Wednesday, April 17 2024

AlienVault is now the technological basis for AT&T AlienLabs and provides multiple products for different companies’ cybersecurity needs.

What AT&T AlienVault Products are Available?

In December 2021, CISOstack reported that AT&T intended to acquire AlienVault to expand its cybersecurity offerings to more businesses. Two years later, AlienVault-based offerings make up a large portion of AT&T’s cybersecurity products.

The two main offerings are AlienVault Unified Security Management (USM) Anywhere and AlienVault Open Source Security Information and Event Management (OSSIM). AT&T USM is a cloud-hosted service. The AlienVault OSSIM is a more limited, open-source download. Both are AlienVault SIEM, (security information and event management) offerings.

AlienVault USM Anywhere focuses on monitoring a company’s cloud infrastructure against threats no matter where the endpoints are located. The flexibility is especially useful as more companies move to hybrid working environments and use their personal devices for professional purposes.

AlienVault’s OSSIM allows cybersecurity professionals to understand patterns between cyber events. The increased visibility into a company’s cyber infrastructure allows professionals to better improve that infrastructure.

Compare The Products: AlienVault USM vs AlienVault OSSIM

AlienVault USM Anywhere provides essential security controls and constant threat intelligence data to IT security teams with limited resources. AlienVault OSSIM provides threat intelligence as well. The OSSIM offering is simply less comprehensive in the functions it provides.

What Features Does Each Product Have?

AlienVault USM from AT&T Cybersecurity serves multiple functions. The first is discovering assets across a company’s network, device, and cloud infrastructure. The discovery element is important because many professionals are not aware of all points on their company’s cybersecurity network.

The offering detects and analyses potentially malicious events and compares them to each other across a company’s cybersecurity infrastructure. The comparison allows cybersecurity professionals to understand more about security incidents. The program’s other analytical functions include user activity monitoring and a 90-day history that can be searched for specific information.

AlienVault USM features also help individuals respond, assess, and report on cyber incidents. The program responds to cyber incidents by providing forensics querying, problem ticketing, and some automatic cybersecurity responses. It assesses vulnerabilities through services such as vulnerability scanning and dark web monitoring. Finally, the offering allows companies to better track cybersecurity events by providing pre-built compliance reporting templates and customizable dashboards.

AlienVault OSSIM is more limited than AlienVault USM. For example, AlienVault OSSIM does not protect cloud services and can only be deployed on a single server. However, the open-source download offers protection for physical and virtual environments. AlienVault OSSIM also provides a range of security capabilities. The functions include asset discovery and inventory, vulnerability assessments, intrusion detection, behavioral monitoring, and cybersecurity event correlation.

What are the Strengths and Weaknesses of the Products?

While similar, AlienVault USM and AlienVault OSSIM have different strengths and weaknesses. The following pros and cons lists comparing AlienVault OSSIM vs USM are based on general customer sentiment over various review websites:

AlienVault USM Review:

Pros:
  • Great vulnerability assessments and management that gives insight into what systems need to be updated or patched
  • Easy to navigate the user interface
  • Does not require a lot of cybersecurity or IT professionals to operate
  • Easy to implement the software
  • Great price for the amount of services offered
  • Compatible with other security tools
  • Scalable for changing businesses
  • Diligent reporting on almost every cybersecurity event
  • Great range of compliance reporting
  • Reliable and has nearly no glitches
Cons:
  • More compliance management solutions would be useful
  • Quality of compliance integrations is low
  • AT&T AlienVault controls plugin management and therefore plugin management requires more time
  • Threat intelligence platform needs to be expanded
  • Offering would be benefited by including a parsing interface and searchable data older than 90 days
  • Reports and logs can be difficult to understand
  • Since the offering is reliant on community data, some new forms of cyber attacks have no additional information
  • Automatic threat response would be useful

AlienVault OSSIM Review:

Pros:
  • Great case management, ease of configuration, and investigation
  • Great threat analytics and reporting
  • Pre-built compliance reports for a range of organizations and requirements
  • Easy initial setup
  • Has a user-friendly user interface
  • Good price point for the number of functions offered
  • Free to use
Cons:
  • The offering is unpredictable and glitches often
  • Could have better integration with more recent cybersecurity tools
  • Incidence reporting could be improved
  • Could use integrations between several different environments
  • Could improve their online knowledge base, which mainly draws from data collected by AT&T AlienLabs
  • Hard to configure to explore new elements of one’s own cybersecurity
  • Deployment is more scattered than USM Anywhere

What Does Each Product Cost?

