2019-08-13T06:03:00Z
it_user434868 - PeerSpot reviewer
Senior Director of Delivery at a tech services company with 51-200 employees
  • 0
  • 45

What needs improvement with AlienVault OSSIM?

Please share with the community what you think needs improvement with AlienVault OSSIM.

What are its weaknesses? What would you like to see changed in a future version?

18
PeerSpot user
18 Answers
DT
ICT Consultant at N3tcom
Real User
Top 5
2022-09-21T14:35:43Z
Sep 21, 2022

AlienVault OSSIM on-premise version is more difficult to implement than the cloud version. Additionally, they should add integration between several different environments at once and improve their online knowledge base.

Search for a product comparison
Hakeem  Olufadi - PeerSpot reviewer
infrastructure and security Analyst at holmen consulting
Real User
Top 20
2022-02-06T07:24:00Z
Feb 6, 2022

ArcSight works better than AlienVault right now. The incidence reporting could be better. We'd like to be able to better privatize certain logs that handle certain detections. It's really important to us. The integration capabilities could be improved.

IA
Chief Operating Officer at a insurance company with 201-500 employees
Reseller
Top 20
2021-09-24T05:52:01Z
Sep 24, 2021

When comparing AlienVault OSSIM to other solutions it looks a bit outdated. Additionally, they need to improve their integration.

Midhun Kumar - PeerSpot reviewer
Head of Infrastructure at Pearl Data Direct
Real User
Top 10
2020-10-30T14:48:36Z
Oct 30, 2020

The correlation engine needs to be improved. The interface is not user-friendly, which is an area for improvement.

Stephen Hui - PeerSpot reviewer
Cybersecurity Architect at DataAssure
Reseller
2020-09-13T07:02:20Z
Sep 13, 2020

They can add more compliance templates.

KB
System Administrator at a marketing services firm with 10,001+ employees
Real User
2020-08-05T06:59:29Z
Aug 5, 2020

There needs to be more focus on the NOC and IIS in terms of developing applications for behavior detection. The backup features use a lot of storage space. The documentation could be improved. Asset management and filtering are in need of fine-tuning and enhancement.

Find out what your peers are saying about AT&T, Elastic, Splunk and others in Security Information and Event Management (SIEM). Updated: November 2022.
654,658 professionals have used our research since 2012.
Sharad Agrawal - PeerSpot reviewer
Co-Founder and Director - Information Technology at Techneow
Real User
2020-07-28T06:50:19Z
Jul 28, 2020

The pricing of the solution needs to be improved. There needs to be more support or some kind of training program so users can self-learn the system more effectively.

RJ
Director at a tech services company with 51-200 employees
Real User
2020-07-16T06:21:09Z
Jul 16, 2020

I believe this solution still has a way to go. From a management console perspective and the maturity of the dashboards, I would probably put it slightly behind some of the other players that have been in the market for ages. The leading vendors of SIEM already have a very mature user interface with evolved dashboards and reporting mechanisms. There is a lot of depth in that, but not everybody is looking for that. If your requirements are functional and you're looking for something that's easily deployable and simple to understand and manage, without the necessity of a very large team, I would choose this solution. An additional feature I'd like to see would be an increase in the depth of reporting. IBM has AI enabled dashboards which are supposed to be intuitive. They are difficult to configure and that's a problem, but they are very rich in terms of the information that they provide. There is a lot of granular detail and different ways in which you can slice and dice and present the same data. I would also like to see the product handle larger scale deployments and more third party integrations.

FJ
Research Assistant at a tech services company with 51-200 employees
Real User
2020-06-17T10:56:01Z
Jun 17, 2020

The GUI could be improved, and the solution could include a specialization tool. The correlation engine and the scalability of this product should be improved. And then I think it also needs to have the grid potential because when we talk about SIEM it's not just a few machines, it's hundreds and that means thousands of logs so the product should be more easily scalable. The features I would like to see included will take some time to implement because the solution is open source and these are promotional products. On a basic level I'd like to see an open source visualization tool or a commercial visualization tool.

Jim Poehlman - PeerSpot reviewer
Chief Wealth Cybersecurity Architect at PWcyber
Real User
2020-02-23T06:17:04Z
Feb 23, 2020

I'm not sure if there's anything on the solution that needs improvement. I would like the solution to be able to integrate with my firewall, my IDS and my Honeypot solutions so that it can provide real-time reporting as things occur and then have alert sent to me on my phone when suspicious activity is happening.

Denis L - PeerSpot reviewer
Sales Solutions Engineer at a tech services company with 201-500 employees
Reseller
2019-09-12T09:09:00Z
Sep 12, 2019

We need more dashboards and we need more customization for dashboards. It would be great if they would improve in this area.

Tamer Serag Ahmed - PeerSpot reviewer
Co-Founder at Besafe Technology
Consultant
2019-09-10T09:04:00Z
Sep 10, 2019

The price of this solution is very high and it could be cheaper. Normally it is sold to financial institutions, which is why it is high.

BonganiMkwananzi - PeerSpot reviewer
Owner & Cyber Security Consultant at Sekurisor
Consultant
2019-09-03T08:57:00Z
Sep 3, 2019

It's not easy to add a device that doesn't have a steady IP. Particularly when you're not putting a sensor on-site. When you have a sensor on-site, then that sensor speaks to the main sensor. We are trying to look for quality devices that give a dynamic IP, so it makes it practically impossible to add a new device. If there was a way to do dynamic DNS, I think that would help.

