the data source plugins.
  • USM has a feature of suppressing and filtering out the logs from the console. Suppression hides the logs from the console dashboard whereas filtering block the similar type of log entering the alienvault console which helps to reduce the storage usage
  • Asset Discovery: Maintains and scans dynamic asset inventory and software inventory for large scale organization
  • Security & Compliance Reporting: contains customizable reports for regulation standards and compliance frameworks
  • It uses sensors to collect data from different sources which results in extra cost for the sensor server
  • Support is very poor
  • It would be great if there was document to study on how can we identify and monitor suspicous logs
GuardDuty can be used to monitor VPC flow log and DNS query logs and CloudTrail related logs. Its has its own threat intelligence from AWS security and third party intelligence. It is limited only to AWS resources whereas AlienVault USM can be used from all the networks and infrastructures inside an organization.
If you have a bigger organization that has a bigger network infrastructure which needs to be monitored in every aspect, then AlienVault USM is perfect for it. It automatically detects threats and sends out email notifications from which necessary actions can be taken. It has a correlation engine, which quickly detects and alerts on different variants of malware that can affect your organization. It provides full details on the attack method and strategy, the systems in the network involved in the attack (source and destination)with the geo-location, and the associated event that comprised the attack, along with response guidance.

Since it is very expensive I do not recommend it for small organizations it requires additional infrastructures to implement the AlienVault within the premise.