OSSIM leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts. AlienVault OSSIM is an open source Security Information and Event Management (SIEM) product. It is a unified platform providing: Asset discovery Vulnerability assessment Intrusion detection Behavioral monitoring SIEM OSSIM provides the basis for AlienVault's proprietary Unified Security…
N/A
ServiceNow IT Service Management
Score 8.4 out of 10
N/A
ServiceNow is a fast-growing service management provider that went public in 2012. Built on the ServiceNow Now Platform, the IT Service Management bundle provides an agent workspace with knowledge management, and modules supporting issue tracking and problem resolution, change, release and configuration management, and (on the higher tier ITSM Professional plan) ITAM and software asset management.
AlienVault OSSIM has the upper ante in initial deployment price, being that it's open source. Also, with perhaps the exception of SolarWinds, it has a lower optimal requirements for onsite deployment, hence your OPEX won't be hit very hard by investing in new hardware to suit …
If this is your first experience with a SIEM, this one can get you started. Take the time to learn the ins and outs of the product and you'll most likely be satisfied with it if your company is an SMB. If you need compliance reports, OSSIM is too small for you, you'll need to go with USM or USM Anywhere.
In our organization, we are using ServiceNow extensively. Change Management, Incident Management, Problem Management, Time tracking are few modules which we use extensively. This sort of model will work for any product or service based companies as the product is built on ITIL framework. So this product will be suited for small or large scale companies to better organize and add controls and track SLA's for technology or business process.
Asset discovery. Once installed in a centric, network-accessible server, OSSIM can poll all your endpoints with common protocols (SSH, SNMP, WMI) to detect and discover site-wide assets to monitor. You only need to group them by your own criteria once added to the product.
SIEM Event Correlation. You can define quite complex correlation rules to detect possible suspicious or malicious actions or attempts in your network, in order to categorize them as real threats or as false positives, thus streamlining your risk assessment and management.
Ease of installation. The entire AlienVault OSSIM is self-contained in an ISO file, which can be burned into a DVD or just mounted in your server of choice (physical or virtual) for deployment. The installation process is automated and quote verbosed, with options for static IP, email messaging and others.
Ease of access. Being AlienVault OSSIM a self-contained appliance, it can be accessed via web by any device that supports a web browser, being that desktops, workstation, mobile devices, etc. The OSSIM dashboard and other features are automatically rearranged to adapt to the particular device being in use.
When I have a number of requests to make, for example a request to add a dozen or so user accounts to more than one group account in Active Directory , I can put all the needed information into the initial form, add it to my "shopping cart" and all of that information remains on the screen for the next item for which I only need to edit a few items (like the AD group name in this example), and keep adding them to the shopping cart until I have them all. When I "Check Out" each of those items is generated as a separate task under the one request. It simplifies and expedites the creation and tracking of these kinds of requests.
I can easily and quickly see what tickets are currently assigned to me in order to prioritize them and remain aware of my workload.
Numerous fields for CIs can be used when trying to find the entry for a particular item. For example, IP Address, server name, raw text, classification, and so on.
To help with making sense out of related tasks, when a task is assigned to me and I need to open another task for a different team to work in order to complete my task, I can open a sub-task from my ticket so that the relationship between the two can be pulled up later into reports. For example, I may have a task to build a new vm, and need to open tasks for networking, security accounts, software installation and so on. By opening sub-tasks from my assignment, the time spent by all parties concerned is tied together for more meaningful cost accounting.
It is hard to find areas for improvement, the tool is very powerful. That said, building the CMDB still involves some manual interaction which was not how it was presented in demos.
The CMDB data is almost too deep and detailed. When you build the relationship map it can be so large that it is overwhelming. You can limit this, but the default maps are massive if you are discovering lots of device classes.
The product is expensive. Since they are the leader in the industry and the product has tons of features, they definitely charge for it!
To be completely honest setting up a new ticketing system can be a pain in the ass. Once you have it setup and customized the way you want it, you don't want to switch unless you're unhappy with the product. Unless future releases and updates really muck the system up, I wouldn't change.
AlienVault OSSIM is far easy to use and manage - provided you know what you're doing. As any SIEM application, there is some background knowledge required in order to take advantage of the product's functionalities, such as the log correlation and analysis. Other than that, the application is quite usable and robust.
The dashboard is so confusing, [there are] many clicks to open a task and search by a ticket. The Enterprise customisation [we did] has finished to kill the software and creates a really bad experience on a daily basis. [It is] So slow, and so many clicks to process a ticket. Works only on IE so, that [should] make you realize that [it] is a bad idea.
Everything is done through MSSP and installation pro services. Once those hours are burned up, then you're on your own without a lot of help. Typically the pro services hours aren't enough to get past 60 days and MSSP are hit and miss. We had a miss for installation helpers.
I would give it this rating because we have had no major issues with the support for ServiceNow after we implemented it at our organization. They seem to respond promptly and efficiently if we ever do need to open a support case with them about an issue we are having.
To type in what should be a text box, you have to click an empty cell, a tiny text box pop up opens with a check box and an X. You the. Type in the text box and have to click the check mark. If you have a bunch of fields to fill out, doing this is very annoying. Absolutely know thought went in to this. I'm sure somebody in marketing thought it was a good idea. It wasn't.
Without exception, every client I have worked with has been very happy with their resulting product. While this is partly due to my work, I must point out that the platform is the winning decision, not the implementer.
Originally my organization leveraged alien value due to the lower cost of entry and ability to manage it as a service provider. Unfortunately, after several years of working with this tool, it became unwieldy to use as it felt that almost every useful report had to be created by hand. As other tools have come out with the ability to do automated responses such as Stellar Data processor, we have begun to evaluate alternatives.
We used to use Jira to handle service tickets but it's way too robust for something this straightforward. Due to the nature of Jira, you needed to already have a lot of documentation and knowledge about who should be assigned the ticket, so the lift of creating a ticket was time consuming.
Overall ServiceNow has a positive impact on getting the SLA of tickets down in supporting our customers.
One negative impact has been the amount of time to get the product to produce an ROI, it's almost too big to fail and too big to replace. You almost become committed to the product. Good or bad.
Another negative impact would be if you track metrics of employees and time tracking, there is a lot of scenarios where engineers will track time on tickets but not get credit for closing them as the assignee function of tickets can only be tied to one user and credits only the engineer who closes the ticket.
Another positive impact would be the level of security for permissions and scaling the workloads is robust and you will get out of the system what your team is willing to put in.
