What is OSSIM?

4 weeks ago - 5 Min. Read

OSSIM is an open source community-based network security platform or SIEM (Security Information and Event Management) Solution from the company Alien Vault.  

OSSIM is an Enterprise level auditing network solution utilised by such companies as Foot Locker, Domino’s and All Pay and is by far the most popular security platform available on the market. 

As with all Open Source community-based solutions, it allows the ESP engineers to configure the solution to specially monitor and report on your specific network set up. This ensures that we are able to utilise as much of the solution as possible, rather than only utilising 30-40% of the standard (and very expense) off-the-shelf solutions on the market. 

OSSIM provides IT providers and system administrators a central platform to monitor network activity and access to tools/features that can help identify issues such as network vulnerabilities, network attacks and questionable user behaviour.  

 General OSSIM Application Dashboard

Key Features 

Some of the key features of the OSSIM solution are listed below: 

  • Asset Discovery – OSSIM will actively scan the network and add newly discovered assets to its database when they are discovered. This feature is critical if an unknown device attempt to accesses the network. OSSIM stores information of each asset, such as the devices MAC address, internal IP, model and operating system (key identifiers). 
  • Vulnerability Assessments – Schedules network scans can be configured to highlight which points in a network are most vulnerable to an attack. This will help set a clear improvement plan for a network to keep the users and valuable data safe. 

Device names and network vulnerabilities

  • Intrusion Detection – Active monitoring allows OSSIM to report against attempted and successful intrusions from external and internal sources. The preconfigured database on initial installation is preloaded with a range of attack information and patterns.  

Recorded attack events and signatures 

  • API integration to the world’s largest security database – OSSIM can be integrated with the Open Threat Exchange. This is the world’s largest database of current attacks, malware, ransomware and suspicious IP address logs. This helps the platform stay one step ahead of the attackers by using this information to correlate events logged over the network.  
  • File integrity monitoring – OSSIM can be configured to scan and monitor all the sensitive files and documents on a network to alert administrators of an attempted or on-going ransomware attack. The sooner these attacks are stopped, the less down time a network will see in recovery time.  
  • Network Usage – OSSIM will monitor the network from user machines, network equipment and servers to help determine if the activity is higher than usual. This is done through behavioural monitoring. For instance, if a user only used 1GB of data on a Monday but by the Wednesday this increased to 20GB, OSSIM would trigger an alarm so the network administrators can investigate and make amendments where needed.  

Net flow monitor

Compliancy 

OSSIM not only protects a network but can also be configured to help companies reach certain levels of regulation compliancy. These include, but are not restricted to:  

  • GDPR 
  • Cyber Essentials 
  • PCI-DDS  
  • HIPAA 
  • ISO 27001 
  • SOC 2 

Pricing 

The overall cost for the configuration, monitoring and security of the OSSIM platform is £750 ex VAT. 

However, it should be noted that this is not for the platform and the software itself. This cost is for the time the ESP engineers spend to configure the solution to your network environment, annual maintenance, ongoing updates, proactive and ongoing monitoring and improvements to your network. This enables ESP Projects Ltd to keep our clients network as safe as we can possibly make them. 

Cost breakdown is as follows:  

  • £300+VAT  for the maintenance, updating and monitoring of the platform. 
  • One off initial cost for the initial installation and configuration of the platform, including the installation of the third-party end-point monitoring agent. 

For more information regarding OSSIM please feel free to give one of our technicians a call on 0330 2020 118 and choose option 2.

Keep posted for my next article!