Stephen Hui - PeerSpot reviewer
Cybersecurity Architect at DataAssure
Reseller
It is free, powerful, and user-friendly with a well-integrated dashboard
Pros and Cons
  • "Its user-friendliness is the most valuable. It is very easy to use and explore. The dashboard is very well packaged and integrated. You don't have to spend a lot of time in configuring it and checking out the RPM etc. It is also free and very powerful."
  • "They can add more compliance templates."

What is most valuable?

Its user-friendliness is the most valuable. It is very easy to use and explore. The dashboard is very well packaged and integrated. You don't have to spend a lot of time in configuring it and checking out the RPM etc. 

It is also free and very powerful.

What needs improvement?

They can add more compliance templates.

For how long have I used the solution?

I have been using AlienVault OSSIM since 2015. 

What do I think about the stability of the solution?

It is a quite stable product.

Buyer's Guide
Security Information and Event Management (SIEM)
March 2024
Find out what your peers are saying about AT&T, Wazuh, Elastic and others in Security Information and Event Management (SIEM). Updated: March 2024.
765,234 professionals have used our research since 2012.

What do I think about the scalability of the solution?

It is perfectly scalable. We have ten in-house users.

Which solution did I use previously and why did I switch?

I have used Splunk. AlienVault OSSIM and Splunk differ mainly in price. In Splunk, we need to do the correlation ourselves. Alienvault OSSIM is more user friendly. I don't have to learn a particular SQL language to do a query. It provides a new way of creating a query for any security event or management. 

How was the initial setup?

The initial setup is very straightforward. It doesn't take more than 15 minutes, and you are done.

We predominantly deploy it on-premises. We have a few deployments on the cloud, but our focus is primarily on the on-premises deployments.

What's my experience with pricing, setup cost, and licensing?

AlienVault OSSIM is free.

What other advice do I have?

It is a very good solution. It is already more than adequate. It is a perfectly nice and free tool for compliance testing, assessment, and some basic vulnerability. 

I would advise upgrading to its paid version, USM, to get more features. It's well worth the money because of the provided threat intelligence, support, and training. When you upgrade to the paid version, you enjoy all these features. OSSIM doesn't have all these features because it is a freeware. 

AlienVault OSSIM is backed up by AT&T Cybersecurity, which is a Fortune Top 20 company. When you upgrade to the paid version, you also get support from AT&T, which is good.

I would rate AlienVault OSSIM a nine out of ten. I'm very happy with this solution. It is a great product.

Disclosure: My company has a business relationship with this vendor other than being a customer: partner
PeerSpot user
Co-Founder at Besafe Technology
Consultant
Data correlation and vulnerability assessment help protect our customers against malicious activity
Pros and Cons
  • "The most valuable features of this solution are the data correlation and vulnerability assessment."
  • "The price of this solution is very high and it could be cheaper."

What is our primary use case?

We are a solution provider and this is one of the products that we implement for our clients.

Our clients use this SIEM solution to collect and analyze logs that are generated by different appliances or different machines. It is a correlation tool for event management that gathers all of the events in your environment. This includes different hardware and different operating systems. There are rules in AlienVault that might be triggered based on the logs, and you can tell when there is a security attack or something else that is malicious that comes to your network. These types of events raise a flag and send a notification.

Our clients include banks and other financial institutions.

There are two versions of AlienVault. One is a community edition and the other requires a license. We are dealing with the licensed version and a hybrid-cloud environment.

What is most valuable?

The most valuable features of this solution are the data correlation and vulnerability assessment.

What needs improvement?

The price of this solution is very high and it could be cheaper. Normally it is sold to financial institutions, which is why it is high.

For how long have I used the solution?

I first implemented this solution in 2012, seven years ago.

What do I think about the stability of the solution?

This solution is very stable. It runs on a Linux box and you only interface with it through the GUI. It works behind the scenes. It has never crashed in the time that I have used it.

What do I think about the scalability of the solution?

Scalability is very good. It integrates with a number of other products, such as the help desk.

How are customer service and technical support?

Technical support for this solution is very good. They are now owned by AT&T Security, and their people do a pretty good job.

