Solid unified security solution
May 26, 2020

Solid unified security solution

Steinerroggers Ufomaduh | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User

Software Version

USM Anywhere (SaaS)

Overall Satisfaction with AlienVault USM

AlienVault USM is used in our vulnerability management program and endpoint protection program. It addresses the problem of inconsistent patching cadence across organizational units. It is used to perform regular vulnerability scans on our infrastructure and to deliver status reports on progress in program and policy implementation. Some logs are sent to it from servers to help with the SIEM correlation work which is largely outsourced.
  • Endpoint detection notification with detailed logs
  • Vulnerability detection
  • Investigation tracking
  • Endpoint protection agent rollout
  • Vulnerability management historical tracking
  • Endpoint tracking across DHCP infrastructure
The tools reviewed were quite sophisticated. The reason for choosing AlienVault USM was mainly inclusiveness (multiple services integrated) of the solution as well as the cost-benefit ratio. Integrating the solution into our current infrastructure also appeared relatively easy--minimal hiccups and setup time along with good support from their configuration partners and large collection of KBs.
The AlienVault USM is suited for networks with minimal IP changes (non-DHCP infrastructure just like most SIEM tools). It struggles with detecting endpoints over VPN tunnels. It identifies the SIP protocol on these interfaces and creates some spurious assets for the entire range. This makes a lot of work for cleanup.
It is very efficient as a supporting tool if SOC work is outsourced or the monitoring requirements are not very intense.