Security monitoring that is other worldly
December 31, 2019
Security monitoring that is other worldly
Score 9 out of 10
Vetted Review
Verified User
Software Version
USM Anywhere (SaaS)
Overall Satisfaction with AlienVault USM
We utilize AlienVault to collect and alert on network and system activity across the entire organization including a couple thousand systems from several different data centers and clouds and from about a dozen different domains. This SIEM solution is capable of collecting data from anything that produces and can deliver log data and lets us easily filter for what is important. The logical use of the product makes it easy to track down events and alarms and put together a picture of activity that occurs at any point in time. AlienVault gives us a single access point for security events across a very complex environment with simple methodology of accessing and understanding events as they occurred.
- The ability to ingest and parse logs across systems and then correlate the activity.
- The filtering of millions of events to discover the details you need to find is intuitive and powerful.
- Agents should be deployable directly from the console, without manually logging into servers to run scripts.
- More Alien App integrations should be developed for additional popular products.
I evaluated Splunk in the past but found the interface and work required to build queries and manage alerting was more work than I was willing to take on. I didn't like having to learn another language just to search for what I wanted.
Through a managed service provider I also evaluated LogRhythm. While the product appeared to be very powerful, because it was being hosted by a third party as a multi-tenant solution, the features were extremely limited and it didn't provide us the access we needed. LogRhythm has a great look and feel to it, but it wasn't intuitive as to how to use it.
We did demos of several other logging solutions hoping for something that could satisfy both infrastructure needs and InfoSec needs, but couldn't find a product with good overlap. Alien Vault didn't fit that bill either, but it did appear to be the best focus on InfoSec requirements such as log aggregation and security correlations, winning as the InfoSec tool of choice.
Through a managed service provider I also evaluated LogRhythm. While the product appeared to be very powerful, because it was being hosted by a third party as a multi-tenant solution, the features were extremely limited and it didn't provide us the access we needed. LogRhythm has a great look and feel to it, but it wasn't intuitive as to how to use it.
We did demos of several other logging solutions hoping for something that could satisfy both infrastructure needs and InfoSec needs, but couldn't find a product with good overlap. Alien Vault didn't fit that bill either, but it did appear to be the best focus on InfoSec requirements such as log aggregation and security correlations, winning as the InfoSec tool of choice.