Illumio ASP vs AlienVault USM For Continuous Security Monitoring

Posted by UpGuard

It's been said many times before, but is always worth repeating: enterprises need a layered approach to security for combating today's cyber threats. Illumio ASP and AlienVault USM provide just that: working in conjunction with traditional security solutions like firewalls and IDS/IDPS solutions (or in USM's case, providing its own), the two platforms further smooth the attack surface area with features such as policy-based controls, security analytics, and crowd-sourced threat intelligence, among others. Let's see how they stack up in this comparison.

Illumio Adaptive Security Platform (ASP)

Illumio—as its name implies—focuses around what the firm refers to as "illumination," or the understanding and visualizing of application and workload relationships. modeling/testing security policies, and identifying/alerting on threats behind the firewall. Illuminations essentially creates a live interactive map of all application traffic, displaying any policy violations across data centers.


Illumio ASP dependency modeling. Source: ITBusinessedge.com.

Additionally, Illumio ASP shifts its security focus on workloads as opposed to environments. Agents are installed on all managed nodes, applying policies to workloads from the policy engine. This gives firms an agile and resilient security model, effectively delivering network security without the network.

AlienVault Unified Security Management (USM) Platform

Alienvault USM packs a myriad of security tools and capabilities into one comprehensive platform: SIEM, Host-based Intrusion Detection Systems (HIDS), Network IDS, Wireless IDS, automated asset discovery, vulnerability scanning, netflow analysis, and log management, among others.

AlienVault USM dashboard. Source: AlienVault.

Crowdsourced security intelligence is a central component of AlienVault USM, as the platform utilizes what is purportedly the world's largest crowdsourced threat data networkthe AlienVault Open Threat Exchange— for informing its security mechanisms.

Side-By-Side Scoring: Illumio ASP vs. AlienVault USM

1. Capability Set

Illumio breaks with infosec tradition by focusing on workload-based, policy-driven security; as such, the product does not offer typical features such as firewalling or packet analysis. The firm is for the most part betting the bank on "illumination" while AlienVault USM features a wide variety of common enterprise security tools rolled into one offering. The latter features crowdsourced security data provided by the AlienVault OTE for ongoing, continuously updated threat intelligence. 

Capability Set
Illumio ASP
AlienVault USM

2. Ease Of Use

AlienVault USM's web-based management GUI is logically laid out and organized, with every page customizable and interactive. Setup is wizard-driven, from getting the main appliance up and running to pushing out agents to all devices under management. Illumio ASP uses a non-traditional approach to security and may present a steeper learning curve.

Ease Of Use
Illumio ASP
AlienVault USM star5.png

3. Community Support

A search on AlienVault USM yields more customer-based resources and discussions online than Illumio ASP. This isn't surprising, as the latter is marketed (and priced) as an SMB solution and has been on the market longer. That said, both solutions are commercial products with ample vendor-provided support resources available on each company's respective website. AlienVault in particular has a vibrant, active customer base/following, and its community web forums are a common source of knowledge around its suite of offerings.

Community Support
Illumio ASP star5-2.png
AlienVault USM star5.png

4. Security and Surface Attack Probability

Illumio ASP has no documented vulnerabilities per the CVE database, while AlienVault USM has 1. Additionally, USM's built-in SIEM is based on the Open Source Security Information Management (OSSIM) platform, which itself has 21 CVE entries.

Earlier this year, Alienware's perceived slow reaction time to reported XSS, SQLi, and command execution vulnerabilities in the USM product made some headlines.

Security and Surface Attack Probability
Illumio ASP star5.png
AlienVault USM star2-1.png

5. Release Rate

Though founded in 2013, Illumio has only had about a year on the market thus far with its ASP offering. AlienVault USM released its 5.2 version in October 2015 and its venerable OSSIM SIEM tool is currently at version 5.0.3.

Release Rate
Illumio ASP
AlienVault USM star2-1.png

6. Pricing And Support

Again, AlienVault is designed to be an all-in-one security solution—and is priced for SMBs and mid-market organizations looking to receive as much bang for the buck. Pricing starts at around $3,900 per appliance. Illumio ASP is priced per virtual enforcement node/per use, so overall pricing can get costly in large environments.

