Item: AlienVault USM
Rating: 8
Author: Verified User

Use Cases and Deployment Scope

USM is our primary SIEM solution. The solution is not a standard SIEM but rather a SOAR, where one can add orchestration rules as well as run investigations. All of our network devices, servers, IPS IDS FW and more then all send the logs to this solution. Then the SIEM creates events which derive alerts and alarms.

Pros and Cons

Investigations
Event collection and alerting
correlation rules

N/A
CBT training
training

Most Important Features

Log collection
threat investigation
SOC response

Alternatives Considered

IBM Security QRadar SIEM

Easy to deploy and ease of use, good training by ATT

Key Insights

Do you think AlienVault USM delivers good value for the price?

Yes

Are you happy with AlienVault USM's feature set?

Yes

Did AlienVault USM live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of AlienVault USM go as expected?

Yes

Would you buy AlienVault USM again?

Yes

Other Software Used

CrowdStrike Falcon

Likelihood to Recommend

Investigations, The investigation process is very well planned where, all items can be linked and any asset, time line, or threat can be linked to a single investigation. This assists in solving the purpose of the investigation and getting to the bottom of the cause of the threat. Either an action plan is derived or the investigation can be closed with comments for future.

will I continue to use USM, Yes I would

Software Version

Overall Satisfaction with AlienVault USM