What about the implementation team?

We implement this solution for our customers.

We have a team of twenty engineers. Some work on infrastructure, while others handle security products. I am the head of the security team.

What's my experience with pricing, setup cost, and licensing?

There are two versions of AlienVault available. The Community Edition is free, and the other version requires a license. The licensing fees for the non-community edition are paid on an annual basis, and there are no costs in addition to this.

What other advice do I have?

There is a cloud version of this solution available, called AlienVault USM Anywhere, which defends data that is outside of the premises.

The OSSIM version is an open-source product, unlike AlienVault USM, or the cloud version, AlienVault USM Anywhere. You have to rely on the community for support. If you are a business or a bank or a financial institution then it would be better to go with the licensed version. You get support 24/7, while with the community you cannot find this support. On the other hand, an individual who is using it and can handle the issues should go with OSSIM because it's almost free. As long as you can handle problems, such as when it stops working, that you can fix over a couple of days or during the weekend, then it is fine. 

I would rate this solution a ten out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Security Information and Event Management (SIEM)
March 2024
Find out what your peers are saying about AT&T, Wazuh, Elastic and others in Security Information and Event Management (SIEM). Updated: March 2024.
765,234 professionals have used our research since 2012.
Relationship Manager at Snapnet Ltd
Real User
Top 5Leaderboard
An enterprise solution that is rated highly by organizations
Pros and Cons
  • "AlienVault OSSIM is an enterprise solution that sells easily. It is rated highly by organizations."
  • "AlienVault OSSIM is costly."

What is our primary use case?

We use the product for user analysis and network visibility. 

What is most valuable?

AlienVault OSSIM is an enterprise solution that sells easily. It is rated highly by organizations. 

What needs improvement?

AlienVault OSSIM is costly. 

For how long have I used the solution?

I have been working with the solution for more than a year. 

What do I think about the stability of the solution?

The solution is stable. 

What do I think about the scalability of the solution?

The product is scalable. 

Which solution did I use previously and why did I switch?

The tool's installation is straightforward. 

What's my experience with pricing, setup cost, and licensing?

The tool's licensing costs are yearly. 

What other advice do I have?

I rate AlienVault OSSIM an eight out of ten. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Flag as inappropriate
PeerSpot user
Owner & Cyber Security Consultant at Sekurisor
Consultant
Great solution for checking vulnerabilities, and it's free to use, but the initial setup is a bit tricky
Pros and Cons
  • "The open vault component and the checking of vulnerabilities are the most valuable features. The page management helps with this. If you know how your device is vulnerable at least you can do something about it."
  • "The initial setup was a bit complex. You've got to do a lot of reading. It's not an intuitive implementation."

What is our primary use case?

We primarily use the solution just to check on devices. OSSIM does a lot of different things to help with this, including a bit of analytics, vulnerability testing, assessment, etc.

What is most valuable?

The open vault component and the checking of vulnerabilities are the most valuable features. The page management helps with this. If you know how your device is vulnerable, at least you can do something about it.

What needs improvement?

It's not easy to add a device that doesn't have a steady IP. Particularly when you're not putting a sensor on-site. When you have a sensor on-site, then that sensor speaks to the main sensor. We are trying to look for quality devices that give a dynamic IP, so it makes it practically impossible to add a new device.

If there was a way to do dynamic DNS, I think that would help.

For how long have I used the solution?

I've been using the solution for almost one year.

What do I think about the stability of the solution?

The stability of the solution is fine.

What do I think about the scalability of the solution?

Scalability can be a bit tricky, especially for network devices. We have about 150 devices on the solution right now that I am monitoring.

Which solution did I use previously and why did I switch?

We didn't previously use another solution.

How was the initial setup?

The initial setup was a bit complex. You've got to do a lot of reading. It's not an intuitive implementation. The deployment didn't take a long time, however.

What about the implementation team?

I handled the implementation myself.

What's my experience with pricing, setup cost, and licensing?

The solution is open-source, so it's free to use.

Which other solutions did I evaluate?

We did evaluate another solution.

What other advice do I have?

We use the cloud deployment model. I have a server that I subscribe people to.

