Overall Satisfaction with AlienVault OSSIM
Anyone who works in a K12 public school district knows you have just as many threats inside your network as outside. Think about it, what else do 7 through 12 graders have but time and curiosity? I've set this up on my perimeters at each of my high schools and middle schools, and again at the district level. My goal is to watch the traffic and devices inside each building and also across the buildings. We use it daily to monitor for unusual activity, devices, or strange "stuff" on our network.
- Scan network for anomalies once you've established a baseline.
- Excellent job of showing unusual connections or file transfers
- Excellent job of showing the health of network, congestions, etc.
- It only comes with 10 canned reports. These reports are good, but a little more flexibility would be nice. The data is stored in a database, so it is possible to roll your own reports, just very clunky.
- Log ingestion. The OSSIM product doesn't have a separate log server, so you either have to have a really, really beefy system to do both analysis and log ingestion, or just do log ingestion with something else.
- Aggregation of data. Actually, it does this really well, but if you have more then two sites, it can slow your analysis down a little.
- It's free, so a very positive impact. Most products out there are in the thousands of dollars, and for a K12 School District, money is always tight.
- It allowed me to actually gain invaluable insight.
Best bang for the buck. Darktrace did not perform even close to AlienVault. I ran them concurrently. AlienVault consistently found issues that Darktrace didn't pick up, and the Darktrace incidents were false positives. At one point, Darktrace stated I had 2,000 servers and I have 112.
FortiSIEM is an awesome package but it's more then I need (or can afford). I would need to add staff, for at least the first year or so, just to get it setup and configured correctly.
FortiSIEM is an awesome package but it's more then I need (or can afford). I would need to add staff, for at least the first year or so, just to get it setup and configured correctly.
Do you think AlienVault OSSIM delivers good value for the price?
Yes
Are you happy with AlienVault OSSIM's feature set?
Yes
Did AlienVault OSSIM live up to sales and marketing promises?
Yes
Did implementation of AlienVault OSSIM go as expected?
Yes
Would you buy AlienVault OSSIM again?
Yes