I use the solution for my project.
Student at a educational organization with 1,001-5,000 employees
Free to use and can be set up yourself but is complex to set up
Pros and Cons
- "The solution is free to use."
- "It's so hard to configure and explore something new on it."
What is our primary use case?
What is most valuable?
The solution is free to use.
What needs improvement?
However, I have found a lot of issues in general that have given me problems. For example, their stability is not great.
There is no alarm in my system, so I don't know if that's something right, or if there is nothing attached to my system. It's like there is no alarm in my system.
It's so hard to configure and explore something new on it.
It is not easy to find the steps we need to follow in order to use the solution effectively.
For how long have I used the solution?
We've been using this solution for one month. We might use it for three months or so.
Buyer's Guide
AlienVault OSSIM
November 2024
Learn what your peers think about AlienVault OSSIM. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,562 professionals have used our research since 2012.
What do I think about the stability of the solution?
I have not found the stability to be very good. It's not, for example, showing any alarms.
How are customer service and support?
I cannot speak to technical support. I've never used them.
Which solution did I use previously and why did I switch?
We did not previously use a different version of the solution.
How was the initial setup?
The solution is complex to set up. It is not straightforward.
What about the implementation team?
I set up the solution myself without the help of outside assistance.
What's my experience with pricing, setup cost, and licensing?
We are using the free version of the solution.
What other advice do I have?
I'm an end-user of the product.
I'd rate the solution five out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Information Security Manager at a financial services firm with 201-500 employees
A cost-effective, stable solution that offers timely technical support
Pros and Cons
- "You pay monthly for the solution. I think it's one of the best products. If you compare with other companies, like LogRhythm, etc., the top 8 or 10 CMs, I think Alien Vault has the best price-performance ratio."
- "The user interface could be improved."
What is most valuable?
AlienVault's features are all quite valuable. Using the CM to get post pay logs and lateral pay logs to a connection is also helpful.
What needs improvement?
The biggest thing I always complain about is that the user intake is a very old version. In cloud versions, it is very good, but for on-premises versions, it's not so good. If they want to improve the on-premises version, they should upgrade the SQL.
The user interface could be improved.
For how long have I used the solution?
I've been using the solution for 18 months.
What do I think about the stability of the solution?
The solution is very stable. We've never had any availability issues. Our consultant used a 12 core CPU, but he only used half of it.
What do I think about the scalability of the solution?
From a scalability perspective, it's very good software. It is very scalable because it has a very flexible architecture. You can connect one source in one server, and then you can connect four additional ones off that. You can put one on in front of it and you can put four under it and you can put four each off of that, etc. It's pretty open to scalable architecture.
How are customer service and technical support?
Technical support was very good. They've always responded on time.
How was the initial setup?
The initial setup wasn't too complicated. We didn't have any problems.
What about the implementation team?
We implemented the solution with the help of a consultant.
What's my experience with pricing, setup cost, and licensing?
You pay monthly for the solution. I think it's one of the best products. If you compare with other companies, like LogRhythm, etc., the top 8 or 10 CMs, I think AlienVault has the best price-performance ratio.
What other advice do I have?
We use the on-premises deployment model.
I would rate the solution nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
AlienVault OSSIM
November 2024
Learn what your peers think about AlienVault OSSIM. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,562 professionals have used our research since 2012.
Cybersecurity Architect at DataAssure
It is free, powerful, and user-friendly with a well-integrated dashboard
Pros and Cons
- "Its user-friendliness is the most valuable. It is very easy to use and explore. The dashboard is very well packaged and integrated. You don't have to spend a lot of time in configuring it and checking out the RPM etc. It is also free and very powerful."
- "They can add more compliance templates."
What is most valuable?
Its user-friendliness is the most valuable. It is very easy to use and explore. The dashboard is very well packaged and integrated. You don't have to spend a lot of time in configuring it and checking out the RPM etc.
It is also free and very powerful.
What needs improvement?
They can add more compliance templates.
For how long have I used the solution?
I have been using AlienVault OSSIM since 2015.
What do I think about the stability of the solution?
It is a quite stable product.
What do I think about the scalability of the solution?
It is perfectly scalable. We have ten in-house users.
Which solution did I use previously and why did I switch?
I have used Splunk. AlienVault OSSIM and Splunk differ mainly in price. In Splunk, we need to do the correlation ourselves. Alienvault OSSIM is more user friendly. I don't have to learn a particular SQL language to do a query. It provides a new way of creating a query for any security event or management.
