AlienVault USM vs AlienVault OSSIM

• Up to this point, I have had no issues integrating with a system we currently have in production. while AlienVault stays on top with plugin updates.
• Te dashboard is very informative when you figure out how to navigate around it and tweaked to your organization needs.
• Correlation of events is probably my favorite as I normally only need to jump on the AlienVault dashboard to hammer down on network traffic/activity details.

Read full review

• Most of the configuration comes out-of-the-box suited for most environments. Setting it up is really easy, with the wizard, you can have it working in less than 3 hours of deployment, without counting asset installation.
• Out-of-the-box dashboards are really useful. You can modify or add new widgets to suit your needs, but you'll most likely agree with what already comes configured.
• The tickets feature for handling alarms is really easy to use.

Read full review

• Walking through all the devices after a Nmap or device discovery scan can be tedious to get the data correct
• When deploying HIDS, it would be better if the system gave more detail as to the deployment error
• Offline updating of licenses can be a little time-consuming

Read full review

• The correlation directives that come out of the box are very few. I understand more correlation directives are a premium product, but one can hardly see the value of having very few. It makes new customers think they will not get better directives when they switch to the full USM or USM Anywhere.
• Same with reports, the few reports it comes out of the box can be retrieved using other tools that are better prepared for the task. I understand that compliance reports aren't free, but at least I'd expect more security reports.
• The OTX tab in dashboards sometimes takes too long to load, even if you have a fast internet and plenty of resources in the VM.

Read full review

• The ROI of OSSIM itself is, obviously, immediate, being that it's a free, open-source product. However, you must take into account other inherent investments to cover up for the lack of official support, such as certified agents or consultants that take care of the management and maintenance of the product once in production.
• On the other hand, the potential loss of information and interruption of operativity due to malware and other threats is really unmeasurable. The implicit savings in OSSIM as a SIEM (Security Information and Event Management) are really the major positive impact on your organization's revenue.
• Finally, and from a reseller's point of view, reselling OSSIM has the big plus of being a professional services-only asset, given that the appliance itself is free of charge. The only thing to consider is the initial investment in team members with the required capacitation and knowledge to address such professional services to potential customers.

Read full review