I would advise others to consider, if they get more customers, to do the commercial version the OSSIM from AlienVault. It's now part of AT&T, so there's a lot of support.

I would rate the solution seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
CISO at a recreational facilities/services company with 501-1,000 employees
Real User
Provides threat alerts on harmful code in the network
Pros and Cons
  • "The threat alerts it gives me from time to time on harmful code within the network, or if they are generating any network traffic, are very useful."
  • "It takes some time. It does not give me a prompt response for any such [malicious] traffic. It takes time to get that alert from the AlienVault system."

What is our primary use case?

I use it for monitoring. I use it for getting alerts on various malicious activities, if there are such on my network. I'm using the free version of this product, OSSIM.

As a media company, we follow MPAA, which is a set of controls for media businesses. The other set of compliance that we follow is DPP. We use AlienVault to comply to their standards.

How has it helped my organization?

We have various media organizations from which we get data into our network and then it goes out. If you put any control, any device, or anything to sense the traffic, it will say that it's malicious traffic, because of the nature of most of the traffic that we generate. We usually upload or download TV shows or films, they go in and out. The same size of IP packets increase because of the kind of transfer that we do.

In addition to that, we also are into broadcasting. We send the data to broadcasting stations, and from there it gets broadcasted on air.

It has really helped find critical vulnerabilities in our network at times. There was a brute force attack, a web attack, and I was able to discover that using AlienVault. There was a WannaCry in one of my systems, a trojan, and it was generating traffic towards the WannaCry domain. I was able to see that through the AlienVault system. It was not immediate. It was after almost three days that I was able to discover that there was a vulnerability within our network.

What is most valuable?

The threat alerts it gives me from time to time on harmful code within the network, or if it is generating any network traffic, are very useful. However, it takes some time. It does not give me a prompt response for any such traffic. It takes time to get that alert from the AlienVault system.

I'm using it for discovering assets every day. If there are any changes in my network, I give it additional subnets which have been added. It adds all the assets to my dashboard.

What needs improvement?

I find it very useful when it is for a small or mid-size enterprise. The problem I see in this product is that it is not meant for a large business or for managing critical business services.

AlienVault-like products are not meant for businesses like the banking sector or insurance and places that require strong regulatory compliance, in my experience, because of delays in response. And sometimes it is very complicated to configure this for specific requirements. Writing APIs, etc. takes time. On the other hand, if you look into other products in the market, it's easy to write APIs or integrate them with other database services or middleware and your application layer services, and get the alerts.

It does not help me to respond to the threats all the time. That's why we are also working with Splunk. Splunk is used by one of our service providers and we can directly ask them to use Splunk instead of any other SIEM solutions.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

I find it to be stable. That's why I'm using it. Given that it's free of cost, whatever it gives us is more than enough.

What do I think about the scalability of the solution?

I haven't explored scalability very much but the scalability is open. It's scalable up to a level where we can manage a mid-size business. As I said earlier, it is not suitable for the banking sector at all, because they require stringent controls and monitoring, real-time monitoring, which this tool doesn't have; at least, I haven't seen it. Perhaps it's my bad that I haven't seen this tool give me a proper response, on time. It takes time for it to give a response.

Which solution did I use previously and why did I switch?

I've used and evaluated QRadar vs AlientVault very extensively - I was working with IBM. I used it for ten years. I used and have compared ArcSight vs AlienVault as well, at my previous organization. At that organization, I also deployed AlienVault because I am comfortable with AlienVault.

Those competitors to AlienVault are very user-friendly, their interfaces are very user-friendly. They have multiple options such as generating reports and getting immediate alerts.

If somebody changes the privileges in the system or some code changes the privileges in the system, AlienVault is lacking there. Machine-learning and artificial intelligence are things that AlienVault should explore. If those were added to it, no product could replace it.

How was the initial setup?

My setup is very complex. The network is segmented and configured differently for different customers.

The initial deployment started around two years ago. It took around one-and-a-half years to make this product stable and to talk to each and every device in my network and give me some sort of report which would actually give me the right posture of my security status. I did the complete deployment myself.

The implementation strategy was there and that's why it took a long time. We were also engaged in other business activities, so it took a long time to make this into a proper deployment.

