- Real-time email alerts
- Event correlations
- Log management
- System monitoring
- Network monitoring
- Up-time monitoring
- OTX threat intelligence
- Vulnerability scanning reporting
There are too many to list.
There are too many to list.
It has given us insight into our network:
It is one location to view many things.
The menu system can be a little confusing, until you use it for a while. Such as at the top right there is a “settings” menu. Which is more of a user profile menu. I would like that to say what it is “My Profile.” Under the “Settings” menu I had rather see true system settings. Such as User Accounts, Configuration Backups/Restore, SMTP server Setting, AD (LDAP) settings, Password Policies, and other true System Settings. There is also a large button at the right called “Configuration.” I would change that to something like “Deployment Settings”. Under this menu I would have settings specifically related to “this deployment of AlienVault”. Such as Plugins, Sensors, Remote Locations, and Services Running on this deployment (with the ability to Enable/Disable these and Start/Stop these). Also here I would have a sub-menu called “System Performance” with metrics (CPU usage, Swap, Ram, database health (with cleanup and compress options), Network Traffic In/Out performance for each NIC, and etc. Currently Threat Intelligence items are also under Configuration. I would make a separate “Threat Intelligence” menu and expand upon it to cover more items. Just my thoughts.
I guess it comes down to my being old school and would like traditional menus. Such as text-style drop-down menus from the top and not the huge big button menus. Like File, Analysis, Environment, Reports, Settings, Deployment Settings, Preferences, help, and etc. The text-type tend to be much more explanatory as to what is in them below. I know a lot of software has gone to the big button/ribbon style menus (MS Office). I assume that is to make things mobile friendly. To me it makes navigation less easy and more confusing and the big buttons take up too much screen real estate that I have rather see for other things such as alarms and real-time system activities.
We have been using this solution for just over one year.
There have been no major deployment issues.
There have been no major stability issues.
There have been no scalability issues. We recently moved from 150 asset licenses to unlimited and the process was very easy.
Customer support is excellent. Support has been good for simple config issues and for alert questions. They have a great forum base as well as live support.
I would rate technical support as very good.
We used hardware based as well as open source solutions before. We still use some of them, but AlienVault allowed us to consolidate a lot of services into one.
The installation was straightforward. We use the VMware base All-In-One USM. It was quite straightforward. It required a little customization, but it was not too difficult to sort through.
It was a joint collaboration.
We saw a positive ROI within six months, especially in terms of manpower.
Just give them a call. They can work with you in many ways to help you get what you need.
We looked at several options. And we were already using several of them, both paid and open source. AlienVault allowed us to combine several solutions into one.
If you are interested, sign up for some of their webinars, download the free trial or open source versions, and play with it.
Event monitoring and vulnerability scanning have been a huge benefit to us.
It provides a good platform to start looking at the traffic on your network.
Most of the troubleshooting requires going through the Linux command line and bypassing the GUI. We have a wide variety of users with different technical expertise. For some, any amount of command line troubleshooting scares them away from products.
We have been using this solution for a year.
Our deployment was rather unique and is pushing the limitations of the architecture that we chose. Given from what I have learned, if you have large deployments of the separate networks, then do not attempt to use remote sensors on those network segments.
Many of the patches typically have some bugs that we end up finding. We ended up implementing a deployment in our lab so as to fully test it internally, before patching.
The system is quite scalable however, it is best to understand the limitations of the different architectures offered.
The customer service is excellent, we have quick and knowledgeable help on all our calls.
Technical Support:The support team is also excellent with very knowledgeable engineers.
This was our first solution for this type of security appliance.
The initial setup was straightforward, but adding in more sensors made it a bit more complex.
We had vendor help for the initial setup, however, the additional sensor expansion was in-house.
We quickly found some issues after deploying and have used the vulnerability scanner to verify patches are properly applied in the environment.
If you expect to have a significant amount of devices on a sensor, then look at the cost/performance of going to a full server.
We evaluated LogRhythm and QRadar.
