Item: AlienVault USM
Rating: 9
Author: Mario Martinez

Use Cases and Deployment Scope

We use AlienVault USM to monitor our AWS cloud environment and the individual assets within that environment. AV also provides us with alerting and reporting that helps us attain and maintain compliance with several standards, but, more importantly, helps me sleep better at night as our Information Security Officer. An easy to overlook benefit is that It makes it easier for us to shore up process deficiencies. We can more easily audit that we documented and approved all non-emergency configuration changes within our cloud before they are applied. We also use the AV agent to monitor individual instances for vulnerabilities and the software they run.

This all gives us confidence that we are keeping our systems as secure as possible and meeting promises to keep our customer’s data secure.

Pros and Cons

Internal vulnerability scans
Monitor firewall and security group changes
Monitor and alert on suspicious system logs
Monitor and alert on suspicious cloud watch logs

False alarms occur occasionally
There is no report for only displaying vulnerabilities with an available patch. Specter class issues can only be mitigated but will remain active until we are all on next-generation processors.

Likelihood to Recommend

AlienVault is well suited for cloud environments and sprawling internal networks. Log ingestion and analysis across your instances and, in our case, AWS, coupled with File Integrity Monitoring and other features are well worth having. It takes some time to get things right and I would suggest, like every tool, that you periodically test its different components to remain confident in its abilities. Smaller systems likely would not benefit as much and it might be a cost/benefit analysis whether to audit changes by hand or monitor them for changes.

AlienVault does the job

Software Version

Overall Satisfaction with AlienVault USM

Use Cases and Deployment Scope

Pros and Cons

Likelihood to Recommend