What about the implementation team?

We didn't have any third-parties involved. It was all mine. I started with the web, through YouTube, through various other social media, and a couple of people who used it earlier. I now have several years of experience. That has helped me a lot in getting this deployed.

What was our ROI?

There is a financial value. It's giving me some value and I've already had a good amount of results on AlienVault products. I deployed it at multiple stations, three or four cities in India, two in the US, and one in the UK. I have deployed it widely because I find that it gives value for money. If I got the paid version at the right cost, I think it would be the best product available in the market for a business like ours.

What's my experience with pricing, setup cost, and licensing?

A product like Splunk will squeeze you for money if you ask them to provide similar services. So I find this solution very useful in that sense.

AlienVault pricing is the best. Whatever cost you are paying, you are getting a return on every penny. I have advised multiple friends of mine, those who are into the security arena, to go for AlienVault. It's not like your IBM, your QRadar, or Splunk, where the cost is too high.

What other advice do I have?

If your network is flat, if it is not that complicated, then you should go for it. I'm using it free of cost, so I'm very happy with AlienVault.

I'm the only one who's controlling it. I have a team of five. They are my soft team. They monitor all the alerts 24/7. It takes a team of five to maintain it. I lead the security section and among the other five, two are network specialists and three are system administrators.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
ICT Consultant at N3tcom
Real User
Top 5
Responsive support, helpful vulnerability assessment, and useful network awareness
Pros and Cons
  • "The most valuable features of AlienVault OSSIM are vulnerability assessment, network intrusion detection system, response to critical events, and awareness of the whole network."
  • "AlienVault OSSIM on-premise version is more difficult to implement than the cloud version. Additionally, they should add integration between several different environments at once and improve their online knowledge base."

What is our primary use case?

I use AlienVault OSSIM for the protection of our customers and to find critical events. 

There are two different versions of AlienVault OSSIM, one is on-premise and the other is cloud.

What is most valuable?

The most valuable features of AlienVault OSSIM are vulnerability assessment, network intrusion detection system, response to critical events, and awareness of the whole network.

What needs improvement?

AlienVault OSSIM on-premise version is more difficult to implement than the cloud version. Additionally, they should add integration between several different environments at once and improve their online knowledge base.

For how long have I used the solution?

I have been using AlienVault OSSIM for three years.

What do I think about the stability of the solution?

The older versions of AlienVault OSSIM were not stable, but the latest version was better.

I rate the stability of AlienVault OSSIM a four out of five.

What do I think about the scalability of the solution?

I rate the scalability of AlienVault OSSIM a four out of five.

We have three people who use this solution in my company.

How are customer service and support?

The support from AlienVault OSSIM is good, they are responsive.

I rate the support from AlienVault OSSIM a five out of five.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup of AlienVault OSSIM was easy. However, I have many years of experience in the field of network administration. The process took one day to complete.

What about the implementation team?

We did the implementation of AlienVault OSSIM, we are all certified. We have five engineers that did the implementation of the solution.

What's my experience with pricing, setup cost, and licensing?

The price of AlienVault OSSIM is too high sometimes for us to present to our customers. The price should be lower. We are on a three-year license to use the solution. We had to pay extra for the support.

What other advice do I have?

We have two people that do the maintenance for the solution.

I rate AlienVault OSSIM an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Chief Operating Officer at a insurance company with 201-500 employees
Reseller
Stable, scalable, and useful reporting
Pros and Cons
  • "The paid version of the solution has reporting and better scalability options."
  • "When comparing AlienVault OSSIM to other solutions it looks a bit outdated. Additionally, they need to improve their integration."

What is our primary use case?

I have deployed AlienVault OSSIM in a couple of small environments for monitoring.

What is most valuable?

The paid version of the solution has reporting and better scalability options.

What needs improvement?

When comparing AlienVault OSSIM to other solutions it looks a bit outdated. Additionally, they need to improve their integration.

For how long have I used the solution?

I have been using AlienVault OSSIM for approximately seven years.

What do I think about the stability of the solution?

The solution is stable.

What do I think about the scalability of the solution?