Pricing and Support
Illumio ASP
AlienVault USM star4.png

7. API and Extensibility

Illumio ASP provides a RESTful API for automating security deployments, integrating with tools like Puppet, Chef, and Ansible for remediation. AlienVault USM also provides an open API—or what it calls its Open Extension API—for integrating additional data sources and vendor devices.

API and Extensibility
Illumio ASP
AlienVault USM star2-1.png 

Top 10 Red Hat Enterprise Linux 5 Security Checks

8. 3rd Party Integrations

Much of AlienVault USM and OSSIM's functionality comes from 3rd party integrations; open source tools like Snort, nmap, Ntop, and OCS, among others give the platform considerable breadth in security monitoring capabilities. As with most startups, Illumio has approached 3rd party integrations on a case-by-case basis—with the most recent being support for Docker in the Mesosphere Data Center OS (DCOS).

3rd Party Integrations
Illumio ASP star2-1.png
AlienVault USM star2-1.png

9. Bug Bounty Program

Neither Illumio or AlienVault have instituted bug bounties, despite leadership's admission that bug bounties "are probably a good idea."

Bug Bounty Programs
Illumio ASP star2-1.png
AlienVault USM star2-1.png

10.  Companies That Use It

Illumio counts Morgan Stanley, Plantronics, Creative Artists Agency, Yahoo, and NTT I3 as some of its customers. AlienVault USM customers include Ubisoft, Pepco Holdings, Peets, The New York Times, and a legion of SMBs.

Companies That Use It
Illumio ASP
AlienVault USM star5.png 

11.  Platform Supported

Illumio ASP supports both Windows and *nix-based workloads in any hypervisor/cloud environment, while AlienVault USM has rather specific requirements for its security appliance. Specifically, its virtual appliances are only supported on VMware ESXi 4.x/5x.

Platforms Supported
Illumio ASP
AlienVault USM star2-1.png

12.  Learning Curve

Networking and security professionals with some experience managing basic security tools like SIEMs and HIDS will find AlienVault USM easy to comprehend. In contrast, Illumio ASP's novel approach to security has a steeper learning curve—because the platform enables nano-segmentation of enterprise applications down to individual processes on workloads, learning how to fine-tune and configure this security minutiae is no trivial task.

Learning Curve
Illumio ASP star2-1.png
AlienVault USM star2-1.png

Scoreboard and Summary

The following is the scoreboard for Illumio ASP vs. AlienVault USM based on the 12 criteria listed above:

       Illumio ASP     AlienVault USM
Capability Set    star2-1.png  
Ease Of Use    star2-1.png  
Community Support    star2-1.png  
Security and Surface Attack Probability     star2-1.png   star2-1.png
Release Rate    star2-1.png   star2-1.png
Pricing And Support    star2-1.png   star2-1.png
API and Extensibility      star2-1.png
3rd Party Integrations   star2-1.png   star2-1.png
Bug Bounty Program    star2-1.png   star2-1.png
Companies That Use It    
Platforms Supported     star2-1.png
Learning Curve    
Total   42   48
Average Score    

In summary, AlienWare USM is appropriate for budget-minded organizations in need of a competent, comprehensive platform for continous security monitoring. On the other hand, Illumio ASP can provide enterprises with existing/traditional security mechanisms already in place with a dynamic, declarative software-based protection layer to further smooth the attack surface. In either case, for continuous security monitoring and vulnerability assessment, ScriptRock is the platform to beat. Try it today, the first 10 nodes are on us. 

Get your free Continuous Security Ebook

Source(s):

http://www.scmagazine.com/illumio-adaptive-security-platform-asp/review/4414/

http://www.zdnet.com/article/alienvault-ossim-usm-platform-vulnerabilities-exposed/

http://www.darkreading.com/risk/alienvault-launches-usm-52-for-data-security-compliance/d/d-id/1322585

http://www.scmagazine.com/alienvault-unified-security-management-usm/review/4375/

https://www.alienvault.com/doc-repo/usm/setup-and-configuration/AlienVault-USM-4.x-5.x-System-Requirements.pdf

UpGuard customers