How was the initial setup?
The initial setup is very straightforward. It doesn't take more than 15 minutes, and you are done.
We predominantly deploy it on-premises. We have a few deployments on the cloud, but our focus is primarily on the on-premises deployments.
What's my experience with pricing, setup cost, and licensing?
AlienVault OSSIM is free.
What other advice do I have?
It is a very good solution. It is already more than adequate. It is a perfectly nice and free tool for compliance testing, assessment, and some basic vulnerability.
I would advise upgrading to its paid version, USM, to get more features. It's well worth the money because of the provided threat intelligence, support, and training. When you upgrade to the paid version, you enjoy all these features. OSSIM doesn't have all these features because it is a freeware.
AlienVault OSSIM is backed up by AT&T Cybersecurity, which is a Fortune Top 20 company. When you upgrade to the paid version, you also get support from AT&T, which is good.
I would rate AlienVault OSSIM a nine out of ten. I'm very happy with this solution. It is a great product.
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Co-Founder at Besafe Technology
Data correlation and vulnerability assessment help protect our customers against malicious activity
Pros and Cons
- "The most valuable features of this solution are the data correlation and vulnerability assessment."
- "The price of this solution is very high and it could be cheaper."
What is our primary use case?
We are a solution provider and this is one of the products that we implement for our clients.
Our clients use this SIEM solution to collect and analyze logs that are generated by different appliances or different machines. It is a correlation tool for event management that gathers all of the events in your environment. This includes different hardware and different operating systems. There are rules in AlienVault that might be triggered based on the logs, and you can tell when there is a security attack or something else that is malicious that comes to your network. These types of events raise a flag and send a notification.
Our clients include banks and other financial institutions.
There are two versions of AlienVault. One is a community edition and the other requires a license. We are dealing with the licensed version and a hybrid-cloud environment.
What is most valuable?
The most valuable features of this solution are the data correlation and vulnerability assessment.
What needs improvement?
The price of this solution is very high and it could be cheaper. Normally it is sold to financial institutions, which is why it is high.
For how long have I used the solution?
I first implemented this solution in 2012, seven years ago.
What do I think about the stability of the solution?
This solution is very stable. It runs on a Linux box and you only interface with it through the GUI. It works behind the scenes. It has never crashed in the time that I have used it.
What do I think about the scalability of the solution?
Scalability is very good. It integrates with a number of other products, such as the help desk.
How are customer service and technical support?
Technical support for this solution is very good. They are now owned by AT&T Security, and their people do a pretty good job.
What about the implementation team?
We implement this solution for our customers.
We have a team of twenty engineers. Some work on infrastructure, while others handle security products. I am the head of the security team.
What's my experience with pricing, setup cost, and licensing?
There are two versions of AlienVault available. The Community Edition is free, and the other version requires a license. The licensing fees for the non-community edition are paid on an annual basis, and there are no costs in addition to this.
What other advice do I have?
There is a cloud version of this solution available, called AlienVault USM Anywhere, which defends data that is outside of the premises.
The OSSIM version is an open-source product, unlike AlienVault USM, or the cloud version, AlienVault USM Anywhere. You have to rely on the community for support. If you are a business or a bank or a financial institution then it would be better to go with the licensed version. You get support 24/7, while with the community you cannot find this support. On the other hand, an individual who is using it and can handle the issues should go with OSSIM because it's almost free. As long as you can handle problems, such as when it stops working, that you can fix over a couple of days or during the weekend, then it is fine.
I would rate this solution a ten out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Administrator at a tech services company with 51-200 employees
Need to focus on providing better visibility to users but is useful for threat detection
Pros and Cons
- "The product is majorly used for threat detection of the agents on servers and endpoints."
- "AlienVault OSSIM failed to provide our company a full insight, while also giving out a lot of false positives."
What is our primary use case?
I use the solution in my company. The product is majorly used for threat detection of the agents on servers and endpoints. We use Elasticsearch's dashboard. Whenever we check the traffic routing, events, alarms and notification, we also have the dashboard from Elasticsearch that helps us put them in a mode category.
What needs improvement?
Honestly, I don't know what can be improved in the product. I am trying to get a comparison between AlienVault OSSIM and the other solutions in the market. AlienVault OSSIM failed to provide our company a full insight, while also giving out a lot of false positives. The tool has certain areas where improvements are required.
