AlienVault Professional Threat Management S3000
Strengths: Highly capable SIEM with a nice feature set.
Weaknesses: Overall high cost of ownership.
Verdict: A good SIEM with a lot of features, but a serious price tag.
SummaryPart of the fun of doing these product reviews is that we get to see new products as they emerge into the marketplace. AlienVault's Professional Threat Management S3000 is no exception. This product is a component to the AlienVault Unified Security Management platform, which started out as an open source project and has now grown into a solid security event management tool. The platform contains more than 30 open-source security tools built in and ready to go out of the box. Some of these tools include intrusion detection system (IDS), host-based intrusion detection system (HIDS), file integrity monitoring (FIM), wireless intrusion detection systems (WIDS), netflow, asset inventory and vulnerability assessment. Working together, these tools can provide overall security management from posture assessment through finding ways to remediate and improve overall network security throughout the environment.
We found this product to be quite easy to install. The installation has to be done on a bare metal server or virtual machine. To install the product, the installation DVD is inserted into the server and, once booted, the Linux-based installation wizard is launched. The installation can be fully automated, or the user can pick a more customized installation method if needed. We chose to go with the default automated install. The installation of the software took only about 15 minutes, and the server was up and running. All configuration is done using a web GUI. We found this to be easy to navigate and intuitive to use overall, but we did have to navigate around a bit to get comfortable with how the system was organized.
This tool is pretty empty after installation by default, and there is a lot of configuration that has to be done to get everything up and running. We found configuration to be fairly simple with the help of the documentation. One thing we instantly noticed was the amount of customization that we could do with the dashboards.
Documentation was comprised of installation and user guides, plus several other pieces of supplemental material. We found all documentation to be easy to follow, with clear instructions, screen shots and configurations.
AlienVault offers a few support options. Customers can purchase a support pack, which includes a limited number of tickets or support hours. Alternatively, they can purchase assistance as part of an annual contract. This offers both eight-hours-a-day/five-days-a-week and 24/7 options, which include phone- and email-based technical support, contacts and access to a portal. All customers can access a small portion of the portal which includes product documentation and other useful resources, at no cost.
At a price of $32,000 before hardware and support, this product does come with a hefty price tag. We find AlienVault Professional Threat Management to be an average value for the money. While it does sport some nice features, we find the overall cost of ownership to be a little bit high, especially considering that a 24/7 support contract can cost up to $50,000 annually.