What users are saying about
<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>
Top Rated
80 Ratings
15 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.5 out of 101

IBM QRadar

<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>
Top Rated
80 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 9.3 out of 101

Likelihood to Recommend

AlienVault OSSIM

If this is your first experience with a SIEM, this one can get you started. Take the time to learn the ins and outs of the product and you'll most likely be satisfied with it if your company is an SMB. If you need compliance reports, OSSIM is too small for you, you'll need to go with USM or USM Anywhere.
Ivan Montilla Miralles profile photo

IBM QRadar

QRadar has been very good at helping to detect threats within the infrastructure of our organization. It does not however handle client threats as well and that was my biggest misconception when we were going through acquiring the product.
No photo available

Feature Rating Comparison

Security Information and Event Management (SIEM)

AlienVault OSSIM
8.1
IBM QRadar
9.9
Centralized event and log data collection
AlienVault OSSIM
8.4
IBM QRadar
9.9
Correlation
AlienVault OSSIM
8.0
IBM QRadar
9.9
Event and log normalization
AlienVault OSSIM
7.9
IBM QRadar
9.9
Deployment flexibility
AlienVault OSSIM
8.6
IBM QRadar
9.9
Integration with Identity and Access Management Tools
AlienVault OSSIM
7.4
IBM QRadar
9.9
Custom dashboards and views
AlienVault OSSIM
8.1
IBM QRadar
9.7
Host and network-based intrusion detection
AlienVault OSSIM
8.6
IBM QRadar
9.9

Pros

AlienVault OSSIM

  • Most of the configuration comes out-of-the-box suited for most environments. Setting it up is really easy, with the wizard, you can have it working in less than 3 hours of deployment, without counting asset installation.
  • Out-of-the-box dashboards are really useful. You can modify or add new widgets to suit your needs, but you'll most likely agree with what already comes configured.
  • The tickets feature for handling alarms is really easy to use.
Ivan Montilla Miralles profile photo

IBM QRadar

  • Rule creation is intuitive and fast which helps during emergency situations.
  • Platform maintenance is very light while the appliance has nearly flawless uptime.
  • Report generation is very functional and efficient.
No photo available

Cons

AlienVault OSSIM

  • OSSIM, being an open source solution, lacks log management (a treat that the full USM has). Perhaps a feature to include a lightweight version inside the SIEM Correlation engine can be appreciated.
  • The appliance also lacks support for Cloud-based servers and apps. This feature is also present in USM, so it's unlikely this will appear in OSSIM, but I'd suggest also a reduced version of it included in this appliance.
  • More integration with third-party solutions such as BMC Remedy and ServiceNow, although this can be emulated through email alerts, as most ITSM solutions have the ability of converting incoming email messages into tickets.
Jose Quintero profile photo

IBM QRadar

  • There is a steep learning curve compared to other platforms. Qradar is incredibly powerful but does require some homework.
  • There is a glaring lack of threat feed utilization outside of STIXX/TAXII which remains very limited at this time.
  • May require a considerable amount of tuning during deployment with very little "out of the box" offense information.
No photo available

Usability

AlienVault OSSIM

AlienVault OSSIM 8.0
Based on 1 answer
AlienVault OSSIM is far easy to use and manage - provided you know what you're doing. As any SIEM application, there is some background knowledge required in order to take advantage of the product's functionalities, such as the log correlation and analysis. Other than that, the application is quite usable and robust.
Jose Quintero profile photo

IBM QRadar

No score
No answers yet
No answers on this topic

Alternatives Considered

AlienVault OSSIM

AlienVault OSSIM has the upper ante in initial deployment price, being that it's open source. Also, with perhaps the exception of SolarWinds, it has a lower optimal requirements for onsite deployment, hence your OPEX won't be hit very hard by investing in new hardware to suit the appliance. The correlation engine is somewhat more robust that their counterparts in LogRhythm and SolarWinds, and the IDS (both NIDS and HIDS) are more reliable as well in terms of results. Finally, although Tenable SecurityCenter is more robust in dashboards, alerts and reports, it comes short in front of OSSIM in terms of real-time IDS and SIEM correlation.
Jose Quintero profile photo

IBM QRadar

With IBM supplying this solution, you're inherently getting the globally recognized IBM support environment as well. As an enterprise solution, Qradar is among stiff competition but the reliability and availability make it a cut above the rest. While I also recommend AlienVault for small-medium sized businesses, there aren't many others that afford the same experience and piece of mind.
No photo available

Return on Investment

AlienVault OSSIM

  • The ROI of OSSIM itself is, obviously, immediate, being that it's a free, open-source product. However, you must take into account other inherent investments to cover up for the lack of official support, such as certified agents or consultants that take care of the management and maintenance of the product once in production.
  • On the other hand, the potential loss of information and interruption of operativity due to malware and other threats is really unmeasurable. The implicit savings in OSSIM as a SIEM (Security Information and Event Management) are really the major positive impact on your organization's revenue.
  • Finally, and from a reseller's point of view, reselling OSSIM has the big plus of being a professional services-only asset, given that the appliance itself is free of charge. The only thing to consider is the initial investment in team members with the required capacitation and knowledge to address such professional services to potential customers.
Jose Quintero profile photo

IBM QRadar

  • Faster response times
  • Global scalability
  • High cost of implementation
No photo available

Pricing Details

AlienVault OSSIM

General

Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details

IBM QRadar

General

Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details

Add comparison