AlienVault bids for SIEM, MSSP U.S. market share with open source-based multi-tool platform

AlienVault bids for SIEM, MSSP U.S. market share with open source-based multi-tool platform

AlienVault is trying to make a dent in the U.S. security information and event market, leveraging the popular OSSIM open-source SIEM, upon which the company’s founders built the Unified Security Management Platform, SIEM plus several other security capabilities. AlienVault is making its pitch as a relatively low-cost alternative to high-end, expensive SIEMs. They are counting on the integrated security tools approach appealing to budget-constrained mid- and large-sized enterprises, and managed security service providers, who can leverage the platform to deliver multiple services in one package.

The company has been very quiet in the U.S. market until February of this year, despite opening U.S. offices more than a year ago and announcing a major release at last year’s RSA Conference. With an injection of $8 million in Series B funding and recruitment of a new management team last year, mostly former HP Fortify Software executives (including President and CEO Barmak Meftah and CTO,Fortify founder Roger Thornton), AlienVault is a position to make a significant push in both enterprise and MSP markets. In addition to unveiling its new website, the company launched the Open Threat Exchange, which enables sharing of threat information generated from OSSIM and Unified Security Management Platform deployments.

In addition to the OSSIM-based SIEM, the Unified Security Management Platform features asset discovery, vulnerability assessment, threat detection and behavioral monitoring. The pitch is that AlienVault enables enterprises that may not have budget for multiple point products to buy all five capabilities in a single package. In particular, the company feels it can sell into mid- and large-sized enterprises that may have SIEM and other stand-alone security tools in their data centers but lack the funding to deploy in smaller distributed locations.

The MSP angle is clear: Service providers can use the platform to quickly build out multiple security and compliance services, a relatively easy path for VARs and IT managed service providers to set up shop as security providers. In particular, SIEM is increasingly in demand, as it is complex and expensive to deploy, and requires dedicated expert personnel to monitor and evaluate alerts and analyze reports. The SIEM market is heavily compliance-driven for both large and small organizations, opening up opportunities for managed services.

SIEM services can take a variety of forms, starting with essential log management for compliance, probably the most common use case, to around-the-clock monitoring, analysis and incident management. A SIEM “light” approach includes security event management in addition to log management. The customer relies on the MSSP to handle the 24×7 security operations center (SOC) monitoring, sending important alerts for the customer to deal with. AlienVault’s integrated security package enables service providers to expand the scope of their offerings.

The company’s founders and creators of OSSIM, Dominique Karg (now chief hacking officer and Julio Casal (general manager, MSSP Unit) started out running a Spain-based MSP. AlienVault says there have been about 100,000 OSSIM downloads since 2003 and estimates there are 18,000 active users.