Overall Satisfaction with AlienVault USM
We are using it in IT security for vulnerability management and for IDS. It is just focused as part of our IT security management process. For us, it addresses the vulnerabilities that we see all the time and it allows us to prioritize those assets based on the risk they pose to the business.
- Scanning network assets for vulnerabilities.
- Heuristics in determining behavior and alerts accordingly.
- Lots of false positives for vulnerabilities, Linux malware on Windows systems????
- Lack of third-party app support or integration.
- Being charged based on the amount of data.
We only looked at others for determining POC, and once AlienVault USM was decided on, we decided to have a full version of the POC installed. So there were not really any prolonged evaluation periods with other vendors. Also, the price point at the time made the choice of AlienVault USM a no brainer.
It is well suited if you are looking to identify vulnerabilities within your network environment or need to show that you are actively managing them in a meaningful manner. The application will provide a visible manner in which this can be documented for compliance and regulatory requirements. It is not as well suited for identifying potential threats as it provides a LOT of false positives and alerts.
Using AlienVault USM
4 - I have a team (DevOps) that support the application on an ongoing basis. The need for technical skills is important to have due to some of the complexities in the deployment process. Also, we have siloed areas of responsibility within the organization and so IT Security would not be able to support the deployment or maintenance of the application.
- Looking for vulnerabilities on the various network connected systems.
- Identifying potential threats to the network by looking at patterns of behavior (lots of false positives) and notifying or alerting to those.
- Parcing through logs to determine if there may be a potential threat or risk to the network and then alerting personnel if there is an identified issue.
- We are looking to replace it.
- Not looking to use it longer than we have to.
- ITS TO EXPENSIVE TO USE AND MAINTAIN, WILL BE LOOKING FOR AN ALTERNATIVE
- TO EXPENSIVE TO USE AND OPERATE
We are actively looking for a replacement application due to how expensive the application has gotten and the lack of information that it provides. Lots of false positives and its not very intuitive to use or manage. Little to no actionable information is provided to my team in order to correct issues or look for potential threats.