For how long have I used the solution?
I have been using AlienVault OSSIM for two years. I am a user of the solution.
What do I think about the stability of the solution?
Stability-wise, I rate the solution a three to four out of ten.
How are customer service and support?
I did not use the solution's technical support.
Which solution did I use previously and why did I switch?
I work with Wazuh and Nutanix, but before AlienVault OSSIM, I have not worked with other products.
What's my experience with pricing, setup cost, and licensing?
I used the paid version of the tool and found it to be expensive. It has been a while since I changed to Securonix. I will have to check whether AlienVault charges per device, user, or log.
Which other solutions did I evaluate?
I am checking out to see if there are other better solutions in the market that can give me what I want because I need to sell them to other customers. I work with Wazuh myself, but I am looking at other products to figure out which ones are better if I want to start out with something new. I am making a comparison of SIEM, SOAR, and SOC solutions to see which one is better and what the advantages or the pros and cons of each of the tools in the market are. If the customer says that the price is his or her problem, I know which product to offer them.
What other advice do I have?
I have not had a good experience with AlienVault OSSIM.
To be able to support our company's compliance efforts, I got to add Elasticsearch to ensure that we get the maximum results from the solution. We have broken down AlienVault and Elasticsearch and moved to Securonix.
I have used the tool's SIEM component.
I have not really used the product's integration capabilities, especially since I remember that we had faced some challenges with them in the past.
I rate the tool a five out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Aug 9, 2024
Flag as inappropriateOwner & Cyber Security Consultant at Sekurisor
Great solution for checking vulnerabilities, and it's free to use, but the initial setup is a bit tricky
Pros and Cons
- "The open vault component and the checking of vulnerabilities are the most valuable features. The page management helps with this. If you know how your device is vulnerable at least you can do something about it."
- "The initial setup was a bit complex. You've got to do a lot of reading. It's not an intuitive implementation."
What is our primary use case?
We primarily use the solution just to check on devices. OSSIM does a lot of different things to help with this, including a bit of analytics, vulnerability testing, assessment, etc.
What is most valuable?
The open vault component and the checking of vulnerabilities are the most valuable features. The page management helps with this. If you know how your device is vulnerable, at least you can do something about it.
What needs improvement?
It's not easy to add a device that doesn't have a steady IP. Particularly when you're not putting a sensor on-site. When you have a sensor on-site, then that sensor speaks to the main sensor. We are trying to look for quality devices that give a dynamic IP, so it makes it practically impossible to add a new device.
If there was a way to do dynamic DNS, I think that would help.
For how long have I used the solution?
I've been using the solution for almost one year.
What do I think about the stability of the solution?
The stability of the solution is fine.
What do I think about the scalability of the solution?
Scalability can be a bit tricky, especially for network devices. We have about 150 devices on the solution right now that I am monitoring.
Which solution did I use previously and why did I switch?
We didn't previously use another solution.
How was the initial setup?
The initial setup was a bit complex. You've got to do a lot of reading. It's not an intuitive implementation. The deployment didn't take a long time, however.
What about the implementation team?
I handled the implementation myself.
What's my experience with pricing, setup cost, and licensing?
The solution is open-source, so it's free to use.
Which other solutions did I evaluate?
We did evaluate another solution.
What other advice do I have?
We use the cloud deployment model. I have a server that I subscribe people to.
I would advise others to consider, if they get more customers, to do the commercial version the OSSIM from AlienVault. It's now part of AT&T, so there's a lot of support.
I would rate the solution seven out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
CISO at a recreational facilities/services company with 501-1,000 employees
Provides threat alerts on harmful code in the network
Pros and Cons
- "The threat alerts it gives me from time to time on harmful code within the network, or if they are generating any network traffic, are very useful."
- "It takes some time. It does not give me a prompt response for any such [malicious] traffic. It takes time to get that alert from the AlienVault system."
What is our primary use case?
I use it for monitoring. I use it for getting alerts on various malicious activities, if there are such on my network. I'm using the free version of this product, OSSIM.
As a media company, we follow MPAA, which is a set of controls for media businesses. The other set of compliance that we follow is DPP. We use AlienVault to comply to their standards.
How has it helped my organization?