Kuzey Aksu - PeerSpot reviewer
Information Security Manager at a financial services firm with 201-500 employees
Real User
2019-08-28T09:52:00Z
Aug 28, 2019

The biggest thing I always complain about is that the user intake is a very old version. In cloud versions, it is very good, but for on-premises versions, it's not so good. If they want to improve the on-premises version, they should upgrade the SQL. The user interface could be improved.

S Mustafa Afzouni - PeerSpot reviewer
Development Manager at a tech services company with 51-200 employees
Real User
2019-08-19T05:47:00Z
Aug 19, 2019

It's under heavy traffic. If you have heavy traffic, the system is slow.

MohamedMohsen - PeerSpot reviewer
Founder & CEO at MnZ Technology Solutions
Reseller
2019-08-13T10:42:00Z
Aug 13, 2019

I would like to see an improvement in their threat exchange database because the OTX is not the best thing in the marketplace. There are better solutions. So if they could enhance our feature development, it would make the product much better. For me, the user interface is very important, because the simpler the user interface is, the easier it is to find candidates to run the operation. If the user interface is very complicated, you need to expose your technical people to very intensive training in order to understand the system and to get the output right. So, from a user perspective, I would say the simpler the user interface, the better the product, especially for security issues. You need to let your tech people concentrate on the incident rather than on how to use the software to get the answer. Lastly, if technical issues could be resolved faster, it would be a huge improvement.

IA
Chief Operating Officer at a insurance company with 201-500 employees
Reseller
Top 20
2019-08-13T06:03:00Z
Aug 13, 2019

The solution needs more integration with cyber intelligence systems. Our customers want to use a single tool for managing cybersecurity. We want integration with existing tools and integration with newer tools that offer the ability to manage or to identify security vulnerabilities in a gateway system or firewall. Basically, we want the solution to offer configuration management. I would want it to be integrated with lasting search, in terms that it could gather a lot of intelligence and dump it into the database. Also, it would be useful if we were able to run analytics on the solution. If they can integrate it with an analytic function it would be better.

AF
Cyber Security Specialist at AEC
Real User
2019-08-13T06:03:00Z
Aug 13, 2019

The log collection is okay, but tracing the logs or tracing the events is a bit difficult. It's not user-friendly. A user must be an expert and must know how to give the logs, how to configure the system, etc. He has to be an expert on this product. The user interface needs to be friendlier across the board. Also, I would prefer if the kill chain scenario with every event was not stacked. I need to be able to do an SQL query and figure out where the event came from and tag to the source and destination. I cannot see this easily as it is right now.

Related Questions
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
Sep 21, 2022
How do you or your organization use this solution? Please share with us so that your peers can learn from your experiences. Thank you!
2 out of 14 answers
AF
Cyber Security Specialist at AEC
Aug 13, 2019
I primarily use the solution for log collection.
MohamedMohsen - PeerSpot reviewer
Founder & CEO at MnZ Technology Solutions
Aug 13, 2019
Our primary use case for AlienVault is incident management. We started as a customer because one of our companies worked on it. Eventually, we started reselling the service.
it_user434868 - PeerSpot reviewer
Senior Director of Delivery at a tech services company with 51-200 employees
Sep 21, 2022
Hi Everyone, What do you like most about AlienVault OSSIM? Thanks for sharing your thoughts with the community!
2 out of 18 answers
IA
Chief Operating Officer at a insurance company with 201-500 employees
Aug 13, 2019
The solution has a very good open source community, and whenever we have problems, we are always able to resolve it online.
AF
Cyber Security Specialist at AEC
Aug 13, 2019
The solution is very stable. Compared to Qradar and Splunk, it's very stable.
Related Articles
Ertugrul Akbas - PeerSpot reviewer
Manager at ANET
May 11, 2021
Part of the SIEM problems enterprises face is failing to maintain it with the proper correlation rules. SIEM use cases or rules are 80% of the value of the product. All SIEM solutions have a correlation feature, but they are not the same. Before choosing a SIEM, you must check correlation capabilities. Each product has many different features and their advantages and limits. Some example...
Ertugrul Akbas - PeerSpot reviewer
Manager at ANET
Nov 11, 2022
The right SIEM tool varies based on a business’ security posture, its budget and other factors. However, the top SIEM tools usually offer the following capabilities: Scalability — Ensure the solution has the capability to accommodate the current and the projected growth. Log compatibility — Ensure that the solution is compatible with your logs Correlation engine — Does the solution have th...
2 out of 3 comments
MK
IBM Security, European Threat Management Sales Leader at IBM
May 11, 2021
Having the SIEM as a central feeder is a traditional solution architecture.  The question can be asked , do I have the right security platform ?.  As the interconnections to this traditional centralized solution will always need maintaining.  In the case of a Security platform this effort is removed.   
John Stanford - PeerSpot reviewer
Senior Network Architect / Network Team Leader at ICE Consulting. Inc.
May 12, 2021
A good Security Platform includes SIEM, UEBA, NTA, and SOAR! on a single pane of glass, but I agree all security platforms require constant maintenance to remain viable as a part of the security posture!
Related Articles
Ertugrul Akbas - PeerSpot reviewer
Manager at ANET
May 11, 2021
What Really Matters When Selecting a SIEM and How to Choose a SIEM Looking into the Correlation?
Part of the SIEM problems enterprises face is failing to maintain it with the proper correlat...
Ertugrul Akbas - PeerSpot reviewer
Manager at ANET
Nov 11, 2022
How to Select the Right SIEM Solution?
The right SIEM tool varies based on a business’ security posture, its budget and other factors. H...
Download Free Report
Download our free Security Information and Event Management (SIEM) Report and find out what your peers are saying about AT&T, Elastic, Splunk, and more! Updated: November 2022.
DOWNLOAD NOW
654,658 professionals have used our research since 2012.