15 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.4 out of 101
6 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.9 out of 101

Add comparison

Likelihood to Recommend

AlienVault OSSIM

If this is your first experience with a SIEM, this one can get you started. Take the time to learn the ins and outs of the product and you'll most likely be satisfied with it if your company is an SMB. If you need compliance reports, OSSIM is too small for you, you'll need to go with USM or USM Anywhere.
Ivan Montilla Miralles profile photo

Retina Network Security Scanner

Retina Network Security Scanner is well suited for any environment and infrastructure that would like to expose security deficiencies across their network as well as visualize vulnerabilities as they pertain to assets in their environment. I cannot think of any scenario that would not be appropriate for this product. Since the product carries over to pretty much all assets in your environment, I don't know off the top of y head what it wouldn't be appropriate for.
Joe Spradlin profile photo

Feature Rating Comparison

Security Information and Event Management (SIEM)

AlienVault OSSIM
8.2
Retina Network Security Scanner
Centralized event and log data collection
AlienVault OSSIM
8.4
Retina Network Security Scanner
Correlation
AlienVault OSSIM
8.0
Retina Network Security Scanner
Event and log normalization
AlienVault OSSIM
8.0
Retina Network Security Scanner
Deployment flexibility
AlienVault OSSIM
8.7
Retina Network Security Scanner
Integration with Identity and Access Management Tools
AlienVault OSSIM
7.5
Retina Network Security Scanner
Custom dashboards and views
AlienVault OSSIM
8.0
Retina Network Security Scanner
Host and network-based intrusion detection
AlienVault OSSIM
8.6
Retina Network Security Scanner

Pros

  • Most of the configuration comes out-of-the-box suited for most environments. Setting it up is really easy, with the wizard, you can have it working in less than 3 hours of deployment, without counting asset installation.
  • Out-of-the-box dashboards are really useful. You can modify or add new widgets to suit your needs, but you'll most likely agree with what already comes configured.
  • The tickets feature for handling alarms is really easy to use.
Ivan Montilla Miralles profile photo
  • Besides the fact that Retina NSS performs the fundamental task of scanning all my network devices, one of the main strengths is the speed at which it scans. Time is money and I know people tent to wear that clich√© out a bit, but when you are as small as we are of a team, every minute counts.
  • We have utilized other network security scanners over the past 21 years and Retina NSS seems to have the smallest footprint with no evidence of scanning degrading performance of the devices scanned.
  • They seem to update their database frequently enough that we notice a correlation of threats to discovery.
  • There is a small learning curve, but overall, a seasoned IT professional can quickly get up and running in a few hours and get usable results quickly. This falls back on the speed at which Retina NSS scans. My previous network security scanners would sometimes take hours to complete a full vulnerability scan of between 250 - 400 devices, now it only takes a fraction of that time.
Joe Spradlin profile photo

Cons

  • OSSIM, being an open source solution, lacks log management (a treat that the full USM has). Perhaps a feature to include a lightweight version inside the SIEM Correlation engine can be appreciated.
  • The appliance also lacks support for Cloud-based servers and apps. This feature is also present in USM, so it's unlikely this will appear in OSSIM, but I'd suggest also a reduced version of it included in this appliance.
  • More integration with third-party solutions such as BMC Remedy and ServiceNow, although this can be emulated through email alerts, as most ITSM solutions have the ability of converting incoming email messages into tickets.
Jose Quintero profile photo
  • I do not have any obvious cons to report at this time.
Joe Spradlin profile photo

Usability

AlienVault OSSIM8.0
Based on 1 answer
AlienVault OSSIM is far easy to use and manage - provided you know what you're doing. As any SIEM application, there is some background knowledge required in order to take advantage of the product's functionalities, such as the log correlation and analysis. Other than that, the application is quite usable and robust.
Jose Quintero profile photo
No score
No answers yet
No answers on this topic

Alternatives Considered

AlienVault OSSIM has the upper ante in initial deployment price, being that it's open source. Also, with perhaps the exception of SolarWinds, it has a lower optimal requirements for onsite deployment, hence your OPEX won't be hit very hard by investing in new hardware to suit the appliance. The correlation engine is somewhat more robust that their counterparts in LogRhythm and SolarWinds, and the IDS (both NIDS and HIDS) are more reliable as well in terms of results. Finally, although Tenable SecurityCenter is more robust in dashboards, alerts and reports, it comes short in front of OSSIM in terms of real-time IDS and SIEM correlation.
Jose Quintero profile photo
Retina Network Security Scanner is the only product we have used in our enterprise. I have used a product in the past called GFI LanGuard Network Security Scanner and while it did perform the functions of vulnerability testing, etc...it just wasn't nearly as refined as Retina NSS. It was slow and was not as lightweight as Retina as far as end-user detection.
Joe Spradlin profile photo

Return on Investment

  • The ROI of OSSIM itself is, obviously, immediate, being that it's a free, open-source product. However, you must take into account other inherent investments to cover up for the lack of official support, such as certified agents or consultants that take care of the management and maintenance of the product once in production.
  • On the other hand, the potential loss of information and interruption of operativity due to malware and other threats is really unmeasurable. The implicit savings in OSSIM as a SIEM (Security Information and Event Management) are really the major positive impact on your organization's revenue.
  • Finally, and from a reseller's point of view, reselling OSSIM has the big plus of being a professional services-only asset, given that the appliance itself is free of charge. The only thing to consider is the initial investment in team members with the required capacitation and knowledge to address such professional services to potential customers.
Jose Quintero profile photo
  • The product is extremely easy to deploy, extremely positive.
  • If you take full advantage of this product as I did, you will maximize your ROI quickly as we did.
  • We were able to visualize our vulnerabilities efficiently and effectively and maintain scheduled scans that allowed us to maintain a continuous improvement atmosphere while securing our investments.
  • The ability provide reporting allows our IT department to prioritize issues and remediate as required without chasing down low risk issues over high risk issues that need immediate attention.
Joe Spradlin profile photo

Pricing Details

AlienVault OSSIM

General
Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details

Retina Network Security Scanner

General
Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details