AlienVault OSSIM

14 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.1 out of 101

McAfee Enterprise Security Manager

22 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 6.8 out of 101

Add comparison

Likelihood to Recommend

AlienVault OSSIM

If this is your first experience with a SIEM, this one can get you started. Take the time to learn the ins and outs of the product and you'll most likely be satisfied with it if your company is an SMB. If you need compliance reports, OSSIM is too small for you, you'll need to go with USM or USM Anywhere.
Ivan Montilla Miralles profile photo

McAfee Enterprise Security Manager

I would make a cautionary recommendation. If you're heavily invested in a McAfee product line, the McAfee Enterprise Security Manager is a natural fit and you probably already understand the risk of working with them. If you are greenfield looking for a SIEM, I would advise documenting your use cases very well, because you may find yourself doing a new implementation down the road.
No photo available

Feature Rating Comparison

Security Information and Event Management (SIEM)

AlienVault OSSIM
8.1
McAfee Enterprise Security Manager
7.1
Centralized event and log data collection
AlienVault OSSIM
8.0
McAfee Enterprise Security Manager
9.0
Correlation
AlienVault OSSIM
7.7
McAfee Enterprise Security Manager
8.8
Event and log normalization
AlienVault OSSIM
7.6
McAfee Enterprise Security Manager
7.6
Deployment flexibility
AlienVault OSSIM
9.0
McAfee Enterprise Security Manager
4.7
Integration with Identity and Access Management Tools
AlienVault OSSIM
7.5
McAfee Enterprise Security Manager
7.5
Custom dashboards and views
AlienVault OSSIM
8.0
McAfee Enterprise Security Manager
4.9
Host and network-based intrusion detection
AlienVault OSSIM
8.7
McAfee Enterprise Security Manager
7.0

Pros

  • Most of the configuration comes out-of-the-box suited for most environments. Setting it up is really easy, with the wizard, you can have it working in less than 3 hours of deployment, without counting asset installation.
  • Out-of-the-box dashboards are really useful. You can modify or add new widgets to suit your needs, but you'll most likely agree with what already comes configured.
  • The tickets feature for handling alarms is really easy to use.
Ivan Montilla Miralles profile photo
  • Advanced Threat intelligence gives us the ability to prioritise alerts quickly and efficiently.
  • SIEM log collection allows us to integrate our other Intel products to a centralised point.
  • Physical appliances is one of the areas we have moved away from, so the ability for ESM to be available as a VDI was key.
Philip Clarke profile photo

Cons

  • The correlation directives that come out of the box are very few. I understand more correlation directives are a premium product, but one can hardly see the value of having very few. It makes new customers think they will not get better directives when they switch to the full USM or USM Anywhere.
  • Same with reports, the few reports it comes out of the box can be retrieved using other tools that are better prepared for the task. I understand that compliance reports aren't free, but at least I'd expect more security reports.
  • The OTX tab in dashboards sometimes takes too long to load, even if you have a fast internet and plenty of resources in the VM.
Ivan Montilla Miralles profile photo
  • If there is a requirement to integrate into other vendor products i.e. (log sharing) then this was very cumbersome.
  • Integration of vulnerability scanning that is available in other vendor products would be a good addition.
  • When integrating all of Intel's products a third party consultancy is usually required, where other vendor products can be configured without this additional cost.
Philip Clarke profile photo

Usability

AlienVault OSSIM8.0
Based on 1 answer
AlienVault OSSIM is far easy to use and manage - provided you know what you're doing. As any SIEM application, there is some background knowledge required in order to take advantage of the product's functionalities, such as the log correlation and analysis. Other than that, the application is quite usable and robust.
Jose Quintero profile photo
No score
No answers yet
No answers on this topic

Alternatives Considered

AlienVault OSSIM as the first experience with a SIEM is very fine, especially if your company is an SMB. Every SIEM shares some features in common with other products, features such as log retrieval and normalization. So if you stick with principles, you can learn other SIEM products as well. If your environment is not of a minimum size, LogRhythm might be overkill for your network, same with McAfee Enterprise Security Manager.
Ivan Montilla Miralles profile photo
We looked at a few products, these were AlienVault, ESM, LogRhythm and Alert Logic.ESM at the time had more functionality and a friendlier and cleaner user interface than LogRhythmESM had an ability to integrate easily into Intel's endpoint solution versus AlienVault where a parser would have to be written, though AlienVault's inclusion of vulnerability management and IDS made it stand out from some of the others.ESM had a better correlation engine and log drill through than Alert Logic, and in our scenario we were not looking for a hosted solution at the time.ESM has a good network of partners and in the event a managed service is required the transition to this is made very easily.
Philip Clarke profile photo

Return on Investment

  • Since it's free, ROI has been positive in terms of money. In time cost and engineer time, it has been also very cheap to implement since it's very easy to get it running.
  • As a learning tool, for ACSE certification, it has also been very useful, since it shares a lot with the USM appliance installation.
  • As a test environment, again, it shares a lot with the USM appliance installation, so if you have a USM also and you don't want to test things over your production environment, testing with OSSIM first has been a good way to mitigate possible bad effects.
Ivan Montilla Miralles profile photo
  • Centralisation of events form NIDS/IPS/IDS, Firewall(s), Web Proxy and Endpoint
  • Ability to have third party management
  • Actively upgraded product with good vendor support
Philip Clarke profile photo

Pricing Details

AlienVault OSSIM

General
Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details

McAfee Enterprise Security Manager

General
Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details