Item: AlienVault USM
Rating: 6
Author: Verified User

Use Cases and Deployment Scope

I am working for an MSSP as a managed SOC for my clients. AlienVault USM is addressing all security events of my customers.

Pros and Cons

Main strength is the OTX community and all the IOC provided through this.
Transparent upgrades of the product.
Plugins and parser creation and updates handled by AlienVault so there's no need to develop our own parsers.
NIDS and vulnerabilities scanner already included in the license with no additional cost.

Many correlation rules (maybe too many) and we don't know what the real coverage of the risks is.
Any ability to customize log parsers.
Investigation system not really easy to use.
No backups available so if I want to change the SIEM or have a problem with my licensing, I lose everything.

Alternatives Considered

RSA NetWitness Platform and IBM QRadar

AlienVault USM is more affordable than the other solutions and much easier to deploy and maintain.

Perfectly suited for small environments with limited resources because it is a kind of UTM. The product is very easy to deploy and maintain. Very suitable for a cloud environment. AlienVault USM support is also very reactive.

Less suitable for environment with a high volume of data and who already have IPS and vulnerabilities scanners. The network scanned is not easy to deploy in multiple data centers.

AlienVault is easy to deploy and manage

Software Version

Overall Satisfaction with AlienVault USM

Use Cases and Deployment Scope

Pros and Cons

Alternatives Considered

Likelihood to Recommend