OSSIM leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts. AlienVault OSSIM is an open source Security Information and Event Management (SIEM) product. It is a unified platform providing: Asset discovery Vulnerability assessment Intrusion detection Behavioral monitoring SIEM OSSIM provides the basis for AlienVault's proprietary Unified Security…
N/A
ThreatDown, powered by Malwarebytes
Score 7.9 out of 10
N/A
ThreatDown replaces the former Malwarebytes for Business product suite, combining Malwarebytes' endpoint security capabilities in four bundles. The basic Core tier includes incident response, Next-gen AV, device control, vulnerability assessments, and the ability to block unwanted application. Higher tiers include EDR and MDR services, managed threat hunting, patch management, website content filtering.
$345
per year 5 endpoints (minimum)
Pricing
AlienVault OSSIM
ThreatDown, powered by Malwarebytes
Editions & Modules
No answers on this topic
Core
$69
per year per endpoint (minimum 5)
Advanced
$79
per year per endpoint (minimum 5)
Elite
$99
per year per endpoint (minimum 5)
Ultimate
$119
per year per endpoint (minimum 5)
Offerings
Pricing Offerings
AlienVault OSSIM
ThreatDown, powered by Malwarebytes
Free Trial
No
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
Optional Add-Ons include server and mobile device protection. Server protection ranges from $129 to $179 per annum depending on service tier. Mobile security is $10 per device, no matter the service tier.
If this is your first experience with a SIEM, this one can get you started. Take the time to learn the ins and outs of the product and you'll most likely be satisfied with it if your company is an SMB. If you need compliance reports, OSSIM is too small for you, you'll need to go with USM or USM Anywhere.
I think Malwarebytes is the best anti-malware company. I think it is well-suited for any situation and any device. I think Malwarebytes does the best on Windows and on MacOS. Also, Malwarebytes is always improving, and you can tell they are a company that stays on top of cybersecurity trends. If you have a tight budget or looking for the cheapest solution, then Malwarebytes may not be the solution for you. To clarify, I don't think Malwarebytes is that much more expensive compared to its closest competitors.
Asset discovery. Once installed in a centric, network-accessible server, OSSIM can poll all your endpoints with common protocols (SSH, SNMP, WMI) to detect and discover site-wide assets to monitor. You only need to group them by your own criteria once added to the product.
SIEM Event Correlation. You can define quite complex correlation rules to detect possible suspicious or malicious actions or attempts in your network, in order to categorize them as real threats or as false positives, thus streamlining your risk assessment and management.
Ease of installation. The entire AlienVault OSSIM is self-contained in an ISO file, which can be burned into a DVD or just mounted in your server of choice (physical or virtual) for deployment. The installation process is automated and quote verbosed, with options for static IP, email messaging and others.
Ease of access. Being AlienVault OSSIM a self-contained appliance, it can be accessed via web by any device that supports a web browser, being that desktops, workstation, mobile devices, etc. The OSSIM dashboard and other features are automatically rearranged to adapt to the particular device being in use.
Protects against malware - No matter how much training you give end users on social hacking, there is always a breach at some point.
Protects against ransomware - Ransomware could spell disaster for a company...it could literally shut the doors for good.
Centralized administration - Without a terrific centralized method to manage all the systems being protected, it would require an extra position just to maintain all endpoints.
When I first used the tool in my home systems MANY years ago, I wished for a Business version. I was once at a focus group for a major antivirus company, and one attendee’s feedback to “what could we do better?” was “buy out MalwareBytes and add it to your tool”. I’ve used the Business version since it first became available, and have continued to be a dedicated user through the many iterations and improvements
AlienVault OSSIM is far easy to use and manage - provided you know what you're doing. As any SIEM application, there is some background knowledge required in order to take advantage of the product's functionalities, such as the log correlation and analysis. Other than that, the application is quite usable and robust.
It simply works. It doesn't require the hand-holding and monitoring that some other solutions do. It's simple to deploy and maintain, and adding custom content such as Exceptions require minimal effort. I’ve had to add a few exceptions for internal-use, in-house-developed tools, but it’s quite simple to do so within the online interface
Everything is done through MSSP and installation pro services. Once those hours are burned up, then you're on your own without a lot of help. Typically the pro services hours aren't enough to get past 60 days and MSSP are hit and miss. We had a miss for installation helpers.
As I mentioned, we have only email support. Their phone support was very expensive. If we ever have any issues, we have to email them and wait for their response. In most cases, I have figured out the issue on my own. The software is very stable so we haven't used their support much.
I first implemented this more than 10 years ago, when it required an in-site setup with SQL Server (or SQL Express), and even that was pretty easy. With the move to centralized web management some treats ago, it’s become even easier to deploy
Originally my organization leveraged alien value due to the lower cost of entry and ability to manage it as a service provider. Unfortunately, after several years of working with this tool, it became unwieldy to use as it felt that almost every useful report had to be created by hand. As other tools have come out with the ability to do automated responses such as Stellar Data processor, we have begun to evaluate alternatives.
It's no contest. Cisco AMP, Umbrella and Endpoint use vast amounts of resources and provide little protection when compared with Malwarebytes. One client recently replaced Cisco with MWB and found over 7,300 vulnerabilities on 352 endpoints, including 120 listed as Critical and 7,180 listed as High, with CVE's dating back to 2008.
The ease of remediation has saved our IT team a number of hours manually installing, for example, the free version of Malwarebytes to remove infections, and then cleaning the machine up. Being able to centrally send commands to clean the device is much more efficient.
The centralised management has also alerted us to infections on machines that we might not otherwise have known about, as the existing AV had not detected them, saving us potential data loss, or system damage.
