AlienVault USM - best bang for the buck with all-in-one pane of glass
November 09, 2017
AlienVault USM - best bang for the buck with all-in-one pane of glass
Score 7 out of 10
Vetted Review
Verified User
Overall Satisfaction with AlienVault OSSIM
We are using AlienVault USM across our entire organization. We started with the AllInOne150 and moved to the unlimited asset license. It allows us to see all the logs in one place and correlate across systems. It also has vulnerability reporting and behavioral analysis built-in. It helps show regulatory compliance with reporting features.
Pros
- Asset management: AlienVault can be set to run scans on a specific IP address range or network and will load the assets into the database without manually entering them in.
- SIEM/Log Management: AlienVault does a good job of bringing in logs from multiple systems. There were some where we had to create a custom plugin, but they have most of the major vendors covered.
- Reporting: AlienVault has built in reports for SOX, PCI, GLBA, etc. which show good data.
Cons
- The installation was challenging to get up and running if you have no experience with SIEM and/or Linux. We are still working on fine tuning after having the system for two years.
- Once you hit the 150 asset mark, you have to jump to their unlimited license. There is no middle ground. We were only 10 or so assets above the 150 so we had to chose to either not monitor those assets or pay the price of the upgrade.
- AlienVault brings all the information to one place which makes it much quicker to track down problems.
FortiSIEM was much more expensive and really did not have all the features of AlienVault without paying extra. I liked the fact that FortiSIEM would integrate directly with the rest of the Fortinet products, but the high cost was not worth it. We get all the data we need from AlienVault - it just doesn't have the same look and feel as the Fortinet reports.
Comments
Please log in to join the conversation