What users are saying about
15 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.3 out of 101
13 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.4 out of 101

Add comparison

Likelihood to Recommend

AlienVault OSSIM

The most obvious scenario in which OSSIM is well suited is in a single office/home office (SOHO) or small business, in which budget is reduced but asset discovery and vulnerability management are greatly needed and appreciated. OSSIM is lightweight and free, so the real challenge to face is to hire or assign an administrator to manage and operate it, instead of any investment on an expensive appliance. Also, as resellers, promoting usage of OSSIM to customers charging for professional services for installation, administration, and maintenance (remember that OSSIM doesn't have official support from AlienVault) is a great asset for the organization.
Jose Quintero profile photo

Qualys Cloud Platform

Of many of the other vulnerability testing suites I used, this offered the most robust features and, once you learned the UI, was a go-to tool. The reporting was very nice for not only us technical but for reports for management as well that were easy to understand and prioritize fixes.
Alan Matson, CCNA:S, MCP profile photo

Feature Rating Comparison

Security Information and Event Management (SIEM)

AlienVault OSSIM
8.2
Qualys Cloud Platform
Centralized event and log data collection
AlienVault OSSIM
8.4
Qualys Cloud Platform
Correlation
AlienVault OSSIM
8.0
Qualys Cloud Platform
Event and log normalization
AlienVault OSSIM
8.0
Qualys Cloud Platform
Deployment flexibility
AlienVault OSSIM
8.7
Qualys Cloud Platform
Integration with Identity and Access Management Tools
AlienVault OSSIM
7.5
Qualys Cloud Platform
Custom dashboards and views
AlienVault OSSIM
8.0
Qualys Cloud Platform
Host and network-based intrusion detection
AlienVault OSSIM
8.6
Qualys Cloud Platform

Pros

  • Asset discovery. Once installed in a centric, network-accessible server, OSSIM can poll all your endpoints with common protocols (SSH, SNMP, WMI) to detect and discover site-wide assets to monitor. You only need to group them by your own criteria once added to the product.
  • SIEM Event Correlation. You can define quite complex correlation rules to detect possible suspicious or malicious actions or attempts in your network, in order to categorize them as real threats or as false positives, thus streamlining your risk assessment and management.
  • Ease of installation. The entire AlienVault OSSIM is self-contained in an ISO file, which can be burned into a DVD or just mounted in your server of choice (physical or virtual) for deployment. The installation process is automated and quote verbosed, with options for static IP, email messaging and others.
  • Ease of access. Being AlienVault OSSIM a self-contained appliance, it can be accessed via web by any device that supports a web browser, being that desktops, workstation, mobile devices, etc. The OSSIM dashboard and other features are automatically rearranged to adapt to the particular device being in use.
Jose Quintero profile photo
  • User setup for multiple groups
  • Ease of automation, set it and forget it
  • Reporting features were a huge plus
Alan Matson, CCNA:S, MCP profile photo

Cons

  • OSSIM, being an open source solution, lacks log management (a treat that the full USM has). Perhaps a feature to include a lightweight version inside the SIEM Correlation engine can be appreciated.
  • The appliance also lacks support for Cloud-based servers and apps. This feature is also present in USM, so it's unlikely this will appear in OSSIM, but I'd suggest also a reduced version of it included in this appliance.
  • More integration with third-party solutions such as BMC Remedy and ServiceNow, although this can be emulated through email alerts, as most ITSM solutions have the ability of converting incoming email messages into tickets.
Jose Quintero profile photo
  • Took time to learn the UI
  • Could be cumbersome for first time users
  • Not much online documentation that was useful
Alan Matson, CCNA:S, MCP profile photo

Usability

AlienVault OSSIM8.0
Based on 1 answer
AlienVault OSSIM is far easy to use and manage - provided you know what you're doing. As any SIEM application, there is some background knowledge required in order to take advantage of the product's functionalities, such as the log correlation and analysis. Other than that, the application is quite usable and robust.
Jose Quintero profile photo
No score
No answers yet
No answers on this topic

Alternatives Considered

AlienVault OSSIM as the first experience with a SIEM is very fine, especially if your company is an SMB. Every SIEM shares some features in common with other products, features such as log retrieval and normalization. So if you stick with principles, you can learn other SIEM products as well. If your environment is not of a minimum size, LogRhythm might be overkill for your network, same with McAfee Enterprise Security Manager.
Ivan Montilla Miralles profile photo
Qualysguard gave us the tools we needed that were benificial to our job without us having to do too much manual interaction such as with Nmap, Metasploit , etc. It was a very efficient platform that I would go to again.
Alan Matson, CCNA:S, MCP profile photo

Return on Investment

  • The ROI of OSSIM itself is, obviously, immediate, being that it's a free, open-source product. However, you must take into account other inherent investments to cover up for the lack of official support, such as certified agents or consultants that take care of the management and maintenance of the product once in production.
  • On the other hand, the potential loss of information and interruption of operativity due to malware and other threats is really unmeasurable. The implicit savings in OSSIM as a SIEM (Security Information and Event Management) are really the major positive impact on your organization's revenue.
  • Finally, and from a reseller's point of view, reselling OSSIM has the big plus of being a professional services-only asset, given that the appliance itself is free of charge. The only thing to consider is the initial investment in team members with the required capacitation and knowledge to address such professional services to potential customers.
Jose Quintero profile photo
  • I was not involved in the purchase but the personal ROI really helped make my job quicker and more efficient.
Alan Matson, CCNA:S, MCP profile photo

Pricing Details

AlienVault OSSIM

General
Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details

Qualys Cloud Platform

General
Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details