AlienVault OSSIM was an open source Security Information and Event Management (SIEM). AlienVault was acquired by AT&T Cybersecurity, now LevelBlue, and OSSIM is no longer available for sale.
N/A
CrowdStrike Falcon
Score 9.1 out of 10
N/A
CrowdStrike offers the Falcon Endpoint Protection suite, an antivirus and endpoint protection system emphasizing threat detection, machine learning malware detection, and signature free updating. Additionally the available Falcon Spotlight module delivers vulnerability assessment with no performance impact, no additional agents, hardware, scheduled scans, firewall exceptions or admin credentials.
$59.99
per endpoint/month (minimum number of endpoints applies)
Pricing
AlienVault OSSIM (discontinued)
CrowdStrike Falcon
Editions & Modules
No answers on this topic
Falcon Go (Small Business)
$59.99
per endpoint/month (minimum number of endpoints applies)
Falcon Go (Small Business)
$59.99
Falcon Pro
$99.99
per endpoint/month (for 5-250 endpoints, billed annually)
Falcon Enterprise
$184.99
per endpoint/month (minimum number of endpoints applies)
1. It had the best ransomware protection built into the base version of the software. This was our primary focus, with some companies in town being hit by ransomware every other week. 2. Better overall detection and response capability. 3. Central management is 100% cloud-based, …
If this is your first experience with a SIEM, this one can get you started. Take the time to learn the ins and outs of the product and you'll most likely be satisfied with it if your company is an SMB. If you need compliance reports, OSSIM is too small for you, you'll need to go with USM or USM Anywhere.
Crowdstrike is a unified platform for monitoring endpoint devices, whether they're workstations, servers, cloud-native machines, or even mobile devices. It uses AI/ML to monitor anomalies and suspicious behavior, including zero-day attacks. It is suitable for large organizations but may be costlier or less appropriate for smaller organizations, those who want an on-prem EDR setup, and those who need custom scanning based on compliance requirements.
Asset discovery. Once installed in a centric, network-accessible server, OSSIM can poll all your endpoints with common protocols (SSH, SNMP, WMI) to detect and discover site-wide assets to monitor. You only need to group them by your own criteria once added to the product.
SIEM Event Correlation. You can define quite complex correlation rules to detect possible suspicious or malicious actions or attempts in your network, in order to categorize them as real threats or as false positives, thus streamlining your risk assessment and management.
Ease of installation. The entire AlienVault OSSIM is self-contained in an ISO file, which can be burned into a DVD or just mounted in your server of choice (physical or virtual) for deployment. The installation process is automated and quote verbosed, with options for static IP, email messaging and others.
Ease of access. Being AlienVault OSSIM a self-contained appliance, it can be accessed via web by any device that supports a web browser, being that desktops, workstation, mobile devices, etc. The OSSIM dashboard and other features are automatically rearranged to adapt to the particular device being in use.
Crowdstrike has a large suite of tools built for helping the engineers triage and respond to security event whenever identified. The ability to customize the security policies and implement more granular policies to different devices based on the functionality is unmatched. Crowdstrike provides so much of ability in a decent budget which ascertains the value for money or ROI.
AlienVault OSSIM is far easy to use and manage - provided you know what you're doing. As any SIEM application, there is some background knowledge required in order to take advantage of the product's functionalities, such as the log correlation and analysis. Other than that, the application is quite usable and robust.
I think it is a complete and very trustful XDR platform, with very few False Positives. It is very well supported by highly skilled professionals on all levels: from pre-sales engineers, Customer Account Managers and support engineers.
Everything is done through MSSP and installation pro services. Once those hours are burned up, then you're on your own without a lot of help. Typically the pro services hours aren't enough to get past 60 days and MSSP are hit and miss. We had a miss for installation helpers.
Any time we need to engage the Crowdstrike Falcon Complete Team, their response is switch, thorough, and they are sure to not close out any request until the customer confirms that they have provided an acceptable resolution. If I ever need anything from the account team related to the product, I also get a response from them within minutes typically to address my question. Top notch customer service!
There is limited amount of learning that can be completed in an in-person training available. In my opinion, the self-paced learning provided by Falcon portal is more useful over in-person training. The support from Falcon is great and useful to overcome difficulties, if any.
The training provided by Crowdstrike Falcon is complete in terms of the depth of technical knowledge and teaches the users about going through with the platform. There are lots of jargons for different tools that Crowdstrike Falcon has and this training teaches them all which helps in managing the platform better. Plus, the regular knowledge checks are also very helpful for the end user.
Originally my organization leveraged alien value due to the lower cost of entry and ability to manage it as a service provider. Unfortunately, after several years of working with this tool, it became unwieldy to use as it felt that almost every useful report had to be created by hand. As other tools have come out with the ability to do automated responses such as Stellar Data processor, we have begun to evaluate alternatives.
It was just a legacy AV program onboarded during initial setup days. As the org. As it expanded, its threat landscape also grew, and we needed a next-gen solution to protect against evolving threat vectors. Falcon EDR was the one that solved all these in a single place.
CrowdStrike Falcon's proactive threat mitigation has significantly reduced the risk of successful cyber attacks, resulting in tangible savings related to potential data breaches or system compromises.
The cloud-native architecture and automated features have improved operational efficiency.
The platform's real-time visibility and threat hunting capabilities have drastically improved incident response times.
