This solution is very similar to most of the other MSSPs that you would find out there. When I look at use cases, AlienVault was initially aimed at small to medium businesses. It grew, and that was one of the things that AT&T aimed to do with it: to ensure they could scale the properties of AlienVault. The uniqueness of AlienVault is in its use of something called OTX, the Open Source Threat Exchange. LevelBlue and AT&T as partners have continued with OTX, an open-source threat exchange based on the premise that a rising tide lifts all boats. So, if you see something on the defensive side, you want to tell everyone. It is a place to exchange information open source there, and it has hundreds of thousands of users all over the planet. They also take in data from other agreements they have and aggregate information from across the Internet, which they incorporate back into not only OTX but also their MSSP products. They use that as they produce products that can be run basically for a low cost. A small, medium-sized business can hire AT&T, now LevelBlue, to manage all their small business functions, costing next to nothing compared to hiring an IT or dedicated security team. As they scaled that, of course, it becomes more challenging. So with the larger sets, they are doing the same thing but on a much larger scale. Everything they do now is cloud-based, offering services from the cloud.
The area for improvement is a lot. When I started using it on our enterprise side, the issue we faced was, for example, if we were running at that time on AlienVault OSSIM v5.7.4. So, for some orders, we had to install some packages, and when we tried installing that package, some dependencies got upgraded to a new version. Now once that dependency got upgraded, the SQL, since you might be aware that OSSIM uses SQL database, now SQL and all the dependency in everything was not on the same version, and that caused the database to crash. The aforementioned area should be eased out by upgrading the patches and upgrading dependencies. This kind of thing is a disadvantage of OSSIM, and I would like them to work on this. But I have also raised service requests many times and gave it a push on the community section too. However, since it is a local source, they don't reply much over there. That is why I don't like to work on OSSIM because it is unpredictable. Once the storage goes above 50 percent, it starts behaving unpredictably. If you get stuck with a situation, then you need to drill a lockdown into that. Sometimes you get no luck. Then you have to just reimage the server with the new fresh OS of AlienVault. As for additional features, not much because if you move to the newer version, it is kind of getting more stable. But, to make my life easier, then I would say try to give more features. I know it's open source, so they also cannot provide me with more features. But still, if they can provide me with more features because right now it's becoming old. Right now, we are even moving from SIEM to Security Data Lake. So when we move to it, this will be literally outdated. No one can even expect anything out of it. The way security is moving, it will be outdated very soon. They have to also provide something new to keep this going for the future also.
