AlienVault OSSIM: SIEM Product overview
Expert Karen Scarfone checks out AlienVault's Open Source SIEM and Unified Security Management products for collecting event data from various security logs within an organization.
AlienVault OSSIM (Open Source Security Information and Event Management) is an open source security information and event management (SIEM) product. A SIEM collects event data from various security logs within the organization, such as those for enterprise security controls, operating systems and applications. The SIEM converts the event data into a format it understands, analyzes it, generates alerts for any suspicious events, and creates reports on the events.
AlienVault OSSIM is only available as server-based software; there is a single version of AlienVault OSSIM.
AlienVault also offers an AlienVault Unified Security Management (USM) product, which is a commercial SIEM product. AlienVault USM has substantially more robust capabilities than AlienVault OSSIM; a comparison done by AlienVault of the products' capabilities is posted here.
AlienVault USM is available as a virtual appliance, a hardware appliance and a cloud-based service (for Amazon Web Services only). It is intended for small organizations with three integrated models (25A, 75A and 150A) that monitor up to 25, 75 and 150 assets, respectively, and an integrated model called the UA that can monitor larger numbers of assets.
Additional security capabilities
Both the AlienVault OSSIM and USM products offer capabilities involving the use of threat intelligence. Threat intelligence feeds are community-supported for OSSIM and vendor-provided for USM. Neither OSSIM nor USM offers forensic capabilities, supplementation of existing logging capabilities or other additional security features.
AlienVault OSSIM doesn't have any built-in reporting support for compliance initiatives. It offers three reporting templates, but nothing specific to compliance reporting. By contrast, AlienVault USM offers over 150 customizable reports, including compliance reports for the Payment Card Industry Data Security Standard, HIPAA and SOX.
Licensing and pricing
AlienVault OSSIM is open source, so its latest version is available for free download here. A link to download the source code and documentation is also available from the same URL.
AlienVault USM is a commercial product. A 30-day free trial is available for download here. Pricing information for AlienVault USM virtual appliances for small organizations is posted here, as is the cloud service hourly rate. AlienVault must be contacted directly for pricing on other AlienVault USM models.
AlienVault OSSIM, USM overview
AlienVault OSSIM has limited capabilities compared to its commercial counterparts, including the AlienVault USM product. AlienVault OSSIM is best suited for organizations without a SIEM that want to experiment with basic SIEM capabilities or that want to modify a SIEM to meet unusual organization-specific requirements. Small organizations looking for a more robust off-the-shelf SIEM product should consider evaluating AlienVault USM products.
In part one of this series, learn about the basics of SIEM products in the enterprise
In part two of this series, find out about the enterprise benefits of SIEM products
In part three of this series, read about the seven questions to ask before buying a SIEM product
In part four of this series, compare the best SIEM systems in the industry