The primary use cases for this solution are log management, security events correlation, and any other enterprise use cases for SIEM (new plugins development, correlation rules development, risk assessment, and asset management).
The primary use cases for this solution are log management, security events correlation, and any other enterprise use cases for SIEM (new plugins development, correlation rules development, risk assessment, and asset management).
This solution can identify many threats inside the organization, like compromised endpoints, configuration issues, as well as "outside" threats (botnets, network scanners, web-attacks, etc). During the first two weeks post-deployment, our client's cybersecurity certainly improves by using AT&T AlienVault USM.
The features that we have found most valuable are the out-of-box vulnerability scanner, Network IDS, Host IDS, Netflow Monitoring, and more than four thousand pre-installed correlation rules.
Having automatic agent deployment would be a great feature. It would be nice to see some machine learning and monitoring of the configuration in network devices.
This solution is very easy to deploy and integrates comfortably with data sources. AT&T AlienVault USM has a user-friendly engine for custom plugins development, so you can develop your own plugin for your own application without any problems.