Augmenting Security Effectiveness with a SIEM Automation Platform
September 11, 2019

Augmenting Security Effectiveness with a SIEM Automation Platform

Todd Fletcher | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Software Version

USM Anywhere (SaaS)

Overall Satisfaction with AlienVault USM

I have implemented USM Anywhere as our company SIEM. Additionally, I as working to extend it's functionality with Gartner's SOAR principles. The primary business drivers (problems) include controlling costs, mitigation of risk, and supporting agile business initiatives. It is utilitzed by the security team to monitor all business information systems.
  • Deployment is quick
  • Normalization of log data and threat identification is effective and simple to understand.
  • Vulnerability analysis along with CVE identification is better than Nessus
  • Investigations feature is robust
  • Cloud sensor depoyment and capabilities is robust
  • Custom Plugin creation/modification by the user is missing. If log data is unknown to the platform, the processing of getting a new plugin developed is lengthy. It would be ideal if the user could create custom plugins for their own platform.
  • Asset discovery adds every IP address in a subnet even if no host is present. The detection method is flawed. I don't have this issue on the same network with other asset discovery tools.
  • SaaS performance can be slow. When listing items more than 20 at a time, the UI refresh can be painfully slow.
As a SIEM, USM is easier and more user friendly than Splunk. however, Splunk isn't only geared for security. As a network engineering tool, USM isn't a good fit. We use both. Nessus is a great vulnerability scanning tool. But it does not serve the wider purpose of USM, which is a unifed security tool. We consider using both as a defense in depth principle. It would be amazing if we could ingest a Nessus scanning results tile into alienvault to augment the security visility in USM!
For an organization around 300 to 500 in size, it is a great tool. I feel that adding some network topology scanning and configuration features would allow it to deal with more complex networks better.