AlienVault SOAR is an automated cybersecurity response product. To be clear, AlienVault is a fully SaaS-driven Security Automation Orchestration and Response (SOAR) solution. AlienVault offers a single event dashboard, the ability to see threads and take action, event management, and extensive monitoring. While there are many SOAR solutions to choose from, we confidently recommend AlienVault, and implement it for clients every day. While AlienVault was recently purchased by AT&T, we haven’t noticed any changes in product quality or customer experience. Here’s a quick guide.
What is AlienVault SOAR?
AlienVault is a Security Automation Orchestration and Response product. AlienVault automates your company’s response to an intrusion threat. This automation makes it possible to respond to the hacker or threat faster and more effectively.When efficiently implemented, AlienVault allows you to orchestrate your entire security architecture from a single view. And during an attack, AlienVault automatically prioritizes threats across on-premise data centers, cloud data centers, and SaaS applications.What types of companies choose AlienVault?
We recommend AlienVault for companies with small IT teams, maybe 3-10 IT employees.What is AlienVault pricing?
AlienVault pricing is simple with three monthly pricing plans: $1075/month, $1695/month, and $2595/month. Generally, our clients opt for the $1695 per month price. Why? Most of our clients also have legacy security tools and solutions. At this middle price point, AlienVault offers integration with Cisco Umbrella, Carbon Black, Palo Alto Networks, and other data networks.What types of devices can AlienVault monitor?
AlienVault monitors a wide array of devices, accounts, and apps. Per AlienVault:“AlienVault HIDS allows you to run integrity checking without agents installed on hosts, network devices, routers, firewalls, or switches. Agentless monitoring detects checksum changes in files or runs diffs to shows what exactly has changed.”
What is AlienVault SIEM Architecture?
AlienVault uses Linux-based OSSIM, per Wikipedia:“OSSIM (Open Source Security Information Management) is an open source security information and event management system, integrating a selection of tools designed to aid network administrators in computer security, intrusion detection and prevention.”
AlientVault OSSIM vs USM
Both AlienVault OSSIM and USM offer the SOAR basics, including event collection, normalization, and correlation. For more advanced functionality, USM Anywhere adds monitoring of data center environments, log management, pre-configured correlation rules, and various pre-built templates. Per AlienVault:“For organizations that are looking for a more complete solution to security monitoring, AlienVault Unified Security Management (USM) delivers additional functionality that provides everything needed for effective threat detection, incident response, and compliance management — all in a single pane of glass.”
What are some AlienVault requirements?
The minimum system requirements are: 2 CPU cores, 4-8GB RAM, 250GB HDD, and E1000 compatible network cards — though 8 CPU cores, 16-24GB RAM, and larger HDDs are recommended. In addition, AlienVault OSSIM “does not support paravirtualization, and requires full virtualization from network and storage.” For more complete documentation, visit the AlienVault OSSIM Installation Process.Plus, AlienVault does have appliance hardware requirements for sufficient performance. For more complete documentation, visit the USM Appliance Deployment Requirements.What is an AlienVault graylog?
Per AlienVault:“The Graylog Extended Log Format (GELF) is a log format designed to overcome many of the limitations of standard syslog. It is a great solution for applications because it provides more robust logging support — larger payloads, compression, and chunking — and developers can leverage libraries and appenders for many programming languages and logging frameworks.All of the USM Anywhere Sensors use the Graylog (GELF) app, which passively listens to the Graylog UDP port 12201 and collects the GELF log data for processing.”
