As perimeter-based cyber protection falls to the wayside, a new breed of continuous security solutions are emerging that combine traditional endpoint protection with newer technologies like security information and event management (SIEM) and crowdsourced threat intelligence. These next generation security platforms attempt to address the needs of both traditional on-premise data centers as well as organizations with entire IT infrastructures in the cloud. Two vendors—AlienVault and Tenable—have products on the market that fall in this category. Let's see how they stack up in this comparison.
Both AlienVault and Tenable's security platforms consist of several working components that together form a layered security offering. AlienVault's Unified Security Platform (USM) combines a virtual appliance with both a network and host-based intrusion detection systems (IDS), as well as SIEM and continuous threat intelligence.
Similarly, Tenable's SecurityCenter Continuous View (SCCV) combines agent-based vulnerability scanning with several security data acquisition technologies like crowdsourced threat intelligence and vulnerability management.
AlienVault is perhaps most widely known for its Open Source Security Information Management (OSSIM) project—an early SIEM platform that eventually led to the formation of the company. AlienVault USM is essentially a suite of continuous security solutions developed around the OSSIM offering to augment its capabilities. However, OSSIM pales in comparison the complete USM offering, which offers more along the lines of enterprise features (e.g., long-term forensic storage of events), scalability, and support. The company also has a secret weapon of sorts in its arsenal: the Open Threat Exchange, purportedly the world's largest crowdsourced security database with over 26,000 participants in 140 countries sharing upwards of a million potential threats daily.
Like AlienVault, Tenable's claim to fame is the product it offers free of charge, not its enterprise security platform. In this case, its Nessus vulnerability scanner is—according to sectools.org—the world's most popular vulnerability scanner. Nessus continues to be available free of charge, but the source code has been closed since 2005. Tenable's SCCV includes Nessus alongside a host of other continuous security mechanisms including malware detection, anomaly detection, and analytics.
Side-by-Side Scoring: AlienVault vs. Tenable
1. Capability Set
Both USM and SCCV attempt to house all of an organization's continuous security needs under one roof. AlienVault's platform combines several tools for SIEM, IDS (network and host-based), asset discovery, netflow analysis, and vulnerability assessment under one management GUI and mostly succeeds in offering a comprehensive, unified platform for IT security. SCCV is also a holistic security offering that focuses on vulnerability scanning/management and analytics, with strengths in compliance and configuration auditing as well as anomaly and malware detection. Both platforms succeed at offering an impressive set of capabilities for the price when compared with similar enterprise offerings.
2. Ease of Use
AlienVault USM is widely known for its intuitive, easy-to-use interface—each page of the management console is interactive and customizable. Similarly, Tenable SCCV's web-based interface is streamlined and simple to grasp. The platform's policy wizards in particular make setting up specific monitoring use cases trivial. For example, PCI DSS compliance and Windows environment malware scanning can be quickly configured with out-of-the-box policies.
3. Security Rating
UpGuard's VendorRisk platform is used by hundreds of companies to automatically monitor their third-party vendors. We ran a quick surface scan on both AlienVault and Tenable, and found some interesting differences.
AlienVault 751 / 950
Tenable 817 / 950
We can automatically measure and monitor the security of AlienVault, Tenable and all your other third-party vendors.
4. Community Support
AlienVault is a more prominent name in the open source community, having maintained the popular SIEM project OSSIM as an open source initiative since its inception. Subsequently, community support resources for OSSIM are plentiful. On the other hand, Tenable closed the source to its award-winning Nessus vulnerability scanner years ago. Though considerable community resources can still be had online, corporate support is by far a more reliable support option.
5. Release Rate
AlienVault USM is currently on version 5, while Tenable SCCV's current version is 5.3. AlienVault's OSSIM has had four major-version releases since its initial release in 2008; Tenable's Nessus project was started in 1998 and is currently on version 6. Both products see regular releases and updates, despite the closing of Nessus' source code in 2005.
6. Pricing and Support
A monitoring system won't troubleshoot a configuration error. A configuration test script will.
AlienVault targets everyone from the SMB to the enterprise, while Tenable clearly has its eyes set on the enterprise. This is certainly reflected in the platforms' respective price points: USM can be had for around $5,000, while Tenable SCCV can run upwards of $20,000. Both offer standard corporate support options for a cost.
7. API and Extensibility
Tenable offers a RESTful API for integrating SCCV with other platforms and custom web applications; AlienVault has no such API for integrating/customizing its USM Platform but does offer an API written in Golang for its OTX crowdsourced intelligence platform. USM can also be extended through a selection of 3rd-party datasource plugins available in its USM plugin library.
8. 3rd Party Integrations
Interestingly, AlienVault's OSSIM is in fact made up of a series of open source integrations: Snort for IDS, Nagios for monitoring, OpenVAS for vulnerability assessment, among others. USM also integrates with a number of security devices and—as mentioned previously—offers 3rd-party datasource plugins from its plugin library.
Tenable's enviable list of integrations are detailed on its corporate website and has everything from AirWatch mobility management integration to FireEye and Fortinet device auditing. Additionally, nessus can be easily integrated with the majority of popular patch management systems on the market.
9. Companies that Use It
Both AlienVault USM and Tenable SCCV are in use by numerous organizations small and large—including many of the Fortune 500s. Subaru, Focus Brands, Hulu, and the U.S. Air Force are among some of AlienVault's more notable customers while Tenable is in use by Starwood, the U.S. Department of Defense, and Healthdirect Australia, among others.
10. Learning Curve
AlienVault USM's wizard-driven set up and intuitive management console makes getting up to speed with the platform a lot easier than other similar solutions on the market. Tenable SCCV also sports a modern, streamlined web interface; that said, configuring and gaining proficiency with the platform requires significantly more effort than USM. And because of its modular nature, each of SCCV's components must be installed and configured separately.
Scoreboard and Summary
In short, both AlienVault USM and Tenable SCCV offer comprehensive cyber protection in the form of layered security mechanisms working in concert: SIEM, IDS, vulnerability scanning, and the like. From a cost and implementation perspective, USM is generally a more accessible security platform than SCCV for SMBs. On the other hand, SCCV—with its REST API, robust policy-driven features, and significantly higher price point—is an offering in line with the needs of today's enterprise.