AlienVault USM Anywhere pricing offers three different packages. These are the Essentials package starting at $1075 per month, the Standard package starting at $1695 per month, and the Premium package for $2595 per month. However, prices will vary depending on what AlienVault USM features a business requires.

AlienVault OSSIM is free.

What are Other Products Comparable to AlienVault SIEM?

Products comparable to AlienVault USM and AlienVault OSSIM are the following:

  • Enterprise Security by Splunk
  • Microsoft Sentinel
  • Securonix Next-Gen SIEM by Securonix
  • ArcSight Enterprise Security Manager by OpenText
  • The Wazuh Platform by Wazuh
  • QRadar by IBM Security
  • Elastic Security Platform by Elastic Security
  • The LogRhythm SIEM Platform by LogRhythm
  • Trellix Security Manager by Trellix

Dive into CISOstack for profound insights, actionable tips, and expert interviews addressing contemporary cyber threats. Subscribe for timely updates and fortify your digital defenses, staying a step ahead in safeguarding your company.

Learn about Breach and Attack Simulation (BAS) and how it works

Previous

Navigating Manufacturing IIoT Cybersecurity Challenges

Next

Best Endpoint Detection & Response Platforms

Check Also

Widget

Don’t Miss

The words Endpoint Detection and Response (EDR) on a green background with lines on the right side of the image

Best Endpoint Detection & Response Platforms

Lara Oporto

Endpoint Detection & Response platforms continuously monitor endpoints for signs of malicious activities, such as unauthorized access or unusual behavior, enabling rapid detection and response to potential cyber threats to safeguard organizational assets. What is Endpoint Detection and Response and how does it work? Endpoint Detection and Response (EDR) is a cornerstone in modern cybersecurity […]

AT&T AlienVault Products Review: OSSIM vs USM

Ellie Buscemi

AlienVault is now the technological basis for AT&T AlienLabs and provides multiple products for different companies’ cybersecurity needs. What AT&T AlienVault Products are Available? In December 2021, CISOstack reported that AT&T intended to acquire AlienVault to expand its cybersecurity offerings to more businesses. Two years later, AlienVault-based offerings make up a large portion of AT&T’s […]

Photo by Simon Kadula on Unsplash.

Navigating Manufacturing IIoT Cybersecurity Challenges

John Powers

Guarding the Gears: Government policy and industry collaboration to mitigate cyberthreats to manufacturers. The smart factory is on the rise. Production lines equipped with advanced sensors can monitor equipment health in real-time and predict potential issues before they disrupt operations. Temperature and humidity sensors can ensure the optimal environment for delicate manufacturing processes. RFID-enabled asset […]

Best Microsegmentation Software

Ellie Buscemi

Microsegmentation allows a company to divide digital assets into smaller, more secure groups, which makes it harder for cybercriminals to take over a company’s data center. What is Microsegmentation? Microsegmentation refers to cyber professionals building layers of cybersecurity protection between groups of digital assets or individual cyber assets. Adding these layers inside instead of only […]

Best Breach and Attack Simulation Platforms

Ellie Buscemi

Breach and attack simulation (BAS) platforms allow companies to see weaknesses in their cyber infrastructures before a malicious hacker can exploit them. What Is BAS – Breach and Attack Simulation? Breach and attack simulation (BAS) is an approach to cybersecurity that uses advanced tools to imitate the attacks used by cybercriminals on companies’ digital infrastructure. […]

Ofer Ben-Noon and Ohad Bobrov

Palo Alto Networks to Acquire Talon

Ellie Buscemi

On Monday, Palo Alto Networks agreed to acquire Israeli startup Talon Cyber Security, an enterprise browser platform. The deal values Talon at between $600 to $700 million, according to The Information. Palo Alto will integrate Talon’s enterprise browser solution into its Prisma SASE product. The acquisition comes among a wave of acquisitions and releases involving […]