Open Source Friday Focus: OSSIM / AlienVault

With so many different security devices in the network, a SIEM (Security Information and Event Manager) is a must. There is a great open source alternative, OSSIM

I was out in San Francisco all week at the RSA Conference. RSA is where "the security world comes to gather". There was no lack of open source security solutions on the exhibit floor. In fact in security more than in many other areas, open source solutions have found broad acceptance, with many giving birth to commercial entities around them. Snort and Sourcefire are one example, Tripwire, Nessus and ClamAV are others. One I wanted to highlight today is OSSIM.

OSSIM stands for Open Source Security Information Manager. A SIM or SIEM (security information and events manager) is a must have application for any organization of medium size or above. Because there are so many different security devices and technologies working all at once, you need something that correlates and brings together all of the information that is generated. Something that can automate the analysis of event logs. That is what a SIM does.

There are some great commercial SIEMS out there. Arcsight is one. eIQ networks is another and there are even more out there. One open source solution in this arena is OSSIM. OSSIM has been around for a while now and has earned a reputation as an application that works.

OSSIM's open source foundation makes it easy to hook into the wide variety of security devices out there. It's polished GUI and functionality make it a powerful enough tool to compete against some of the biggest name in the SIM market. Here is a screen shot of an Executive Dashboard from OSSIM:

While at RSA I had a chance to sit down with Dominique Karg, one of the founders and CTO of Alien Vault and the lead developer on OSSIM. Who is Alien Vault? Alien Vault is the commercial entity Dominque (who is from Germany) and the other developers (mostly from Spain) launched to develop a commercial upgrade to the open source OSSIM.

Having just raised some venture capital, they are moving the company to the Bay area. The commercial version of OSSIM will feature added functionality like multi-tenant hosting and more. Of course there will always be the open source version. The products will be released under a dual licensed model, with the commercial version considered just an upgrade.

There is no such thing as an easy SIEM, but the role they play is critical in most organizations. If you are in the market for one, you probably have already looked at OSSIM. You may want to look at AlienVault as well. Either way it is a fine product if a SIM is what you are looking for.

Please visit the Google Subnet home page for more news, blogs and podcasts. Sign up for the weekly Google newsletter.
More blog posts from Alan Shimel:

• Bang, Zoom, Is Open Source The Right Way To The Moon?
• Are You Ready For An Open Source Car?
• Open Source: Why You Care
• Open Source Friday Focus: Pidgin
• Apple and Microsoft As Underdog? I Don't Think So
• Welcome to the Personal Cloud, Thanks to Open Source and Pogoplug
• Smartphones, the Next Great Open Source Battleground
  

Subscribe to all Google Subnet bloggers or Follow Google Subnet on Twitter

Check out Alan Shimel's Podcast and other blogs, too.

• Podcast
• Personal blog
• Work blog
• Sports Blog

• Data Center
• LANs / WANs
• Network Management
• Security
• Software
• alienvault
• Open Source Friday Focus
• open source security
• OSSIM
• SIEM
• SIM