AlienVault Unified Security Management v4.4
April 01, 2014
$17,700 (hardware), plus support.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Flexible deployment model, dashboard is easy to read and modify, OTX network is a pleasing approach to collaborative security.
- Weaknesses: Numerous documentation gaps, and documentation in general can be difficult to find or follow.
- Verdict: While a subscription to the standard support option is virtually required, the product itself is quite solid.
Targeted toward organizations with smaller security budgets, AlienVault's Unified Security Management product is an excellent introductory SIEM appliance. It packs numerous features into a flexible deployment model, and grants smaller organizations the same sophisticated view into their computing environments that some of the larger SIEM players give.
As the product came to us as a rackable hardware appliance, setup was quite easy. After making the appropriate physical connections, we powered up the device and configured our basic network settings using a simple ASCII menu. We then browsed to the management web interface, where we registered the device and set up an admin user.
Running on a Debian Linux core, the solution has a number of deployment options. It is available as a hardware appliance, VMware virtual machine, or it can be deployed within the Amazon EC2 cloud. Each deployment mode is fully compatible with the others. Further, it is composed of three core components. The Sensor component is the workhorse. It performs all log collection and event detection and includes host-, network- and wireless-based intrusion detection systems, netflow data capture, Windows event collection, syslog data capture, and others. The file integrity monitor service is hosted here as well. It works as one would expect. It also performs log normalization and SIEM event correlation functions.
The Logger component provides archival services, storing log data in a forensically sound manner to facilitate investigations and compliance requirements. Finally, the Server component performs event aggregation and correlation from data provided by all sensors, provides real-time alerts to kick off incident response procedures, and hosts the management interface and reporting dashboard. We found the dashboard, in particular, to be well built. It is easy to reorganize and modify with simple drag-and drop UI functionality.
The all-in-one appliance we were provided combines all three components onto a single piece of hardware. However, each component can be deployed individually.
AlienVault's documentation was a little spotty. While the material provided was good, it was divided into multiple documents and videos each explaining a specific feature or configuration step. We couldn't find anywhere, for example, a start-to-finish deployment guide for the hardware appliance. We found ourselves swapping between the company's user support forums and its documentation portal, reading forum posts, online PDFs and watching videos in order to complete the deployment.
AlienVault has two support tiers. Its no-cost support is available via use of community web forums. The standard support package, available for a fee, provides eight-hours-a-day/five-days-a-week phone and email assistance, as well as access to the company's web portal.
AlienVault Unified Security Management has a base price of $17,700 for the hardware appliance. The standard support option is priced at $3,540.
SC Magazine Articles
- Was Spotify breached? Account info shows up on Pastebin
- Report: Ransomware feeds off poor endpoint security
- Researcher finds backdoor that accessed Facebook employee passwords
- Over 7M Minecraft mobile credentials exposed after Lifeboat data breach
- DōTERRA breach exposes customer info; including SS, DOB, and addresses
- Federal court bucks trend, rules general liability insurance covers data breach
- The anatomy of a spearphishing scam, or how to steal $100M with a fake email
- FBI investigating attack against computer networks at U.S. law firms
- Pros examine Mossack Fonseca breach: WordPress plugin, Drupal likely suspects
- First Choice Credit Union files class-action suit against Wendy's over breach
- Top NFL prospect Tunsil free falls in draft after apparent hacker posts damaging video, texts
- Researchers spot Android Infostealer disguised as Chrome update
- Researchers spot mobile malware competition on the black market
- Judge ruled go ahead for claims of phone hacking against UK tabloid