The free version is lacking some of the scalability options.

Which solution did I use previously and why did I switch?

I have used QRadar and ArcSight.

How was the initial setup?

The configuration of the solution is difficult. There are videos we can watch but we do not have time to watch videos. We want there to be better documentation that we can use.

What's my experience with pricing, setup cost, and licensing?

We are using a free version of the solution. If you purchase a license there are more features available but the price is a little high. The solution should be cheaper to allow more customers to be able to afford it.

Which other solutions did I evaluate?

I have evaluated ELK Stack and Security Onion.

What other advice do I have?

I rate AlienVault OSSIM an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer:
PeerSpot user
Co-Founder and Director - Information Technology at Techneow
Real User
Good architecture, excellent threat policies, and very stable
Pros and Cons
  • "The threat policies of the solution are always very advanced and the best in the market. They are very persistent in terms of keeping up with security protocols."
  • "There needs to be more support or some kind of training program so users can self-learn the system more effectively."

What is our primary use case?

We implemented the solution for one of our client's e-commerce spaces. Our customer wanted to monitor the complete security posture. 

What is most valuable?

We really like the solution's architecture. There's a logon, clients, an agent, and then the server. All of these were deployed in a multilayer architecture.

The threat policies of the solution are always very advanced and the best in the market. They are very persistent in terms of keeping up with security protocols.

What needs improvement?

The pricing of the solution needs to be improved.

There needs to be more support or some kind of training program so users can self-learn the system more effectively.

For how long have I used the solution?

I've been using the solution for three years.

What do I think about the stability of the solution?

The stability is quite good. There's no hindrance to the user. It's reliable and doesn't seem to have any bugs or glitches.

What do I think about the scalability of the solution?

The scalability is something I wouldn't be able to comment much on. Since it was on-premises setup, and there was no such dynamic need from the customer in terms of expanding.

There's a team of seven currently working on the solution. Our overall monitoring was divided into three sections. One is a network monitoring, and then there are apps monitoring and monitoring the storage.

We're not involved in the engagement anymore, so I haven't heard if the client has plans to increase usage, however, due to its general limited scalability as hardware, I don't think that they would.

How are customer service and technical support?

We were in touch with technical support a bit when we were doing the implementation. The training and knowledge they provided was minimal and usually through email. We struggled a bit.

Which solution did I use previously and why did I switch?

We were pretty limited to AlienVault with this particular client. They needed something on-premises and didn't want to look at cloud options. We've used QRadar and Sentinal in the past, however, for this customer, we decided AlienVault was best.

How was the initial setup?

The initial setup was a bit complex. That may have been multiplied by the fact that there was a lack of skills on the team. If they had more training, it probably would have been a bit easier or more straightforward.

Deployment took us almost two months, including having to set up all of the infrastructure for it. We worked with about 140 monitoring devices. It wasn't too large of a setup. The client wanted us to build and operate something a bit more modern than their older setup. We worked with them to set up a complete 24/7 soft center on-premise. 

The entire setup and deployment took about four months, and that included not just the IT part but the work area as well. We had to secure the room, put in power, supply air conditioners, etc. That's a pretty standard setup in terms of the physical space.

We had four people working on the deployment, one of which was a very senior professional with 20+ years of experience.

What about the implementation team?

We had one internal consultant who did the entire implementation for us.

What's my experience with pricing, setup cost, and licensing?

I'm not sure what the cost of the solution is. It may be in the ballpark of $60,000 to $100,000.

What other advice do I have?

We're just customers. We don't have a business relationship with the product.

We're using the enterprise edition of the solution, the MSSP edition, however, I'm unsure which version it is we're currently on.

Typically, we get requests for QRadar, AlienVault, or Sentinal. QRadar and AlienVault are the top choices for the most part, and we work with both. We try to accommodate our client's preferences.

I'd rate the solution overall at eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Security Information and Event Management (SIEM) Report and find out what your peers are saying about AT&T, Wazuh, Elastic, and more!
Updated: March 2024
Buyer's Guide
Download our free Security Information and Event Management (SIEM) Report and find out what your peers are saying about AT&T, Wazuh, Elastic, and more!