Item: AlienVault USM
Rating: 9
Author: Verified User

Use Cases and Deployment Scope

AlienVault is used as a SIEM with ATT managed security services assisting with monitoring and creating alerts for potential incidents.

Pros and Cons

Easy to use rules, events will pre-populate fields for alarm rules allowing for quick creation
Friendly interface with logical layout of settings and options

Some room to improve the scaling of sensors. Sensors struggle to handle millions or events which results in dropped events in large environments
USM is upgraded automatically and there is no way to control when your instance is upgraded. This can result in bugs in features without any way to test and control

Alternatives Considered

AlienVault OSSIM and McAfee Enterprise Security Manager

AlienVault is cloud based and offers more functionality than OSSIM such as cloud service monitoring like Office 365 and AWS, deployment of sensors for efficient deployment, and event integrations with the MITRE ATT&CK framework. USM also has a much improved GUI and allows for dashboard customization. Both use open source tools like Suricata, OpenVAS, etc.

Likelihood to Recommend

It is great for those just getting started with a SIEM. Offers a lot of out of the box functionality and integrations. ATT managed services are also helpful for managing the services.

AlienVault USM Review

Software Version

Overall Satisfaction with AlienVault USM

Use Cases and Deployment Scope

Pros and Cons

Alternatives Considered

Likelihood to Recommend