Acunetix by Invicti vs AlienVault OSSIM

• Fast.
• Easy-to-use.
• Great customer support.
• Reporting features.
• Supports importing state files from other popular application testing tools.
• Has other features built-in beyond just scanning for vulnerabilities.

Read full review

• Asset discovery. Once installed in a centric, network-accessible server, OSSIM can poll all your endpoints with common protocols (SSH, SNMP, WMI) to detect and discover site-wide assets to monitor. You only need to group them by your own criteria once added to the product.
• SIEM Event Correlation. You can define quite complex correlation rules to detect possible suspicious or malicious actions or attempts in your network, in order to categorize them as real threats or as false positives, thus streamlining your risk assessment and management.
• Ease of installation. The entire AlienVault OSSIM is self-contained in an ISO file, which can be burned into a DVD or just mounted in your server of choice (physical or virtual) for deployment. The installation process is automated and quote verbosed, with options for static IP, email messaging and others.
• Ease of access. Being AlienVault OSSIM a self-contained appliance, it can be accessed via web by any device that supports a web browser, being that desktops, workstation, mobile devices, etc. The OSSIM dashboard and other features are automatically rearranged to adapt to the particular device being in use.

Read full review

• Does not support multiple endpoints well (e.g. apps and services that do not reside at the same URL).
• Has authentication problems with modern enterprise apps which involve a lot of redirects to unrelated endpoints, federated IDs, SSO, etc. This is related to the first point.
• The vulnerability detection capability is not as robust as Burp Suite Pro + extensions, Metasploit + auxiliary modules, Nmap + scripts, etc.

Read full review

• The reports are clunky and a bit tedious to parse through.
• Sometimes there's so much noise it's hard to tell what a true positive is. There are lots of false ones that trigger alerts but are normal behavior in many environments.

Read full review

• Saved money compared to other commercial scanners, especially over the long run.
• Scan speed seems to be pretty good compared to some of the bulkier commercial products out there. However, that largely has to do with proper configuration.
• A downside is that is requires a bit of extra work just to get it set up to scan APIs, web services, etc.

Read full review

• It's difficult to put a monetary value on security, but with proper monitoring and alerting, incidents will be easier to avoid.
• Helps with your compliancy, as it automatically alerts you for critical events.
• Collects logs in the cloud, so protected from local issues, like SAN failures.

Read full review