AlienVault Unified Security Management (AV-USM) v4.1
Strengths: Flexibility, quality and ease of use.
Weaknesses: Appliance setup can be a little challenging and the documentation could be better.
Verdict: Very good product.
AlienVault's Unified Security Management (AV-USM) platform combines open source technologies for asset discovery/inventory, vulnerability assessment, threat detection, behavioral monitoring and security intelligence/event correlation. The AV-USM "All-in-One" appliance includes sensor log collection and event detection from various host, network and wireless intrusion detection systems (IDS), NetFlow information, Microsoft Windows events, and more. Another component, the AlienVault Logger, provides forensic storage, while the USM Server/SIEM engine provides aggregation, correlation and real-time alerts for incident response, along with dashboards and reporting
For more distributed and complex environments, the All-in-One appliance can be remotely upgraded via license code to support up to five remote sensors. Additionally, any one of these components can be configured on dedicated hardware appliances for scalability and deployment flexibility. In addition to the built-in asset discovery, vulnerability assessment, behavioral monitoring and threat detection, AlienVault offers an open API to integrate additional data sources and vendor devices.
During our initial attempt to access the AlienVault hardware appliance, the hardware failed. The support staff worked to identify the situation and then AlienVault shipped a replacement in less than 18 hours. AlienVault provided a copy of its standard contract, a document that detailed the appliance configuration and a CD-ROM that included a "quick-start guide" and a copy of the end-user license agreement. The product is based on a number of well-respected open source products. These include, but are not limited to, Snort, Nessus, Nmap, Nagios, OTX (Open Threat Exchange), OSSIM (Open Source Security Information Management), and more. The product contains approximately 15,000 signatures to identify risk. The case management workflow is relatively simple: Incidents are identified, a ticket is opened and sent to an investigator or an analyst. The list-supported system is impressive. The AlienVault was the first product that auto-generated an incident ticket during the start-up phase of initializing the product.
The reporting function provides an interesting feature. When a report is being generated, the user is presented with a number of options regarding the format of the document. No cryptic formatting language is required. The dropdowns and radio-button selections allows a lucid report to be created all in a few seconds. The "Situational Awareness" function allows graphic representations of the assets, including graphic views of systems up/down status.
Fee-based support offerings include standard assistance beginning at $3,540 for eight-hours-a-day/five-days-a-week phone and email aid. Additional assistance is available that includes 24/7/365 support for $4,425 per year. AlienVault provides other help functions as well: a knowledge base includes video tutorials, product documentation and more. There is a forum that can be reached on the company's website, as well as some FAQ documents.
This product is a good value for the price given its performance, functionality and presentation.