AlienVault OSSIM (discontinued) vs. BMC Helix ITSM vs. KACE Asset Management Appliance

If this is your first experience with a SIEM, this one can get you started. Take the time to learn the ins and outs of the product and you'll most likely be satisfied with it if your company is an SMB. If you need compliance reports, OSSIM is too small for you, you'll need to go with USM or USM Anywhere.

Incentivized

BMC Helix ITSM fits our environment particularly well, where standardized, auditable processes are already in place: Incident and Problem Management can be structured cleanly, with clear ownership, escalations, and fully traceable documentation—crucial in a highly regulated banking context. Through the customer platform/portal, users can log incidents and requests consistently, track their status transparently, and use a single central communication channel across service boundaries. This supports a service-oriented setup spanning multiple business services and locations. It becomes less suitable—or at least more effort-intensive—when core foundation data is not yet stable: an immature CMDB, insufficient ITAM data quality, and an unstructured knowledge base limit the value of automation and self-service. In addition, heterogeneous integrations and strict authorization models can increase implementation and ongoing maintenance efforts, especially when SLAs are not harmonized across different customer environments.

The KACE Management Appliance does many different things, but does not do them as well as other products. It is an all-in-one system for Asset tracking, software management, ticketing system, Contact management, and reporting. If you require basic functionality for these, then this product will meet your needs. But when you begin needing advanced/granular functions from the appliance, it will fall short.

Incentivized

• Asset discovery. Once installed in a centric, network-accessible server, OSSIM can poll all your endpoints with common protocols (SSH, SNMP, WMI) to detect and discover site-wide assets to monitor. You only need to group them by your own criteria once added to the product.
• SIEM Event Correlation. You can define quite complex correlation rules to detect possible suspicious or malicious actions or attempts in your network, in order to categorize them as real threats or as false positives, thus streamlining your risk assessment and management.
• Ease of installation. The entire AlienVault OSSIM is self-contained in an ISO file, which can be burned into a DVD or just mounted in your server of choice (physical or virtual) for deployment. The installation process is automated and quote verbosed, with options for static IP, email messaging and others.
• Ease of access. Being AlienVault OSSIM a self-contained appliance, it can be accessed via web by any device that supports a web browser, being that desktops, workstation, mobile devices, etc. The OSSIM dashboard and other features are automatically rearranged to adapt to the particular device being in use.

Incentivized

• AI drive incident correlation leading to identifying problems and major incidents quickly.
• Digital Workplace gives end-users a modern and personalized UI to submit requests, monitor service health, and receive self-help.
• As an enterprise ITSM, it is critical that Request, Incident, Problem, Asset, and Change Management are integrated and flow together. BMC Helix is built on this principle.

Incentivized

• Gives you real time data to systems on my network.
• I can get information on all applications running on devices on my network.
• I can get information on what systems are not currently patched and up to date with MS and Virus definitions!

Incentivized

• Creating custom rules is a bit complicated
• Reporting could be improved
• Agent has caused conflicts with a couple of our other applications

Incentivized

• Service Level management configs can be lengthy, and when changes are needed to specific SLA, it does take a long time to configure. Templates work but only for certain things, lots of manual work is still required.
• The Online product documentation can be confusing or in same cases not correct.
• BMC products are sometimes expensive. When partners try to resell licenses or increase their own allotment, it becomes very expensive.

Incentivized

• The UI is clunky and could use a redesign
• Support is good but sometimes it's hard to get someone right away or a response in a timely manner
• expand some support beyond dell and others to include something like Microsoft Surfaces, etc.
• KB articles need a refresh, there are a lot of older things out there that don't apply anymore.

Incentivized

It provides the tool we need and is able to be customised to meet new requirements. Cost to change in training and integrations would be considerable.

AlienVault OSSIM is far easy to use and manage - provided you know what you're doing. As any SIEM application, there is some background knowledge required in order to take advantage of the product's functionalities, such as the log correlation and analysis. Other than that, the application is quite usable and robust.

Incentivized

Overall the product enhances the capability of incident management, problem management and change management. The AI based framework helps generated better visibility and reports. The effectiveness of enhanced service desk suuport improves end user experience as the incidents are handled well in time and aged incidents are highlighted at the right time.

Incentivized

The appliance and software does its job, as it's intended to. There aren't many other bells and whistles. integrates well with MFA (okta), integrates well with KACES SDA. The modules it has will suit most needs. If you have the money in the budge, i'd suggest going with professional services to help with the setup/integration. There are some parts that are cumbersome and may require support. Save yourself the headache

Incentivized

for now we are satisfied. first two months 😉

Incentivized

could be faster. db is slower from introducing postgresql

Incentivized

Everything is done through MSSP and installation pro services. Once those hours are burned up, then you're on your own without a lot of help. Typically the pro services hours aren't enough to get past 60 days and MSSP are hit and miss. We had a miss for installation helpers.

Incentivized

Their tech support is top notch. They respond and get back to us, even on lower level incidents and issues, very quickly. It is rare that we deal with a support technician who does not know what they are doing.

the trainers dont have so much practical experiences. its mostly follow up and reading existing documentation withou own input. of course experiences people are on shore or have no free time. sad truth

Incentivized

Satisfied because I didn't have to do it!

Incentivized

Originally my organization leveraged alien value due to the lower cost of entry and ability to manage it as a service provider. Unfortunately, after several years of working with this tool, it became unwieldy to use as it felt that almost every useful report had to be created by hand. As other tools have come out with the ability to do automated responses such as Stellar Data processor, we have begun to evaluate alternatives.

Incentivized

I believe Remedy's performance and market share exceeds its competitors. But it is worth mentioning that Microsoft's SCCM has excellent integration with Microsoft enterprise solutions and has is less expensive and not efficient. The IBM solution has better analytics but lacks the wide features and capabilities of Remedy. HP & CA are the real competitors for Remedy but lacks the stability, maturity, and effectiveness in Remedy

Incentivized

We were not able to get SCCM to stabilize and work, it would continually fail to add computers to groups and fail to install programs/updates to computers in a defined group. Continually, user community forums kept recommending to replace it with another solution. JIRA is a much more efficient ticketing system, and we migrated the ticketing system from KACE to JIRA.

Incentivized

unclear. lot of for less

Incentivized

Again, always room for improvement, but a very stable product none-the-less.

Incentivized

• It satisfied a requirement of our audit team (internal and external).
• Custom written alerts allow us to be proactive for some events.
• Stable product means we don't spend a lot of time keeping it up and running.

Incentivized

• Positive: an introduction to ITIL and viewing Asset, User Management from the perspective of ITIL, and how BMC has implemented those processes
• Negative: The development team needs to communicate better with the sales and support side, and they need offer an open API
• Negative: Currently the Asset Management side has little security and validation of Asset input: anyone can make API (mostly), at any item, which is a problem that I am apart of solving.
• The UX needs updating, badly. Its quality is poor: it functions, but it is cumbersome, click-heavy and requires several hours to understand how to function with it. Also, it needs to ditch IE11 support, altogether.

Incentivized

• Original investment was very substantial but I believe will be well worth it in the long run!
• DAM gives us a great view of what happening and whats on out network as far as PC, Laptops and Servers.
• The reporting function will help with budget proposals to BOS for County Budgets and giving exact numbers of systems and software and devices on the County Domain

Incentivized