AlienVault Unified Security Management v4.4
April 25, 2014
£10,689 (hardware), plus support.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Flexible deployment model, dashboard is easy to read and modify, OTX network is a pleasing approach to collaborative security.
- Weaknesses: Numerous documentation gaps, and documentation in general can be difficult to find or follow.
- Verdict: While a subscription to the standard support option is virtually required, the product itself is quite solid.
Targeted toward organisations with smaller security budgets, AlienVault's Unified Security Management product is an excellent introductory SIEM appliance. It packs numerous features into a flexible deployment model, and grants smaller organisations the same sophisticated view into their computing environments that some of the larger SIEM players give.
As the product came to us as a rackable hardware appliance, setup was quite easy. After making the appropriate physical connections, we powered up the device and configured our basic network settings using a simple ASCII menu. We then browsed to the management web interface, where we registered the device and set up an admin user.
Running on a Debian Linux core, the solution has a number of deployment options. It is available as a hardware appliance, VMware virtual machine, or it can be deployed within the Amazon EC2 cloud. Each deployment mode is fully compatible with the others. Further, it is composed of three core components. The Sensor component is the workhorse. It performs all log collection and event detection and includes host-, network- and wireless-based intrusion detection systems, netflow data capture, Windows event collection, syslog data capture, and others. The file integrity monitor service is hosted here as well. It works as one would expect. It also performs log normalisation and SIEM event correlation functions.
The Logger component provides archival services, storing log data in a forensically sound manner to facilitate investigations and compliance requirements. Finally, the Server component performs event aggregation and correlation from data provided by all sensors, provides real-time alerts to kick off incident response procedures, and hosts the management interface and reporting dashboard. We found the dashboard, in particular, to be well built. It is easy to reorganise and modify with simple drag-and drop UI functionality.
The all-in-one appliance we were provided combines all three components onto a single piece of hardware. However, each component can be deployed individually.
AlienVault's documentation was a little spotty. While the material provided was good, it was divided into multiple documents and videos each explaining a specific feature or configuration step. We couldn't find anywhere, for example, a start-to-finish deployment guide for the hardware appliance. We found ourselves swapping between the company's user support forums and its documentation portal, reading forum posts, online PDFs and watching videos in order to complete the deployment.
AlienVault has two support tiers. Its no-cost support is available via use of community web forums. The standard support package, available for a fee, provides eight-hours-a-day/five-days-a-week phone and email assistance, as well as access to the company's web portal.
AlienVault Unified Security Management has a base price of £10,689 for the hardware appliance. The standard support option is priced at £2,139.
Prices are US-based, thus indicative only.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- The information security implications of M&A deals
- Cyber-security must reflect risk not just regulation
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success