AlienVault Unified Security Management (USM)
Strengths: Fantastic interface and easy setup.
Weaknesses: None found.
Verdict: Great value. Definitely give this a look.
The AlienVault Unified Security Management platform is one of the most unique products we have ever had the pleasure of reviewing. Off the bat, it comes in for this review cycle as the least expensive hardware SIEM. The price is nothing to go by, however. This device comes with some of the most advanced functionality of any SIEM we have seen. It is available as a preconfigured VM, an Amazon cloud appliance, or as a hardware appliance like the one we received.
The setup phase of our examination went flawlessly. We removed the tool from the box, racked it up and hooked up our mouse and keyboard. Then, we connected it to power and turned it on. After it booted, we were greeted by a wizard-based onboard setup program to configure the basic settings. We configured the management interface, applied our settings and waited for the device to reload. It then prompted us to complete setup from a web browser. We fired up an SC Lab PC, connected to the AlienVault and proceeded to finish the install. Once we logged in, AlienVault redirected us to its built-in setup. We followed the wizard to import our license, change the password and create an account with AlienVault. Lastly, we configured the remaining interfaces and let it scan our network for devices.
One of the USM's greatest features is its GUI. As far as management consoles go, this device takes the cake for the absolute best graphical interface we have seen. The tool is not just a SIEM, it also happens to have a work of art sitting inside waiting to be painted with your network logs. Every single page is customizable and interactive, making it incredibly easy to understand and use. The data collected by AlienVault is displayed and categorized with more charts, graphs and maps than any other product we reviewed. The USM not only analyzes logs, but it also can be configured to monitor a network tap and scan for unusually high volumes of traffic or other anomalies and report on those as well. Through a program called OTX, customers can choose to anonymously send threat data to AlienVault in exchange for the global collection of data generated by the rest of the participants. This is brought directly into the management console and provides valuable insight into malicious activity by IP and region.
For support, AlienVault offers the option at a cost of approximately 30 percent of the purchase cost. Its hours are unique: eight-hours-a-day/five-days-a-week in both EST and PST. During these hours, customers have access to telephone and email assistance. Access to a knowledge base is available 24/7.
For the price, AlienVault cannot be beat. It provides an extremely high amount of value for the money, and is easy to use and feature filled at the same time. This is definitely a device we would buy for ourselves. - SP