We have various media organizations from which we get data into our network and then it goes out. If you put any control, any device, or anything to sense the traffic, it will say that it's malicious traffic, because of the nature of most of the traffic that we generate. We usually upload or download TV shows or films, they go in and out. The same size of IP packets increase because of the kind of transfer that we do.
In addition to that, we also are into broadcasting. We send the data to broadcasting stations, and from there it gets broadcasted on air.
It has really helped find critical vulnerabilities in our network at times. There was a brute force attack, a web attack, and I was able to discover that using AlienVault. There was a WannaCry in one of my systems, a trojan, and it was generating traffic towards the WannaCry domain. I was able to see that through the AlienVault system. It was not immediate. It was after almost three days that I was able to discover that there was a vulnerability within our network.
What is most valuable?
The threat alerts it gives me from time to time on harmful code within the network, or if it is generating any network traffic, are very useful. However, it takes some time. It does not give me a prompt response for any such traffic. It takes time to get that alert from the AlienVault system.
I'm using it for discovering assets every day. If there are any changes in my network, I give it additional subnets which have been added. It adds all the assets to my dashboard.
What needs improvement?
I find it very useful when it is for a small or mid-size enterprise. The problem I see in this product is that it is not meant for a large business or for managing critical business services.
AlienVault-like products are not meant for businesses like the banking sector or insurance and places that require strong regulatory compliance, in my experience, because of delays in response. And sometimes it is very complicated to configure this for specific requirements. Writing APIs, etc. takes time. On the other hand, if you look into other products in the market, it's easy to write APIs or integrate them with other database services or middleware and your application layer services, and get the alerts.
It does not help me to respond to the threats all the time. That's why we are also working with Splunk. Splunk is used by one of our service providers and we can directly ask them to use Splunk instead of any other SIEM solutions.
For how long have I used the solution?
More than five years.
What do I think about the stability of the solution?
I find it to be stable. That's why I'm using it. Given that it's free of cost, whatever it gives us is more than enough.
What do I think about the scalability of the solution?
I haven't explored scalability very much but the scalability is open. It's scalable up to a level where we can manage a mid-size business. As I said earlier, it is not suitable for the banking sector at all, because they require stringent controls and monitoring, real-time monitoring, which this tool doesn't have; at least, I haven't seen it. Perhaps it's my bad that I haven't seen this tool give me a proper response, on time. It takes time for it to give a response.
Which solution did I use previously and why did I switch?
I've used and evaluated QRadar vs AlientVault very extensively - I was working with IBM. I used it for ten years. I used and have compared ArcSight vs AlienVault as well, at my previous organization. At that organization, I also deployed AlienVault because I am comfortable with AlienVault.
Those competitors to AlienVault are very user-friendly, their interfaces are very user-friendly. They have multiple options such as generating reports and getting immediate alerts.
If somebody changes the privileges in the system or some code changes the privileges in the system, AlienVault is lacking there. Machine-learning and artificial intelligence are things that AlienVault should explore. If those were added to it, no product could replace it.
How was the initial setup?
My setup is very complex. The network is segmented and configured differently for different customers.
The initial deployment started around two years ago. It took around one-and-a-half years to make this product stable and to talk to each and every device in my network and give me some sort of report which would actually give me the right posture of my security status. I did the complete deployment myself.
The implementation strategy was there and that's why it took a long time. We were also engaged in other business activities, so it took a long time to make this into a proper deployment.
What about the implementation team?
We didn't have any third-parties involved. It was all mine. I started with the web, through YouTube, through various other social media, and a couple of people who used it earlier. I now have several years of experience. That has helped me a lot in getting this deployed.
What was our ROI?
There is a financial value. It's giving me some value and I've already had a good amount of results on AlienVault products. I deployed it at multiple stations, three or four cities in India, two in the US, and one in the UK. I have deployed it widely because I find that it gives value for money. If I got the paid version at the right cost, I think it would be the best product available in the market for a business like ours.
What's my experience with pricing, setup cost, and licensing?
A product like Splunk will squeeze you for money if you ask them to provide similar services. So I find this solution very useful in that sense.
AlienVault pricing is the best. Whatever cost you are paying, you are getting a return on every penny. I have advised multiple friends of mine, those who are into the security arena, to go for AlienVault. It's not like your IBM, your QRadar, or Splunk, where the cost is too high.
What other advice do I have?
If your network is flat, if it is not that complicated, then you should go for it. I'm using it free of cost, so I'm very happy with AlienVault.
