AlienVault Unified Security Management (USM) - SIEM Product Overview and Insight

Monday Jun 5th 2017 by Drew Robb
Share:

We review AlienVault Unified Security Management (USM), a lower-cost SIEM option thanks to its open source Open Threat Exchange (OTX).

See our complete list of Top 10 SIEM Products.

Company Description: AlienVault develops commercial and open source cybersecurity tools. Its Open Threat Exchange (OTX) is a crowd-sourced computer-security platform with more than 26,000 participants in 140 countries. Founded in 2007, it has raised $116 million. 

Product description:  AlienVault Unified Security Management (USM) provides SIEM, vulnerability assessment (VA), asset discovery, network and host intrusion detection (NIDS/HIDS), flow and packet capture, and file integrity monitoring (FIM), as well as centralized configuration and management. An AWS-native version is also available. Open-source components are part of USM buyers.

Markets and use cases: The AlienVault USM platform should be considered by organizations that need a broad set of integrated security capabilities at relatively low cost for on-premises and AWS environments.

Metrics: AlienVault Labs leverages community-sourced threat intelligence from OTX. It enables collaborative defense with ready-to-use threat data from a global community of over 50,000 security information and IT professionals. USM can deal with EPS rates of up to 15,000 depending on the product. Throughput rates top out at 5,000 Mbps.

Security qualifications: PCI DSS, HIPAA, SOx and Common Criteria. 

Intelligence: Sharing of one million potential threats daily.

Delivery: AlienVault USM is available as both a virtual and hardware appliance, as well as in the cloud. The sensor, logger and server components of USM can be deployed combined in one system (all-in-one architecture), or as separate servers in horizontal and vertical tiers to scale to diverse customer environments.

Agents: A lightweight agent runs on each monitored host, tracking any changes made to critical system files, configuration files, log files, registry settings, and even important content files. The agent collects this information and sends it to USM for evaluation and correlation with other environmental data and threat intelligence.

Pricing: AlienVault provides open-source SIM (OSSIM) as a free, open-source version of USM with a reduced feature set. The commercial version of AlienVault USM includes scaling enhancements, log management, consolidated administration and reporting, and federation for MSSPs. AlienVault offers a simplified licensing model based on utilized appliances, rather than based on event volume or the number of event sources. In addition, the company offers a subscription-based threat intelligence service consisting of correlation directives, IDS signatures, vulnerability checks, reports and response templates.

Share:
Home
Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved