AlienVault OSSIM

14 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.2 out of 101

CrowdStrike Falcon Endpoint Protection

4 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 9.6 out of 101

Add comparison

Likelihood to Recommend

AlienVault OSSIM

If this is your first experience with a SIEM, this one can get you started. Take the time to learn the ins and outs of the product and you'll most likely be satisfied with it if your company is an SMB. If you need compliance reports, OSSIM is too small for you, you'll need to go with USM or USM Anywhere.
Ivan Montilla Miralles profile photo

CrowdStrike Falcon Endpoint Protection

It simply works. I do get alerts, but I know Crowdstrike is blocking the behavior or malware, so I don't lose any sleep. Since installing CS, we have not had a single security incident. Nice to focus on other value add tasks than remediating malware or Ransomeware.
Mark Sauer profile photo

Feature Rating Comparison

Security Information and Event Management (SIEM)

AlienVault OSSIM
8.2
CrowdStrike Falcon Endpoint Protection
Centralized event and log data collection
AlienVault OSSIM
8.3
CrowdStrike Falcon Endpoint Protection
Correlation
AlienVault OSSIM
8.0
CrowdStrike Falcon Endpoint Protection
Event and log normalization
AlienVault OSSIM
8.0
CrowdStrike Falcon Endpoint Protection
Deployment flexibility
AlienVault OSSIM
8.7
CrowdStrike Falcon Endpoint Protection
Integration with Identity and Access Management Tools
AlienVault OSSIM
7.5
CrowdStrike Falcon Endpoint Protection
Custom dashboards and views
AlienVault OSSIM
8.0
CrowdStrike Falcon Endpoint Protection
Host and network-based intrusion detection
AlienVault OSSIM
8.7
CrowdStrike Falcon Endpoint Protection

Pros

  • Most of the configuration comes out-of-the-box suited for most environments. Setting it up is really easy, with the wizard, you can have it working in less than 3 hours of deployment, without counting asset installation.
  • Out-of-the-box dashboards are really useful. You can modify or add new widgets to suit your needs, but you'll most likely agree with what already comes configured.
  • The tickets feature for handling alarms is really easy to use.
Ivan Montilla Miralles profile photo
  • Detects and automatically blocks dangerous behavior on endpoints that could be indicative of malicious activity, like executing programs from the deleted items folder, executing a SSH command in silent mode from different places in the OS, etc.
  • Monitors endpoints continuously for known malware, evaluates dangerous behaviors and blocks execution based on risk tolerance settings, uses AI to draw correlations on multiple attack vectors, and has a human malware hunting element to detect known or newly detected attack vectors.
  • Is easy to deploy across a large organization and manage centrally by as few as 1 person part time.
  • This was the fastest and easiest implementation of an enterprise grade security system I have ever done. I pushed software to the endpoints on a Friday afternoon, and was complete by Noon on Monday, as each workstation came online, the installer completed, and we were protected.
Mark Sauer profile photo

Cons

  • The correlation directives that come out of the box are very few. I understand more correlation directives are a premium product, but one can hardly see the value of having very few. It makes new customers think they will not get better directives when they switch to the full USM or USM Anywhere.
  • Same with reports, the few reports it comes out of the box can be retrieved using other tools that are better prepared for the task. I understand that compliance reports aren't free, but at least I'd expect more security reports.
  • The OTX tab in dashboards sometimes takes too long to load, even if you have a fast internet and plenty of resources in the VM.
Ivan Montilla Miralles profile photo
  • We get false positive detections when we run an email signature script for our users. These false positives can be a distraction. We've implemented a whitelist for those behaviors, but had some difficulty in figuring out how to configure CrowdStrike to recognize these executions since the file name and hash were always different (the executing file was firstname_lastname.exe, and that was too Vague to whitelist.
Mark Sauer profile photo

Usability

AlienVault OSSIM8.0
Based on 1 answer
AlienVault OSSIM is far easy to use and manage - provided you know what you're doing. As any SIEM application, there is some background knowledge required in order to take advantage of the product's functionalities, such as the log correlation and analysis. Other than that, the application is quite usable and robust.
Jose Quintero profile photo
No score
No answers yet
No answers on this topic

Alternatives Considered

AlienVault OSSIM has the upper ante in initial deployment price, being that it's open source. Also, with perhaps the exception of SolarWinds, it has a lower optimal requirements for onsite deployment, hence your OPEX won't be hit very hard by investing in new hardware to suit the appliance. The correlation engine is somewhat more robust that their counterparts in LogRhythm and SolarWinds, and the IDS (both NIDS and HIDS) are more reliable as well in terms of results. Finally, although Tenable SecurityCenter is more robust in dashboards, alerts and reports, it comes short in front of OSSIM in terms of real-time IDS and SIEM correlation.
Jose Quintero profile photo
Trend Micro, Darktrace (I like Darktrace a lot too), Cylance. Crowdstrike is as good or better than all the other products. Trend Micro AV/endpoint security is probably less mature, but CS and Darktrace are both excellent tools. Cylance is good too, but there has been some long-term concern expressed whether the Cylance algorithms can evolve as fast as malicious code.
Mark Sauer profile photo

Return on Investment

  • The ROI of OSSIM itself is, obviously, immediate, being that it's a free, open-source product. However, you must take into account other inherent investments to cover up for the lack of official support, such as certified agents or consultants that take care of the management and maintenance of the product once in production.
  • On the other hand, the potential loss of information and interruption of operativity due to malware and other threats is really unmeasurable. The implicit savings in OSSIM as a SIEM (Security Information and Event Management) are really the major positive impact on your organization's revenue.
  • Finally, and from a reseller's point of view, reselling OSSIM has the big plus of being a professional services-only asset, given that the appliance itself is free of charge. The only thing to consider is the initial investment in team members with the required capacitation and knowledge to address such professional services to potential customers.
Jose Quintero profile photo
  • CS is fairly expensive for security software, but it works.
  • From an ROI perspective, if you could quantify the cost of a day or more of company downtime during a Ransomware event, plus the remediation time, and the fact that you will likely have some data loss, the cost is quickly justified.
  • CS keeps our business units (26 across the globe) up and running 24/7 with no incidents for 2 years and running.
  • Easy install, little time required to administrate and manage, makes this a security tool most CIO / CISO executives can love.
Mark Sauer profile photo

Pricing Details

AlienVault OSSIM

General
Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details

CrowdStrike Falcon Endpoint Protection

General
Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details