TrustRadius
AlienVault OSSIM: Best Bang for Your Buck Hands Down!
https://www.trustradius.com/security-information-event-management-siemAlienVault OSSIMUnspecified8.717101
Matthew Frederickson profile photo
October 09, 2019

AlienVault OSSIM: Best Bang for Your Buck Hands Down!

Score 10 out of 101
Vetted Review
Verified User
Review Source

Overall Satisfaction with AlienVault OSSIM

Anyone who works in a K12 public school district knows you have just as many threats inside your network as outside. Think about it, what else do 7 through 12 graders have but time and curiosity? I've set this up on my perimeters at each of my high schools and middle schools, and again at the district level. My goal is to watch the traffic and devices inside each building and also across the buildings. We use it daily to monitor for unusual activity, devices, or strange "stuff" on our network.
  • Scan network for anomalies once you've established a baseline.
  • Excellent job of showing unusual connections or file transfers
  • Excellent job of showing the health of network, congestions, etc.
  • It only comes with 10 canned reports. These reports are good, but a little more flexibility would be nice. The data is stored in a database, so it is possible to roll your own reports, just very clunky.
  • Log ingestion. The OSSIM product doesn't have a separate log server, so you either have to have a really, really beefy system to do both analysis and log ingestion, or just do log ingestion with something else.
  • Aggregation of data. Actually, it does this really well, but if you have more then two sites, it can slow your analysis down a little.
  • It's free, so a very positive impact. Most products out there are in the thousands of dollars, and for a K12 School District, money is always tight.
  • It allowed me to actually gain invaluable insight.
Best bang for the buck. Darktrace did not perform even close to AlienVault. I ran them concurrently. AlienVault consistently found issues that Darktrace didn't pick up, and the Darktrace incidents were false positives. At one point, Darktrace stated I had 2,000 servers and I have 112.

FortiSIEM is an awesome package but it's more then I need (or can afford). I would need to add staff, for at least the first year or so, just to get it setup and configured correctly.
Everytime I had a question, they were very willing to help. Not that I called often.

Do you think AlienVault OSSIM delivers good value for the price?

Yes

Are you happy with AlienVault OSSIM's feature set?

Yes

Did AlienVault OSSIM live up to sales and marketing promises?

Yes

Did implementation of AlienVault OSSIM go as expected?

Yes

Would you buy AlienVault OSSIM again?

Yes

AlienVault OSSIM is an excellent starter SIEM—you have a fully functioning SIEM in a few hours (installs in less than one, but takes a few to configure, based on your network). The insight you get, immediately is worth the time setting it up. If you are willing to invest some more time, you can fine tune it to really provide deep insight into your network. I really love that it is still free (was nervous when AT&T bought AlienVault).

Each of MyBuildings is routed back to the core - reduces overall traffic and adds one more layer to the network for security reasons. So having an "eye" in each building is necessary at this point. Not sure what I would do if I had to stop using them. The only other thing I plan on doing, in the process of rolling it out right now, is to add some netflow analysis.

AlienVault OSSIM Feature Ratings

Centralized event and log data collection
9
Correlation
7
Event and log normalization
7
Deployment flexibility
10
Integration with Identity and Access Management Tools
9
Custom dashboards and views
8
Host and network-based intrusion detection
10