AlienVault does the job
September 27, 2019
AlienVault does the job
Score 9 out of 10
USM Anywhere (SaaS)
Overall Satisfaction with AlienVault USM
We use AlienVault USM to monitor our AWS cloud environment and the individual assets within that environment. AV also provides us with alerting and reporting that helps us attain and maintain compliance with several standards, but, more importantly, helps me sleep better at night as our Information Security Officer. An easy to overlook benefit is that It makes it easier for us to shore up process deficiencies. We can more easily audit that we documented and approved all non-emergency configuration changes within our cloud before they are applied. We also use the AV agent to monitor individual instances for vulnerabilities and the software they run.
This all gives us confidence that we are keeping our systems as secure as possible and meeting promises to keep our customer’s data secure.
- Internal vulnerability scans
- Monitor firewall and security group changes
- Monitor and alert on suspicious system logs
- Monitor and alert on suspicious cloud watch logs
- False alarms occur occasionally
- There is no report for only displaying vulnerabilities with an available patch. Specter class issues can only be mitigated but will remain active until we are all on next-generation processors.
Except for a few false alarms, AlienVault has been very effective and a great tool. I particularly like that it can alert you on S3 bucket misconfiguration and that it will generally only alert on privilege and access escalation but not deescalation. For instance, opening a port on a security group triggers an alert but closing that port later is merely logged. This ultimately helps avoid alert fatigue and keeps you on top of the more relevant alarms.
Yes. We make use of the AlienVault agent, test triggering a handful of alerts each year, and have procedures in place for responding to alerts.
AlienVault is well suited for cloud environments and sprawling internal networks. Log ingestion and analysis across your instances and, in our case, AWS, coupled with File Integrity Monitoring and other features are well worth having. It takes some time to get things right and I would suggest, like every tool, that you periodically test its different components to remain confident in its abilities. Smaller systems likely would not benefit as much and it might be a cost/benefit analysis whether to audit changes by hand or monitor them for changes.