AlienVault Unified Security Management (AV-USM) v4.1
April 01, 2013
Starts at $17,700 (hardware cost).
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Flexibility, quality and ease of use.
- Weaknesses: Appliance setup can be a little challenging and the documentation could be better.
- Verdict: Very good product.
AlienVault's Unified Security Management (AV-USM) platform combines open source technologies for asset discovery/inventory, vulnerability assessment, threat detection, behavioral monitoring and security intelligence/event correlation. The AV-USM "All-in-One" appliance includes sensor log collection and event detection from various host, network and wireless intrusion detection systems (IDS), NetFlow information, Microsoft Windows events, and more. Another component, the AlienVault Logger, provides forensic storage, while the USM Server/SIEM engine provides aggregation, correlation and real-time alerts for incident response, along with dashboards and reporting
For more distributed and complex environments, the All-in-One appliance can be remotely upgraded via license code to support up to five remote sensors. Additionally, any one of these components can be configured on dedicated hardware appliances for scalability and deployment flexibility. In addition to the built-in asset discovery, vulnerability assessment, behavioral monitoring and threat detection, AlienVault offers an open API to integrate additional data sources and vendor devices.
During our initial attempt to access the AlienVault hardware appliance, the hardware failed. The support staff worked to identify the situation and then AlienVault shipped a replacement in less than 18 hours. AlienVault provided a copy of its standard contract, a document that detailed the appliance configuration and a CD-ROM that included a "quick-start guide" and a copy of the end-user license agreement. The product is based on a number of well-respected open source products. These include, but are not limited to, Snort, Nessus, Nmap, Nagios, OTX (Open Threat Exchange), OSSIM (Open Source Security Information Management), and more. The product contains approximately 15,000 signatures to identify risk. The case management workflow is relatively simple: Incidents are identified, a ticket is opened and sent to an investigator or an analyst. The list-supported system is impressive. The AlienVault was the first product that auto-generated an incident ticket during the start-up phase of initializing the product.
The reporting function provides an interesting feature. When a report is being generated, the user is presented with a number of options regarding the format of the document. No cryptic formatting language is required. The dropdowns and radio-button selections allows a lucid report to be created all in a few seconds. The "Situational Awareness" function allows graphic representations of the assets, including graphic views of systems up/down status.
Fee-based support offerings include standard assistance beginning at $3,540 for eight-hours-a-day/five-days-a-week phone and email aid. Additional assistance is available that includes 24/7/365 support for $4,425 per year. AlienVault provides other help functions as well: a knowledge base includes video tutorials, product documentation and more. There is a forum that can be reached on the company's website, as well as some FAQ documents.
This product is a good value for the price given its performance, functionality and presentation.
Sign up to our newsletters
SC Magazine Articles
- Study: Open Source Software use increasing in enterprises but without vulnerability monitoring
- RSA Conference 2015: Prepare for the IoT before it's too late, Sorebo warns
- 'Aaron's Law' returns to Congress
- RSA 2015: Tension continues to grow between govt, cryptographers
- CozyDuke APT group believed to have targeted White House and State Department
- Study: Conficker declared top threat of 2014, but N. America targeted mainly by AnglerEK
- RSA 2015: Straight talk about encryption, bulk surveillance and IoT
- RSA 2015: In the healthcare industry, security must innovate with business
- RSA 2015: Unintended use of aircraft systems next challenge for counterterrorism community
- RSA 2015: Bug hunting and responsible vulnerability disclosure