The correlation from the Host Based Intrusion to Network Intrusion against the vulnerabilities in my network.
We had no visibility of our vulnerabilities without looking up WSUS and matching this against the Windows bulletins. This completely missed the mark when it came to third party patches and poor configuration and waster hours upon hours for half a story. Not to mention we have a much better understanding of how and when we are being attacked.
The reporting could do with some improvements for example the vulnerability report only tells you what vulnerabilities are open and lists them but there is no indication of how old they are at a glance and what vulnerabilities have been closed since the previous scans. I would also like to see the ability to scan my devices for compliance against the CIS Benchmarks.
I have had this solution in place for just over a year now.
I've not experienced any issues with this yet.
I've not experienced any issues with this yet.
The tech support guys have been very friendly and helped as soon as there has been any issue. I cannot fault their technical support.
I used multiple products to try and get someway towards the level of visibility afforded by AlienVault. ManageEngine SIEM, Qualys, vulnerability management, and Norton for HIDS. Having this all in one interface made more sense which swayed the decision to go with Alienvault.
Very easy for initial set-up. My system was up and running within two hours. When you start to get into it more, then you need a better technical understanding.
This is much cheaper than some of the big names it is very affordable and scalable.
We looked at managed services from Dell SecureWorks as well as Qualys & Nessus.
Being the only Security professional in an organisation of well over 1000 people AlienVault lets me keep a watchful eye whilst getting on with my day job. This is a very good product with excellent support. Personally I would have preferred to go on the AlienVault System Engineers course as I believe this would help in fine tuning the system.
Our primary use case is Security Information and Event Management, as well as forensic analysis.
Undoubtedly having all security core technology under one roof, as provided by the all-in-one USM solution from AlienVault, is a big advantage for day-to-day business security operations. From real experience, it has enabled total transparency in terms of security information and events, from day one.
It provides a single pane of glass view, coupled with a whole security ecosystem. The ability to manage everything from a central point, including vulnerability assessments, asset management - including the services provided by the various hosts - NIDS, HIDS, etc., provides a very efficient way of dealing with things.
Their OTX intel is also great, as one needs to know who is running around threatening the IT infrastructure with a "crowbar."
The reporting module could be a little easier to handle, as it requires quite some trial and error until you get the reports you want. Also, it would be great to have a graphical interface for the Network Intrusion Detection System's rule management.
The solution is rock solid; never any issues.
We have not experienced any scalability issues, but we also know that you can easily add more sensors, which helps to spread the load.
Technical support is always helpful and responsive. They do care about their customers.
Our previous solution consisted of building a SIEM based on individual components/modules from the open-source space.
The initial setup is absolutely straightforward. It is up and running in no time. This is definitely one of the unique selling propositions of the solution.
So far, it has been a good solution for a tight budget.
AlienVault is a great fit, especially for smaller organizations, as it will enable you to produce quick results with no need to worry about too many details.
We use the appliance in a few of ways: monitoring network behaviour, asset discovery, and running vulnerability scans. We can monitor the availability of servers and any particular software. As we have to service several servers, we can manage them in a economical way, which is beneficial to our team and business.
We have been able to ensure the health of our servers. We can also use vulnerability scans to ensure our system is as good as it could be.
Any unusual behaviour, we can monitor. We have alerts set up to be sent when we receive signs of any unusual behaviour. The ranking can be modified to allow us to apply a standard rule and also be customized, which suits our business needs.
I have used the asset discovery and the vulnerability scans the most. As a system administrator, it is important that we are prepared for any eventualities. I also like how you can use the hardware “out-of-the-box”, or using logs you can actually customise the performance to fit your environment and needs.
For creating new rules, you have to be familiar with regular expressions. I feel there could be something built-in to make sure that process is easier.
No stability issues.
No scalability issues.
We did not have any sustainable solution, previously.
Use the AlienVault team. They are helpful and the documentation that they provide is second to none.
We checked out several competitors. For what it can do and the cost, it was the best SIEM tool!