I'm the only one who's controlling it. I have a team of five. They are my soft team. They monitor all the alerts 24/7. It takes a team of five to maintain it. I lead the security section and among the other five, two are network specialists and three are system administrators.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Co-Founder and Director - Information Technology at Techneow
Good architecture, excellent threat policies, and very stable
Pros and Cons
- "The threat policies of the solution are always very advanced and the best in the market. They are very persistent in terms of keeping up with security protocols."
- "There needs to be more support or some kind of training program so users can self-learn the system more effectively."
What is our primary use case?
We implemented the solution for one of our client's e-commerce spaces. Our customer wanted to monitor the complete security posture.
What is most valuable?
We really like the solution's architecture. There's a logon, clients, an agent, and then the server. All of these were deployed in a multilayer architecture.
The threat policies of the solution are always very advanced and the best in the market. They are very persistent in terms of keeping up with security protocols.
What needs improvement?
The pricing of the solution needs to be improved.
There needs to be more support or some kind of training program so users can self-learn the system more effectively.
For how long have I used the solution?
I've been using the solution for three years.
What do I think about the stability of the solution?
The stability is quite good. There's no hindrance to the user. It's reliable and doesn't seem to have any bugs or glitches.
What do I think about the scalability of the solution?
The scalability is something I wouldn't be able to comment much on. Since it was on-premises setup, and there was no such dynamic need from the customer in terms of expanding.
There's a team of seven currently working on the solution. Our overall monitoring was divided into three sections. One is a network monitoring, and then there are apps monitoring and monitoring the storage.
We're not involved in the engagement anymore, so I haven't heard if the client has plans to increase usage, however, due to its general limited scalability as hardware, I don't think that they would.
How are customer service and technical support?
We were in touch with technical support a bit when we were doing the implementation. The training and knowledge they provided was minimal and usually through email. We struggled a bit.
Which solution did I use previously and why did I switch?
We were pretty limited to AlienVault with this particular client. They needed something on-premises and didn't want to look at cloud options. We've used QRadar and Sentinal in the past, however, for this customer, we decided AlienVault was best.
How was the initial setup?
The initial setup was a bit complex. That may have been multiplied by the fact that there was a lack of skills on the team. If they had more training, it probably would have been a bit easier or more straightforward.
Deployment took us almost two months, including having to set up all of the infrastructure for it. We worked with about 140 monitoring devices. It wasn't too large of a setup. The client wanted us to build and operate something a bit more modern than their older setup. We worked with them to set up a complete 24/7 soft center on-premise.
The entire setup and deployment took about four months, and that included not just the IT part but the work area as well. We had to secure the room, put in power, supply air conditioners, etc. That's a pretty standard setup in terms of the physical space.
We had four people working on the deployment, one of which was a very senior professional with 20+ years of experience.
What about the implementation team?
We had one internal consultant who did the entire implementation for us.
What's my experience with pricing, setup cost, and licensing?
I'm not sure what the cost of the solution is. It may be in the ballpark of $60,000 to $100,000.
What other advice do I have?
We're just customers. We don't have a business relationship with the product.
We're using the enterprise edition of the solution, the MSSP edition, however, I'm unsure which version it is we're currently on.
Typically, we get requests for QRadar, AlienVault, or Sentinal. QRadar and AlienVault are the top choices for the most part, and we work with both. We try to accommodate our client's preferences.
I'd rate the solution overall at eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free AlienVault OSSIM Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Security Information and Event Management (SIEM)Popular Comparisons
Splunk Enterprise Security
Microsoft Sentinel
IBM Security QRadar
Elastic Security
LogRhythm SIEM
Rapid7 InsightIDR
Fortinet FortiSIEM
Securonix Next-Gen SIEM
USM Anywhere
ManageEngine Log360
Google Chronicle Suite
ManageEngine EventLog Analyzer
ArcSight Enterprise Security Manager (ESM)
Buyer's Guide
Download our free AlienVault OSSIM Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- Which is the best SIEM solution for a government organization?
- What is the difference between IT event correlation and aggregation?
- What Is SIEM Used For?
- What Questions Should I Ask Before Buying SIEM?
- RSA-EMC vs. other SIEM products?
- What are the pros and cons of internal SOC vs SOC-as-a-Service?
- Between AlienVault and LogRhythm, which solution is suitable for Banks in Gulf Region