14 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.2 out of 101
22 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 6.8 out of 101

Add comparison

Likelihood to Recommend

AlienVault OSSIM

The most obvious scenario in which OSSIM is well suited is in a single office/home office (SOHO) or small business, in which budget is reduced but asset discovery and vulnerability management are greatly needed and appreciated. OSSIM is lightweight and free, so the real challenge to face is to hire or assign an administrator to manage and operate it, instead of any investment on an expensive appliance. Also, as resellers, promoting usage of OSSIM to customers charging for professional services for installation, administration, and maintenance (remember that OSSIM doesn't have official support from AlienVault) is a great asset for the organization.
Jose Quintero profile photo

McAfee Enterprise Security Manager

McAfee Enterprise Security Manager is well placed when the environment has other Intel products. We operate McAfee Move and the two products work extremely well together. The anti-virus product can be very cumbersome if used with another SIEM solution when log collecting.We have other areas where intel solutions are not in use and in these circumstances we used another well-known SIEM solution that had an easier implementation phase than Intel's and where remote access was challenging.
Philip Clarke profile photo

Feature Rating Comparison

Security Information and Event Management (SIEM)

AlienVault OSSIM
8.2
McAfee Enterprise Security Manager
6.8
Centralized event and log data collection
AlienVault OSSIM
8.4
McAfee Enterprise Security Manager
9.0
Correlation
AlienVault OSSIM
8.0
McAfee Enterprise Security Manager
8.8
Event and log normalization
AlienVault OSSIM
8.0
McAfee Enterprise Security Manager
7.4
Deployment flexibility
AlienVault OSSIM
8.7
McAfee Enterprise Security Manager
4.2
Integration with Identity and Access Management Tools
AlienVault OSSIM
7.5
McAfee Enterprise Security Manager
7.5
Custom dashboards and views
AlienVault OSSIM
8.0
McAfee Enterprise Security Manager
4.3
Host and network-based intrusion detection
AlienVault OSSIM
8.6
McAfee Enterprise Security Manager
6.7

Pros

  • Being a part of the Open Source community, open source tools are always a big plus for me.
  • Being a simple straightforward tool, it does a great job especially with the asset management piece built into it.
  • Straightforward
  • Open Threat Exchange(OTX) gives a straightforward live threat intel feed to work off.
No photo available
  • Advanced Threat intelligence gives us the ability to prioritise alerts quickly and efficiently.
  • SIEM log collection allows us to integrate our other Intel products to a centralised point.
  • Physical appliances is one of the areas we have moved away from, so the ability for ESM to be available as a VDI was key.
Philip Clarke profile photo

Cons

  • It's a free product! Yes, it doesn't have all the capabilities of the USM anywhere, but it does a great job. Can't really complain.
No photo available
  • If there is a requirement to integrate into other vendor products i.e. (log sharing) then this was very cumbersome.
  • Integration of vulnerability scanning that is available in other vendor products would be a good addition.
  • When integrating all of Intel's products a third party consultancy is usually required, where other vendor products can be configured without this additional cost.
Philip Clarke profile photo

Usability

AlienVault OSSIM8.0
Based on 1 answer
AlienVault OSSIM is far easy to use and manage - provided you know what you're doing. As any SIEM application, there is some background knowledge required in order to take advantage of the product's functionalities, such as the log correlation and analysis. Other than that, the application is quite usable and robust.
Jose Quintero profile photo
No score
No answers yet
No answers on this topic

Alternatives Considered

AlienVault OSSIM has the upper ante in initial deployment price, being that it's open source. Also, with perhaps the exception of SolarWinds, it has a lower optimal requirements for onsite deployment, hence your OPEX won't be hit very hard by investing in new hardware to suit the appliance. The correlation engine is somewhat more robust that their counterparts in LogRhythm and SolarWinds, and the IDS (both NIDS and HIDS) are more reliable as well in terms of results. Finally, although Tenable SecurityCenter is more robust in dashboards, alerts and reports, it comes short in front of OSSIM in terms of real-time IDS and SIEM correlation.
Jose Quintero profile photo
We looked at a few products, these were AlienVault, ESM, LogRhythm and Alert Logic.ESM at the time had more functionality and a friendlier and cleaner user interface than LogRhythmESM had an ability to integrate easily into Intel's endpoint solution versus AlienVault where a parser would have to be written, though AlienVault's inclusion of vulnerability management and IDS made it stand out from some of the others.ESM had a better correlation engine and log drill through than Alert Logic, and in our scenario we were not looking for a hosted solution at the time.ESM has a good network of partners and in the event a managed service is required the transition to this is made very easily.
Philip Clarke profile photo

Return on Investment

  • The only investment here is setting it up and I think seeing it's performance it's a fantastic tool and has a great positive ROI!
No photo available
  • Centralisation of events form NIDS/IPS/IDS, Firewall(s), Web Proxy and Endpoint
  • Ability to have third party management
  • Actively upgraded product with good vendor support
Philip Clarke profile photo

Pricing Details

AlienVault OSSIM

General
Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details

McAfee Enterprise Security Manager

General
Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details