AlienVault an excellent SIEM solution for the small to medium sized business.
Updated March 13, 2017
AlienVault an excellent SIEM solution for the small to medium sized business.
Score 10 out of 10
Vetted Review
Overall Satisfaction with AlienVault USM
AlienVault is Security Incident and Event Management (SIEM) tool.
We deploy and manage it in client environments. AlienVault solves a number of information technology issues, such as
We deploy and manage it in client environments. AlienVault solves a number of information technology issues, such as
- log aggregation & correlation
- asset management
- vulnerability assessment
- behavior monitoring
- threat intelligence
Pros
- SIEM tools are only as good as support surround it. This includes manufacturer support as well as support from an MSSP (Managed Security Service Provider). AlienVault has outstanding customer support and they have created a product that is easy to work with.
- Rules, Rules, Rules! What makes a SIEM tool truly effective is the rules that trigger alarms from the correlated data. AlienVault comes with hundreds of rules out of the box and is updated with new rules frequently. Also the UI is user friendly so writing your own custom rules is easy.
- OTX (Open Threat Exchange), The sharing of threat intel is built into the device. Its not an add-on piece or an additional expense.
Cons
- The tool isn't fully mature just yet. So occasionally we run into plug-ins that don't work properly or don't exist. This isn't horrible because you can write your own plug-ins but you will need some regex coding skills and a test environment.
QRadar, Splunk, Arcsight, LogRythm, Solarwinds
AlienVault is the only SIEM that is positioned in the small to medium sized business space and it is a more complete product.
AlienVault is the only SIEM that is positioned in the small to medium sized business space and it is a more complete product.
Comments
Please log in to join the conversation