Imperva Attack Analytics, (formerly ThreatRadar), is a threat intelligence service relying on research from Imperva's Application Defense Center (ADC), integratable into Imperva's WAF solutions and able to be fed into enterprise security data.
N/A
LevelBlue USM Anywhere
Score 4.0 out of 10
N/A
The LevelBlue USM Anywhere XDR platform (replacing the former AlienVault USM) delivers threat detection, incident response, and compliance management.
I think Imperva Analytics is a super complete security tool, for now it would be great if they could add a heat map of the attacks that are coming to me versus the attacks that are being executed in real time worldwide, to know if we are being victims of a massive attack against several countries. In the same way, an improvement that they recently implemented seems good to me to bring to the comment is that they assigned us an engineer who would provide us with personalized attention from Imperva.
AlienVault Unified Security Management (USM) Anywhere is a cloud-based security information and event management solution that provides effective and affordable threat detection, incident response, and compliance management capabilities. USM Anywhere is well suited to mid-size enterprise environments operating in the cloud. USM Anywhere is also well suited to enterprises whose operations teams require easy deployment and management. Last, USM Anywhere is considered a highly affordable option compared to competitors. USM Anywhere lags competitors in several areas, such as application monitoring, database monitoring, and integrations with third-party solutions such as cloud access security brokers (CASB), DAM, DAP, and DLP.
The USM platform provides the essential security capabilities that work together for a fast and cost-effective way for organizations to have complete visibility into the security of their environment.
With the information gathered during asset discovery, USM will correlated that information with known vulnerabilities for continuous vulnerability awareness. In addition, USM contains an active scanner capable of scanning for over 30,000 known vulnerabilities.
To give better visibility into your network, and possibly detect intrusions that don’t follow behavioral patterns, we offer Netflow information, bandwidth monitoring, and traffic capture, all part of our behavioral monitoring capabilities built into USM.
USM Anywhere doesn't allow you to multi-home sensors. So if you have non-routable networks, you'll need to investigate the on-premise solution too.
You have to be on top of tuning else a constant stream of alerts will cause your SOC staff to begin ignoring alarms.
You have to be on top of tuning else you'll eat your allotment of storage for that month. It is really easy to exceed your storage quota if you don't proactively monitor log sources. USM could do a better job letting you know if a log source is too chatty.
The centralized logging and retention for PCI compliance was our main driver, and it is meeting that need. Otherwise there has been enough frustration with the lack of documentation and the need to customize through the CLI that I would be open to alternatives.
Once you are able to navigate the different panels, finding what you need is quite easily. Before getting used it it can be a bit of challenge . Each panel is quite well laid out and the filtering search capabilities are quite strong.
We do have issues with maintenance on the AlienVault USM as the disk fills up from time to time with other data sources. Sources for scanning logs and net flow data isn't calculated in regular disk maintenance and can easily fill up our disk if we do not keep an eye on it with some custom Nagios plugins. The system does properly trim logging data from logging sources properly.
With the latest release of AlienVault USM overall performance has not been an issue. We have noticed single source events per second does not scale well with the overall system. 2,000eps on a vmware system with a single source produces delays of up to an hour for us. Pages, reporting and even raw log searches are rather quick though.
Support is friendly but response time has been spotty. Also initially when we signed up there was a lot of pointing us at the documentation, which has been spotty and ad-hoc for what is supposed to be a commercial product. Overall the feel of AlienVault and the support has been of a very new and startup company that is trying to grow up out of it's open source roots, and I'm not sure if they've totally been able to make the transition to being able to meet the expectations of the enterprise customers.
I did not have any experience with "in person" training directly. The free online classes offered for a half a day are based on the actual training offered. These little teasers are very good and well worth your time to learn a few quick and dirty ways of getting more information from your SIEM
The instructor gave detailed overview and went through the labs before allowing us to attempt using them. I enjoyed the balance of time and level of instruction received. The content went deeper that usual and the lab environment was easy to use and all results were consistent. I came away from the course knowing more than i did if I had just read the course notes.
AlienVault USM was a very simple to implement and get up and running. We started with a trial version and had that up and going within an hour of receiving email instructions from the sales engineer. We never had to contact support to get the system up and going. It was extremely easy to convert over to a full license once we started with a paid version.
We chose Imperva Attack Analytics for its ability to monitor and audit database activities and its ability to scale and meet demands of the distributed environment. The solution is simple, straightforward and transparent for colleagues, and provides real-time event monitoring, audit analysis and customisable reports.
The cost of AlienVault is what sold us on AlienVault. However, considering the amount of time and effort that has gone into getting it set up and realizing that views and reports cannot be shared across groups makes it not worth the savings.
The AlienVault USM is not very scalable. Some scalability can be achieved by installing additional sensors, but this only offers 500eps per sensor and is still overall limited by the installation type of VM or physical. We have also noticed the EPS (events per second) is rated overall and not towards a single source. A single source on a very healthy VMware partition tops out at 2,000eps for us, no matter how we configure it. Maybe this is a problem of the 5.2 release?
Imperva Attack Analytics has detected multiple vulnerabilities for zero-day attacks before they were exploited. This allowed us to remediate the vulnerabilities without any downtime or financial impact.
Imperva Attack Analytics has allowed our on-premise infrastructure the same level of security provided as our cloud infrastructure.
Once you hit the 150 asset mark, you have to jump to their unlimited license. There is no middle ground. We were only 10 or so assets above the 150 so we had to chose to either not monitor those assets or pay the price of the upgrade.
AlienVault brings all the information to one place which makes it much quicker to track down problems.
