What users are saying about

IBM QRadar

18 Ratings

AlienVault OSSIM

14 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.2 out of 101

IBM QRadar

18 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8 out of 101

Add comparison

Likelihood to Recommend

AlienVault OSSIM

If this is your first experience with a SIEM, this one can get you started. Take the time to learn the ins and outs of the product and you'll most likely be satisfied with it if your company is an SMB. If you need compliance reports, OSSIM is too small for you, you'll need to go with USM or USM Anywhere.
Ivan Montilla Miralles profile photo

IBM QRadar

Due to the strength, robustness, and cost of a solution like this, I believe it is best suited for large businesses and enterprises. While a medium sized business would find value for sure, this system is not for the faint of heart or pocketbook. Qradar is well suited for environments with a lot of incoming data where manual analysis might not be an option.
No photo available

Feature Rating Comparison

Security Information and Event Management (SIEM)

AlienVault OSSIM
8.2
IBM QRadar
7.1
Centralized event and log data collection
AlienVault OSSIM
8.3
IBM QRadar
8.0
Correlation
AlienVault OSSIM
8.0
IBM QRadar
7.8
Event and log normalization
AlienVault OSSIM
8.0
IBM QRadar
6.5
Deployment flexibility
AlienVault OSSIM
8.7
IBM QRadar
6.9
Integration with Identity and Access Management Tools
AlienVault OSSIM
7.5
IBM QRadar
6.1
Custom dashboards and views
AlienVault OSSIM
8.0
IBM QRadar
6.8
Host and network-based intrusion detection
AlienVault OSSIM
8.7
IBM QRadar
7.8

Pros

  • Being a part of the Open Source community, open source tools are always a big plus for me.
  • Being a simple straightforward tool, it does a great job especially with the asset management piece built into it.
  • Straightforward
  • Open Threat Exchange(OTX) gives a straightforward live threat intel feed to work off.
No photo available
  • Rule creation is intuitive and fast which helps during emergency situations.
  • Platform maintenance is very light while the appliance has nearly flawless uptime.
  • Report generation is very functional and efficient.
No photo available

Cons

  • It's a free product! Yes, it doesn't have all the capabilities of the USM anywhere, but it does a great job. Can't really complain.
No photo available
  • There is a steep learning curve compared to other platforms. Qradar is incredibly powerful but does require some homework.
  • There is a glaring lack of threat feed utilization outside of STIXX/TAXII which remains very limited at this time.
  • May require a considerable amount of tuning during deployment with very little "out of the box" offense information.
No photo available

Usability

AlienVault OSSIM8.0
Based on 1 answer
AlienVault OSSIM is far easy to use and manage - provided you know what you're doing. As any SIEM application, there is some background knowledge required in order to take advantage of the product's functionalities, such as the log correlation and analysis. Other than that, the application is quite usable and robust.
Jose Quintero profile photo
No score
No answers yet
No answers on this topic

Alternatives Considered

AlienVault OSSIM has the upper ante in initial deployment price, being that it's open source. Also, with perhaps the exception of SolarWinds, it has a lower optimal requirements for onsite deployment, hence your OPEX won't be hit very hard by investing in new hardware to suit the appliance. The correlation engine is somewhat more robust that their counterparts in LogRhythm and SolarWinds, and the IDS (both NIDS and HIDS) are more reliable as well in terms of results. Finally, although Tenable SecurityCenter is more robust in dashboards, alerts and reports, it comes short in front of OSSIM in terms of real-time IDS and SIEM correlation.
Jose Quintero profile photo
With IBM supplying this solution, you're inherently getting the globally recognized IBM support environment as well. As an enterprise solution, Qradar is among stiff competition but the reliability and availability make it a cut above the rest. While I also recommend AlienVault for small-medium sized businesses, there aren't many others that afford the same experience and piece of mind.
No photo available

Return on Investment

  • The only investment here is setting it up and I think seeing it's performance it's a fantastic tool and has a great positive ROI!
No photo available
  • Faster response times
  • Global scalability
  • High cost of implementation
No photo available

Pricing Details

AlienVault OSSIM

General
Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details

IBM QRadar

General
Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details