AlienVault OSSIM (discontinued) vs. Trend Micro TippingPoint

The most obvious scenario in which OSSIM is well suited is in a single office/home office (SOHO) or small business, in which budget is reduced but asset discovery and vulnerability management are greatly needed and appreciated. OSSIM is lightweight and free, so the real challenge to face is to hire or assign an administrator to manage and operate it, instead of any investment on an expensive appliance. Also, as resellers, promoting usage of OSSIM to customers charging for professional services for installation, administration, and maintenance (remember that OSSIM doesn't have official support from AlienVault) is a great asset for the organization.

Incentivized

The inspection of data packets before they enter the firewall is a really beneficial to our security team. It segments the data from the LAN and really adds a great layer of security on top of our firewall. The technical support is very responsive and knowledgeable in use case of the product

Incentivized

• Threat analysis. It can correlate different events happening to detect a pattern or an attack.
• Dashboard provides a clean, single location to see what is going on in our environment.
• Up to date open threat exchange means everything new popping up out there is included and watched for in our environment.

Incentivized

• Tipping point had a very nice GUI interface that sat on top of snort rules. It was easy to access, had nice customization of dashboards and output to syslog for SIEM solutions.
• It was easy to configure rule sets, allow groups or singular allow/blocks or white-listing.
• Security rule sets could be tweaked up or down and allow/drops signatures could be configured to help increase performance.

Incentivized

• Creating custom rules is a bit complicated
• Reporting could be improved
• Agent has caused conflicts with a couple of our other applications

Incentivized

• Biggest qualms I had with TippingPoint was that it was just a tad on the expensive side for what you get. Nowadays everything has gone UTM in firewalls and they do it all including IPS as part of the basic functionality so really, TP is losing a massive market share.
• Don't see a future in the roadmap with so many other vendors getting onto the "unified" wagon and adding IPS as part of their service and at a cheaper price.

Incentivized

AlienVault OSSIM is far easy to use and manage - provided you know what you're doing. As any SIEM application, there is some background knowledge required in order to take advantage of the product's functionalities, such as the log correlation and analysis. Other than that, the application is quite usable and robust.

Incentivized

Everything is done through MSSP and installation pro services. Once those hours are burned up, then you're on your own without a lot of help. Typically the pro services hours aren't enough to get past 60 days and MSSP are hit and miss. We had a miss for installation helpers.

Incentivized

AlienVault OSSIM as the first experience with a SIEM is very fine, especially if your company is an SMB. Every SIEM shares some features in common with other products, features such as log retrieval and normalization. So if you stick with principles, you can learn other SIEM products as well. If your environment is not of a minimum size, LogRhythm might be overkill for your network, same with McAfee Enterprise Security Manager.

Incentivized

Most other firewall UTM solutions, Cisco, Palo Alto, Fidelis, etc.

Incentivized

• OSSIM and the installers didn't really help us optimize at installation. OSSIM went without optimization for almost two years before that fact was noticed. I think this decreased ROI.
• Finding and researching incidents is much faster with all data available. Sometimes too much data, though.

Incentivized

• Negative cash flow, positive addition to our defense in depth strategy at one of the largest healthcare organizations in Georgia (at that time).

Incentivized