OSSIM leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts. AlienVault OSSIM is an open source Security Information and Event Management (SIEM) product. It is a unified platform providing: Asset discovery Vulnerability assessment Intrusion detection Behavioral monitoring SIEM OSSIM provides the basis for AlienVault's proprietary Unified Security…
N/A
Varonis Data Security Platform
Score 9.0 out of 10
N/A
Varonis offers their Data Security Platform, a modular suite of data acess and data security products providing sensitive data discovery, data access governance, unusual behavior detection, GDPR compliance support, as well as incident playbooks and cybersecurity forensic reporting.
If this is your first experience with a SIEM, this one can get you started. Take the time to learn the ins and outs of the product and you'll most likely be satisfied with it if your company is an SMB. If you need compliance reports, OSSIM is too small for you, you'll need to go with USM or USM Anywhere.
The most highlighted feature of Varonis Data Security Platform is the data analyzing mechanism. It analyzes your data all the time with some special algorithms to detect any unusual activities so that it can identify any unusual behavior or users and take necessary action to save your sensitive data. They also offer a complete dashboard solution for their customers to control across different data stores, see their current state, and any security breaches to be addressed manually.
Asset discovery. Once installed in a centric, network-accessible server, OSSIM can poll all your endpoints with common protocols (SSH, SNMP, WMI) to detect and discover site-wide assets to monitor. You only need to group them by your own criteria once added to the product.
SIEM Event Correlation. You can define quite complex correlation rules to detect possible suspicious or malicious actions or attempts in your network, in order to categorize them as real threats or as false positives, thus streamlining your risk assessment and management.
Ease of installation. The entire AlienVault OSSIM is self-contained in an ISO file, which can be burned into a DVD or just mounted in your server of choice (physical or virtual) for deployment. The installation process is automated and quote verbosed, with options for static IP, email messaging and others.
Ease of access. Being AlienVault OSSIM a self-contained appliance, it can be accessed via web by any device that supports a web browser, being that desktops, workstation, mobile devices, etc. The OSSIM dashboard and other features are automatically rearranged to adapt to the particular device being in use.
Varonis logging is very robust and captures all audit events being sent from the file servers.
The ability to report and alert on Active Directory account events works very well with file activity monitoring. It can show the complete picture of what an account did while being used.
Have a customizable dashboard is great for being able to show upper management information that only pertains to them.
AlienVault OSSIM is far easy to use and manage - provided you know what you're doing. As any SIEM application, there is some background knowledge required in order to take advantage of the product's functionalities, such as the log correlation and analysis. Other than that, the application is quite usable and robust.
Everything is done through MSSP and installation pro services. Once those hours are burned up, then you're on your own without a lot of help. Typically the pro services hours aren't enough to get past 60 days and MSSP are hit and miss. We had a miss for installation helpers.
Support has always been very responsive and addressed any issues we may have had in the past. Some local engineers are willing to come onsite or work over a web session to discuss creating a new rule set or look at some issues. Getting issues address has never been a problem. There was one feature we had trouble getting to function correctly, but support and local engineers were willing to work with us as much as needed to get it working correctly for our organization.
Originally my organization leveraged alien value due to the lower cost of entry and ability to manage it as a service provider. Unfortunately, after several years of working with this tool, it became unwieldy to use as it felt that almost every useful report had to be created by hand. As other tools have come out with the ability to do automated responses such as Stellar Data processor, we have begun to evaluate alternatives.
Actually, we didn't expend much time evaluating other file auditing platforms. We chose Varonis just after a serious incident and we had already heard about Varonis at a Netapp event. So it was an easy choice. We called Varonis and asked them for a PoC, that's it. The PoC became a production and it is running until this day.
