AlienVault OSSIM was an open source Security Information and Event Management (SIEM). AlienVault was acquired by AT&T Cybersecurity, now LevelBlue, and OSSIM is no longer available for sale.
N/A
ManageEngine Patch Manager Plus
Score 8.7 out of 10
N/A
Patch Manager Plus is an automated patch management software that provides enterprises with a single interface for all patch management tasks. The vendor claims it works across platforms, helping users patch Windows, Mac, Linux & 300+ third-party applications. With Automated Patch Deployments, users can automate the entire process of patch management:…
$245
50 endpoints
Splunk Enterprise
Score 8.6 out of 10
N/A
Splunk is software for searching, monitoring, and analyzing machine-generated big data, via a web-style interface. It captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations.
Originally my organization leveraged alien value due to the lower cost of entry and ability to manage it as a service provider. Unfortunately, after several years of working with this tool, it became unwieldy to use as it felt that almost every useful report had to be created …
Splunk does a good job at log aggregation and compatibility however, integrations with other products is been a challenge. Especially the pricing can be more competitive to spice up the market and orgs looking to explore AI based logging over traditional practices.
We had an old version of QRadar before Splunk. It was difficult to customize and difficult to pull in our data sources. It wound up being neglected and not providing value for us as an institution. We have also looked into other things like AlienVault but in general, the …
If this is your first experience with a SIEM, this one can get you started. Take the time to learn the ins and outs of the product and you'll most likely be satisfied with it if your company is an SMB. If you need compliance reports, OSSIM is too small for you, you'll need to go with USM or USM Anywhere.
If you are managing a very large number of computers, I would say 1000+, the standard patching tools provided by Microsoft will fail to do their job properly. This is where you will benefit from ManageEngine PATCH MANAGER Plus, being agent-based it is fast, easy to manage, and reliable. If you require functionality more than just patching, like security auditing, you have to look elsewhere.
It's well suited for what I do, which is network security operations. And that's for anything from troubleshooting incidents, troubleshooting performance, troubleshooting for the purpose of a compliance and auditing. It's not best suited for users who are new in terms of they're new to the product and they have expectations that probably Splunk cannot meet.
Asset discovery. Once installed in a centric, network-accessible server, OSSIM can poll all your endpoints with common protocols (SSH, SNMP, WMI) to detect and discover site-wide assets to monitor. You only need to group them by your own criteria once added to the product.
SIEM Event Correlation. You can define quite complex correlation rules to detect possible suspicious or malicious actions or attempts in your network, in order to categorize them as real threats or as false positives, thus streamlining your risk assessment and management.
Ease of installation. The entire AlienVault OSSIM is self-contained in an ISO file, which can be burned into a DVD or just mounted in your server of choice (physical or virtual) for deployment. The installation process is automated and quote verbosed, with options for static IP, email messaging and others.
Ease of access. Being AlienVault OSSIM a self-contained appliance, it can be accessed via web by any device that supports a web browser, being that desktops, workstation, mobile devices, etc. The OSSIM dashboard and other features are automatically rearranged to adapt to the particular device being in use.
We are using Splunk extensively in our projects and we have recently upgraded to Splunk version 6.0 which is quite efficient and giving expected results. We keep track of updates and new features Splunk introduces periodically and try to introduce those features in our day to day activities for improvement in our reporting system and other tasks.
AlienVault OSSIM is far easy to use and manage - provided you know what you're doing. As any SIEM application, there is some background knowledge required in order to take advantage of the product's functionalities, such as the log correlation and analysis. Other than that, the application is quite usable and robust.
The overall usability for the application is great precisely for the ease of use the application provides, if i would go in a different organisation, i would suggest implementing ManageEngine Patch Manager Plus or Endpoint Central due to its features, and productivity.
You can literally throw in a single word into Splunk and it will pull back all instances of that word across all of your logs for the time span you select (provided you have permission to see that data). We have several users who have taken a few of the free courses from Splunk that are able to pull data out of it everyday with little help at all.
Everything is done through MSSP and installation pro services. Once those hours are burned up, then you're on your own without a lot of help. Typically the pro services hours aren't enough to get past 60 days and MSSP are hit and miss. We had a miss for installation helpers.
The support team at Patch Manager Plus has been awesome. Very responsive and knowledgeable. There are times when there is confusion between different tickets but there is still good service.
Splunk maintains a well resourced support system that has been consistent since we purchased the product. They help out in a timely manner and provide expert level information as needed. We typically open cases online and communicate when possible via e-mail and are able to resolve most issues with that method.
The online course was simple clear and described the main capabilities of the solution. There is also an initial module that can be done for free so anyone can familiarize themselves with the functionality of this solution. On the other hand, however, there could be more free online courses. Maybe even with a certificate, this would broaden the group of people who are familiar with the platform while increasing familiarity with the solution itself.
Originally my organization leveraged alien value due to the lower cost of entry and ability to manage it as a service provider. Unfortunately, after several years of working with this tool, it became unwieldy to use as it felt that almost every useful report had to be created by hand. As other tools have come out with the ability to do automated responses such as Stellar Data processor, we have begun to evaluate alternatives.
We were talking to Action1 and Adaptiva about their solutions of patch management. The main factor of choosing ManageEngine was pricing, which was considerably lower compared to these tools. Also, for Action1, it didn't featured some important features (like Linux patching), and it looked like a solution that is getting started in the market, even being more expensive than Patch Manager Plus.
I didn't get to fully evaluate Logstash as our corporation was already using Logstash, but both seemed like viable solutions to the problem that we were having. I wanted to evaluate Logstash some more, both did seem like they would work for the business needs that we had, we went with splunk as many teams were already using it.
ManageEngine Patch Manager Plus provides an excellent return on investment. We were able to get our systems fully patched, which we'd never been able to complete before. This provided excellent security to our organization.
ManageEngine Patch Manager Plus saved us a lot of time as most of our patching was fully automated.
ManageEngine took any issues we found and looked for solutions to further improve their product.
I don't have any numbers to share but Splunk has positively served as a 24/7 monitoring tool that has saved hours of work by self-detecting, saving statistics and alerting problems in the system or from external interfaces as soon as they happen.
Splunk dashboards does a solid job in collecting, analyzing data and creating reports that contain an entire day's activity and then automatically sent out to the business.
Splunk is very easy to learn and very useful to any program or business application.
