AlienVault USM vs AlienVault OSSIM

• AlienVault USM is based on well-known Open Source components, which each for itself, represents a quasi industry standard
• Integration into the existing infrastructure works like a charm. Basically you just need to roll-out an OSSEC client to each server or PC and you have already a pretty high coverage of security information and events. They immediately show up in the AlienVault Webinterface
• Due to the countless plugins, it is very easy to add network devices like firewalls, router, switches, but also servers running apache and the alike. You will just need to forward syslog and it will all appear in your AlienVault Webinterface
• The modular design of AlienVault USM in form of "deployable sensors", allows you to easily integrate different network segments, such as remote sites.
• As regular vulnerability scans are a must to understand which CVEs your infrastructure is exposed at, this becomes an easy task with AlienVault. They provide you with a set-and-forget approach for running regular scans. Additionally there are helpful hints to how to get more secure.

Read full review

• Most of the configuration comes out-of-the-box suited for most environments. Setting it up is really easy, with the wizard, you can have it working in less than 3 hours of deployment, without counting asset installation.
• Out-of-the-box dashboards are really useful. You can modify or add new widgets to suit your needs, but you'll most likely agree with what already comes configured.
• The tickets feature for handling alarms is really easy to use.

Read full review

• Even though the AlienVault documentation is good, I would like to see documentation on security strategy. This product is focused on smaller companies that may not have a security admin so simple general practice strategy would be helpful.
• This may be repetitive, but documentation on what to do or how to interpret alarms would be helpful. For example, what are the varying degrees of response to a nmap port scan.

Read full review

• OSSIM, being an open source solution, lacks log management (a treat that the full USM has). Perhaps a feature to include a lightweight version inside the SIEM Correlation engine can be appreciated.
• The appliance also lacks support for Cloud-based servers and apps. This feature is also present in USM, so it's unlikely this will appear in OSSIM, but I'd suggest also a reduced version of it included in this appliance.
• More integration with third-party solutions such as BMC Remedy and ServiceNow, although this can be emulated through email alerts, as most ITSM solutions have the ability of converting incoming email messages into tickets.

Read full review

• The only investment here is setting it up and I think seeing it's performance it's a fantastic tool and has a great positive ROI!

Read full review