AlienVault USM appliance is the juice!
No photo available
September 03, 2019

AlienVault USM appliance is the juice!

Score 10 out of 10
Vetted Review
Verified User
Review Source

Software Version

USM Appliance (On-Premises)

Overall Satisfaction with AlienVault USM

We use AlienVault USM as both a SIEM and vulnerability scanner across all departments and location within First Central Group. The alarms are very useful and I often refer to them on a daily basis. With the help of the Cyber Security Analyst we monitor the network for unusual activity. I use the vulnerability reporting function every month to understand the trend of remediated vs current vulnerabilities in our assets.
  • OTX is extremely useful and AlienVault does a good job of highlighting known malicious IP addresses and there locations.
  • Dashboards are particularly useful; in understanding weaknesses in hosts that would otherwise be particularly tedious without this functionality.
  • The detail provided in alarms including a 'whois' is very useful and unique. If users explore all the links within generated alarms there's a host of unparalleled detail provided.
  • Threat intelligence could do with more tweaking to help make the creation of policies and directives more user friendly.
AlienVault has helped detect a potentially unwanted application where our Endpoint Security did not detect this until later in the day. Sometimes shareware and freeware from official sites hide the fact that they come bundled with potentially unwanted applications and it's useful that you're able to detect this earlier rather than later.
Our organisation is still on a journey down the road of complete security detection and have not made significant progress in this for us to make a firm assessment yet. We can say that AlienVault has helped reduce our workload and alerted us to threats we would otherwise have been blind to.
The appliance version works brilliantly with sensors and it is especially useful that admins can access the user interface from any browser from anywhere around the world and not only keep an eye on the network but make changes and tweaks on the fly. The SIEM generates logs for all activity instantaneously which is very useful if you're monitoring your network remotely. I don't imagine this would be as easy with a federated version of AlienVault.

AlienVault USM Training

The instructor gave detailed overview and went through the labs before allowing us to attempt using them. I enjoyed the balance of time and level of instruction received. The content went deeper that usual and the lab environment was easy to use and all results were consistent. I came away from the course knowing more than i did if I had just read the course notes.