AlienVault Unified Security Management (AV-USM) v4.1
April 01, 2013
Starts at $17,700 (hardware cost).
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Flexibility, quality and ease of use.
- Weaknesses: Appliance setup can be a little challenging and the documentation could be better.
- Verdict: Very good product.
AlienVault's Unified Security Management (AV-USM) platform combines open source technologies for asset discovery/inventory, vulnerability assessment, threat detection, behavioral monitoring and security intelligence/event correlation. The AV-USM "All-in-One" appliance includes sensor log collection and event detection from various host, network and wireless intrusion detection systems (IDS), NetFlow information, Microsoft Windows events, and more. Another component, the AlienVault Logger, provides forensic storage, while the USM Server/SIEM engine provides aggregation, correlation and real-time alerts for incident response, along with dashboards and reporting
For more distributed and complex environments, the All-in-One appliance can be remotely upgraded via license code to support up to five remote sensors. Additionally, any one of these components can be configured on dedicated hardware appliances for scalability and deployment flexibility. In addition to the built-in asset discovery, vulnerability assessment, behavioral monitoring and threat detection, AlienVault offers an open API to integrate additional data sources and vendor devices.
During our initial attempt to access the AlienVault hardware appliance, the hardware failed. The support staff worked to identify the situation and then AlienVault shipped a replacement in less than 18 hours. AlienVault provided a copy of its standard contract, a document that detailed the appliance configuration and a CD-ROM that included a "quick-start guide" and a copy of the end-user license agreement. The product is based on a number of well-respected open source products. These include, but are not limited to, Snort, Nessus, Nmap, Nagios, OTX (Open Threat Exchange), OSSIM (Open Source Security Information Management), and more. The product contains approximately 15,000 signatures to identify risk. The case management workflow is relatively simple: Incidents are identified, a ticket is opened and sent to an investigator or an analyst. The list-supported system is impressive. The AlienVault was the first product that auto-generated an incident ticket during the start-up phase of initializing the product.
The reporting function provides an interesting feature. When a report is being generated, the user is presented with a number of options regarding the format of the document. No cryptic formatting language is required. The dropdowns and radio-button selections allows a lucid report to be created all in a few seconds. The "Situational Awareness" function allows graphic representations of the assets, including graphic views of systems up/down status.
Fee-based support offerings include standard assistance beginning at $3,540 for eight-hours-a-day/five-days-a-week phone and email aid. Additional assistance is available that includes 24/7/365 support for $4,425 per year. AlienVault provides other help functions as well: a knowledge base includes video tutorials, product documentation and more. There is a forum that can be reached on the company's website, as well as some FAQ documents.
This product is a good value for the price given its performance, functionality and presentation.
Sign up to our newsletters
SC Magazine Articles
- APT operation 'Double Tap' exploits serious Windows OLE bug
- 'DoubleDirect' MitM attack affects iOS, Android and OS X users
- Android malware 'NotCompatible' evolves, spawns resilient botnet
- Vulnerabilities identified in three Advantech products
- The Internet of Things (IoT) will fail if security has no context
- Operators disable firewall features to increase network performance, survey finds
- DDoS attacks cost organizations $40,000 per hour, survey finds
- Waste no time patching Windows Schannel, OLE bugs, experts warn
- Study: 68 percent of healthcare breaches caused by loss or theft of devices, files
- Spin.com redirects to Rig Exploit Kit, infects users with malware, Symantec observes
- Study: 'High priority' issues hamper endpoint security solution implementation
- Researchers identify POS malware targeting ticket machines, electronic kiosks
- Pirated Joomla, WordPress, Drupal themes and plugins contain CryptoPHP backdoor
- DDoS attacks grew in size, threats became more complex, Q3 reports say
- Man gets 18 months in prison for accessing Subway POS devices, loading up gift cards