AlienVault OSSIM vs Rapid7 InsightVM (Nexpose)

Likelihood to Recommend

If this is your first experience with a SIEM, this one can get you started. Take the time to learn the ins and outs of the product and you'll most likely be satisfied with it if your company is an SMB. If you need compliance reports, OSSIM is too small for you, you'll need to go with USM or USM Anywhere.

Read full review

Ivan Montilla Miralles

Technical Services

GB Advisors, Inc.Computer & Network Security, 11-50 employees

View all 7 answers on this topic

Works well most of the time for even large enterprise organizations, but takes a lot of care and feeding to ensure it's running properly.
We have had several issues with 'ghost machines' not updating and continue to report on IP's with no devices attached.
Could use better filtering and reporting built-in and more customized options.

Read full review

Verified User

Analyst in Finance and Accounting

Financial Services Company, 1001-5000 employees

View all 7 answers on this topic

Feature Rating Comparison

AlienVault OSSIM

Rapid7 InsightVM (Nexpose)

Centralized event and log data collection

Correlation

Event and log normalization

Deployment flexibility

Integration with Identity and Access Management Tools

Custom dashboards and views

Host and network-based intrusion detection

Pros

Asset discovery. Once installed in a centric, network-accessible server, OSSIM can poll all your endpoints with common protocols (SSH, SNMP, WMI) to detect and discover site-wide assets to monitor. You only need to group them by your own criteria once added to the product.
SIEM Event Correlation. You can define quite complex correlation rules to detect possible suspicious or malicious actions or attempts in your network, in order to categorize them as real threats or as false positives, thus streamlining your risk assessment and management.
Ease of installation. The entire AlienVault OSSIM is self-contained in an ISO file, which can be burned into a DVD or just mounted in your server of choice (physical or virtual) for deployment. The installation process is automated and quote verbosed, with options for static IP, email messaging and others.
Ease of access. Being AlienVault OSSIM a self-contained appliance, it can be accessed via web by any device that supports a web browser, being that desktops, workstation, mobile devices, etc. The OSSIM dashboard and other features are automatically rearranged to adapt to the particular device being in use.

Read full review

Jose Quintero

Support Services Manager

GB Advisors, Inc.Computer Software, 51-200 employees

View all 7 answers on this topic

Being a vulnerability scanner tool, its purpose is to scan the systems to find the vulnerabilities. We can define the assets like IP address for the scans and it also allows to either schedule the scan at a preferred time or start the scan immediately. Upon completion of the scan, this tool can result provide the details like host type, OS information, hardware address, along with the vulnerabilities.
Rapid7 Nexpose has a list of templates to perform the scan. Once the templates are defined then the scans are performed accordingly.
It also contains an option to add credentials/authentication using passwords, usernames, private keys to perform the credential-based scans which I think is a great feature.

Read full review

Verified User

Consultant in Information Technology

Information Technology and Services Company, 51-200 employees

View all 7 answers on this topic

Cons

The reports are clunky and a bit tedious to parse through.
Sometimes there's so much noise it's hard to tell what a true positive is. There are lots of false ones that trigger alerts but are normal behavior in many environments.

Read full review

John Keenan

Director of Information Security

Memorial Hospital of GulfportMedical Practice, 5001-10,000 employees

View all 7 answers on this topic

In comparison to Tenable SecurityCenter we saw it didn't exactly find the same vulnerabilities which we would assume it should have
We rely on a ticketing system and not our VM tool to assign tasks so wasn't too useful having that in there
Filtering capabilities aren't as good as its competitors

Read full review

Verified User

Engineer in Information Technology

Non-Profit Organization Management Company, 501-1000 employees

View all 7 answers on this topic

Usability

AlienVault OSSIM 8.0

Based on 1 answer

AlienVault OSSIM is far easy to use and manage - provided you know what you're doing. As any SIEM application, there is some background knowledge required in order to take advantage of the product's functionalities, such as the log correlation and analysis. Other than that, the application is quite usable and robust.

Read full review

Jose Quintero

Support Services Manager

GB Advisors, Inc.Computer Software, 51-200 employees

View all 1 answers on this topic

No score

No answers yet

No answers on this topic

Support Rating

AlienVault OSSIM 8.0

Based on 4 answers

AlienVault OSSIM support has been very good. I have not had an issue that they were not able to quickly identify and provide a fix for. They are very quick to respond to open cases and are very knowledgeable in the product, which makes troubleshooting issues fast and solutions are provided quickly.

Read full review

Laurie Keith

Help Desk Manager

Black Hills Federal Credit UnionBanking, 201-500 employees

View all 4 answers on this topic

Rapid7 InsightVM (Nexpose) 7.4

Based on 4 answers

I gave it a seven due to the functionality and general ease of use after the initial setup headaches, but compared to Qualys, Rapid7 Nexpose falls short on features and ease of use. Their support drags this rating down a point as well. I have gone weeks with no update on semi-critical issues and typically have to make call after call to get a semi-coherent response.

Read full review

Verified User

Analyst in Finance and Accounting

Financial Services Company, 1001-5000 employees

View all 4 answers on this topic

Alternatives Considered

Best bang for the buck. Darktrace did not perform even close to AlienVault. I ran them concurrently. AlienVault consistently found issues that Darktrace didn't pick up, and the Darktrace incidents were false positives. At one point, Darktrace stated I had 2,000 servers and I have 112.FortiSIEM is an awesome package but it's more then I need (or can afford). I would need to add staff, for at least the first year or so, just to get it setup and configured correctly.

Read full review

Matthew Frederickson

Director of Information Technology

Council Rock School DistrictEducation Management, 1001-5000 employees

View all 7 answers on this topic

Nessus Pro does scans, but does not maintain an inventory from scan to scan. There is no history for a specific device, you have to look inside the results of each scan. Search across inventory is non-existent. There are no dashboards for data analysis. This is no tracking for remediation

Read full review

Verified User

Analyst in Information Technology

Oil & Energy Company, 1001-5000 employees

View all 7 answers on this topic

Return on Investment

The only investment here is setting it up and I think seeing it's performance it's a fantastic tool and has a great positive ROI!

Read full review

Verified User

Engineer in Information Technology

Non-Profit Organization Management Company, 501-1000 employees

View all 7 answers on this topic

Can reduce time to patch most critical vulnerabilities
Can help to identify who is spending time patching things of lower risk thus keeping the organization in a more vulnerable position
Easily provides the patch team with a work plan to enhance security more quickly

Read full review

Verified User

Manager in Information Technology

Maritime Company, 201-500 employees

View all 7 answers on this topic

Pricing Details

General

Free Trial

—

Free/Freemium Version

—

Premium Consulting/Integration Services

—

Entry-level set up fee?

No

AlienVault OSSIM Editions & Modules

—

Additional Pricing Details

—

General

Free Trial

—

Free/Freemium Version

—

Premium Consulting/Integration Services

—

Entry-level set up fee?

No

Rapid7 InsightVM (Nexpose) Editions & Modules

Edition

insightIDR	$52¹
Vulnerability Management	$22¹
Application Security	$2,000²
Log Management	$19³
insignConnect	Contact sales team

per asset
per app
per GB

Additional Pricing Details

—

Rating Summary

AlienVault OSSIM

Rapid7 InsightVM (Nexpose)

AlienVault OSSIM

Rapid7 InsightVM (Nexpose)

AlienVault OSSIM

Rapid7 InsightVM (Nexpose)

AlienVault OSSIM vs Rapid7 InsightVM (Nexpose)