Likelihood to Recommend If this is your first experience with a SIEM, this one can get you started. Take the time to learn the ins and outs of the product and you'll most likely be satisfied with it if your company is an SMB. If you need compliance reports, OSSIM is too small for you, you'll need to go with USM or USM Anywhere.
Read full review Trellix (FireEye + McAfee)
[McAfee ePolicy Orchestrator] seems to be better suited to large enterprise applications... I don't feel it really suits the or self-managed SMB market. The general joe is not going to understand how to wield this product to it's full potential. For those of us managing large networks, this is a very ideal product for managing multiple sites and users.
Read full review Pros Asset discovery. Once installed in a centric, network-accessible server, OSSIM can poll all your endpoints with common protocols (SSH, SNMP, WMI) to detect and discover site-wide assets to monitor. You only need to group them by your own criteria once added to the product. SIEM Event Correlation. You can define quite complex correlation rules to detect possible suspicious or malicious actions or attempts in your network, in order to categorize them as real threats or as false positives, thus streamlining your risk assessment and management. Ease of installation. The entire AlienVault OSSIM is self-contained in an ISO file, which can be burned into a DVD or just mounted in your server of choice (physical or virtual) for deployment. The installation process is automated and quote verbosed, with options for static IP, email messaging and others. Ease of access. Being AlienVault OSSIM a self-contained appliance, it can be accessed via web by any device that supports a web browser, being that desktops, workstation, mobile devices, etc. The OSSIM dashboard and other features are automatically rearranged to adapt to the particular device being in use. Read full review Trellix (FireEye + McAfee)
Static malware scans for known bad processes and files works well and can be schedules on endpoints easily Preventing users from accessing USB drives and other peripherals is easily configured. We can also allow users to access to USB drives with user codes for the times they need it for business reasons. ePO provides access into our MSME software so that we're not managing many different products from different locations. In recent years the console has gotten much easier to navigate even though there is a ton of information to be accessed. Read full review Cons Creating custom rules is a bit complicated Reporting could be improved Agent has caused conflicts with a couple of our other applications Read full review Trellix (FireEye + McAfee)
It has a slow mechanism when adding custom threat feeds. For example, if McAfee didn't have a signature or detection about a new virus and we try to add it to our console it is like a really big process in adding that to our available signatures. Whenever a scan is performed, the system CPU utilization goes up 100 percent. Installation fails due to difference in timestamp when we try to shuffle between packages. Read full review Usability AlienVault OSSIM is far easy to use and manage - provided you know what you're doing. As any SIEM application, there is some background knowledge required in order to take advantage of the product's functionalities, such as the log correlation and analysis. Other than that, the application is quite usable and robust.
Read full review Trellix (FireEye + McAfee)
Support Rating Everything is done through MSSP and installation pro services. Once those hours are burned up, then you're on your own without a lot of help. Typically the pro services hours aren't enough to get past 60 days and MSSP are hit and miss. We had a miss for installation helpers.
Read full review Trellix (FireEye + McAfee)
McAfee support is definitely GREAT! It is one of the best technical support on a business level. GOLD support is recommended to business. Their website is easy and quick to create a ticket. Their technical team usually responds right away with an email or call. Via call and web they provide a full and complete support until the issue is resolved. The best, most of the time they explain in detail what is the issue, the reason and how to resolve it.
Read full review Alternatives Considered Originally my organization leveraged alien value due to the lower cost of entry and ability to manage it as a service provider. Unfortunately, after several years of working with this tool, it became unwieldy to use as it felt that almost every useful report had to be created by hand. As other tools have come out with the ability to do automated responses such as
Stellar Data processor, we have begun to evaluate alternatives.
Read full review Trellix (FireEye + McAfee)
I have used Symantec Endpoint Encryption before. Symantec and EPO are both good in their own ways. EPO allows integration of other McAfee products. I have been using ePolicy Orchestrator for years. I have a lot of experience with the product. That is why I like it.
Read full review Return on Investment It satisfied a requirement of our audit team (internal and external). Custom written alerts allow us to be proactive for some events. Stable product means we don't spend a lot of time keeping it up and running. Read full review Trellix (FireEye + McAfee)
Peace of mind that your environment is safe and secure. Keep your network environment up and running. Additional resources (consulting or training) may be required if not familiar with the product. Very complex to setup and configure ( training may be required). Once configured, it will take care of almost 80% of your tasks. Read full review ScreenShots