It has allowed us to gain a better understanding of how data flows within our network, and has helped us think about what type of things we want to be alerted on, or not alerted on.
AlienVault provides you with a unified view for all aspects of what is going on in your environment. It allows you to define what alerts you want to see, or not to see, as well as if you want them grouped, or ungrouped.
The reporting aspect could be improved. While there are a lot of different options available, there are still pieces which are missing. The views are also very static and do not give you a lot of options on how the data is presented.
No, the product is stable.
No, our network has stayed for the most part the same. In the future, it should be scalable with additional sensors.
Customer Service:
This is an area that could be improved.
Technical Support:
This is an area that could be improved. However, once you get a knowledgeable tech support person, they are good to work with.
No, this is our first SIEM device.
Both. It was simple to just get up and running. However, when you start tweaking it for your organization it gets more complex.
A little bit of both. The vendor team's expertise was amazing. I highly recommend using them.
The time that it would take to manually investigate events versus looking at one dashboard.
Definitely get professional services.
Darktrace and QRadar.
Once set up, for the most part, it is a "set it and forget it" solution. There is some upkeep with making sure all the things are monitored, but other than that AlienVault provides what you need out-of-the-box.
This has helped improve our overall IT security by allowing us to implement a full suite of security tools that allows us to roll out log management on clients and servers, host-based IDS, and network-based IDS. It also provides vulnerability scanning; however, we use a separate product for that.
The best feature of this product is the ease of use. It is extremely easy to set up and get going. This is a very useful tool for a small organization.
I feel that some areas of improvement would be vulnerability scanning. We use a separate product that seems to do a much better job.
We have not encountered any stability issues.
We have not encountered any scalability issues; the product scales very easy.
Customer Service:
I would rate customer service an 8/10. I've received calls from customer service a few times a month and it gets a little overbearing, especially when you are busy, as IT professionals are.
Technical Support:
I would rate technical support a 9/10.
This was our first solution for HIDS, NIDS, and log management.
The initial setup was straightforward. I simply followed the steps in the setup wizard and the steps provided by technical support, and I had a trial version (later converted to paid version with additional steps) set up in about an hour or less.
This was set up in-house.
It is really hard to put a number on ROI but I will say that AlienVault has allowed us to close the gap on security alert timing and we can respond to incidents in a much more timely fashion which, to me, is much more valuable than a number.
AlienVault is flexible on their pricing for unlimited licenses.
We evaluated Splunk as well. AlienVault was a much cheaper solution and required less time to be rolled out. Splunk is a much more difficult product to work with and almost requires a dedicated employee to manage.
I highly recommend AlienVault USM for anybody that is seeking a SIEM solution that is easy to implement and easy to manage. It works very well for small- and medium-size businesses.
AlienVault's "Overview" dashboard makes it very easy to see everything going on in your network that needs your immediate attention. You can easily customize the dashboard to you or your company's needs.
I now have the ability to report all vulnerabilities and threats hitting our network to upper management in an easy-to-understand format.
Offer solutions based on a PoC (Proof of Concept) to fit each company's specific needs, rather than letting the company guess or piece together the solution they need.
I have used it for six months.
We have not encountered any deployment issues; the setup was very easy and support was by my side to assist me with any issues that arose.
We have encountered stability issues; we have a high volume of logs passing through our SIEM and the default configuration couldn't handle all the data. Working with support, we were able to remediate all the crashes we were having.
We have encountered scalability issues. We had to keep changing our configuration or updating our storage capabilities as we added more logs.
Customer service is 8/10.
Technical Support:Technical support is 9/10. Engineers are very knowledgeable about their product!
We did not previously use a different solution.
The setup was very straightforward. AlienVault provides simple, step-by-step instructions for each of their products!
As a single Analyst, I was able to implement this product very easily.
At this time, it is too early to tell ROI.
Know your capabilities and storage needs before negotiating a price! Make sure you ask about log storage options before purchase.
Before choosing, we evaluated other options. We were looking at Splunk and Rapid7.
Thanks for your time to review USM and for the feedback!