Solid unified security solution
Overall Satisfaction with AlienVault USM
AlienVault USM is used in our vulnerability management program and endpoint protection program. It addresses the problem of inconsistent patching cadence across organizational units. It is used to perform regular vulnerability scans on our infrastructure and to deliver status reports on progress in program and policy implementation. Some logs are sent to it from servers to help with the SIEM correlation work which is largely outsourced.
Pros
- Endpoint detection notification with detailed logs
- Vulnerability detection
- Investigation tracking
Cons
- Endpoint protection agent rollout
- Vulnerability management historical tracking
- Endpoint tracking across DHCP infrastructure
The tools reviewed were quite sophisticated. The reason for choosing AlienVault USM was mainly inclusiveness (multiple services integrated) of the solution as well as the cost-benefit ratio. Integrating the solution into our current infrastructure also appeared relatively easy--minimal hiccups and setup time along with good support from their configuration partners and large collection of KBs.
Comments
Please log in to join the conversation