“With NetWatcher I get the same result but it’s much easier to install, much easier to use and more affordable than AlienVault and other platforms we’ve tested…”-DC Metro Tech Exec
Several of our new customers were comparing us to AlienVault during the sales process recently so I thought I would outline some of the differences.
NetWatcher is a service where AlienVault is a product so at the end of the day you are comparing Apples and Oranges. However, we know that customers are faced with this choice — Managed Detection and Response with NetWatcher or buying a platform like AlienVault.
Did you ever hear the saying “Fast, good or affordable. Pick two.” Known as the Project Management Triangle. I don’t think it applies here–In this case I think you can have all 3.
AlienVault’s pricing is on their Website but you can also find it here and here. The big deal here is not the pricing of the platform (as both are comparable in price) but the price of the user of the platform. Many mid-market companies do not have security engineers and the AlienVault tool really requires this level of engineering proficiency–hence a dilemma. NetWatcher does not require you to have a team of very expensive security analysts (>100k/year) because we do the heavy lifting for you in our Security Operations Center (SOC). Which brings me to points ‘setup’ and ‘ease of use’ below. Also, keep in mind that buying software is a CAPEX versus OPEX event –your CFO will be happier.
The AlienVault tool requires you to really understand Linux and systems administration. You can see it right in their documentation –it’s hard to setup. They offer some great ‘paid’ training that is quite pricey if you want to help turn your IT engineer into a Security Analyst. In contrast the NetWatcher appliance (or Virtual Machine) is very easy to setup — just create a mirror port on your router or switch and hook us into it… If you want to install the NetAgent on endpoints you can but it’s not required (but recommended) and you can also point all your syslogs to the sensor as well for ingestion and advanced correlation.
This is where things bifurcate. If you are in IT and have no advanced security expertise AlienVault is a stretch and is really going to require you to either hire a person that is qualified to use it, learn it yourself by going to training and dedicating a lot of time to understanding security or hiring a third party MSP or MSSP to manage it for you. If you use NetWatcher you get a real time Security Health Score — what’s at risk now! …and a Cyber Promiscuity Score (CPS) –what’s my probability of attack in the future. Not only that, if you load the NetWatcher netagent on the endpoints you can get these scores for each endpoint in the organization.
If you are a security analyst the AlienVault information is useful and understandable. However, in contrast the NetWatcher information is very clear and concise and we only tell you about an Alarm once and age it over a two week period whereas AlienVault tells you about the Alarm over and over and over and over…. Just in the demo they have online there are over 1000 open Alarms mostly for the same issues. If you want event fatigue you will get it with AlienVault.
Both the AlienVault tool and the NetWatcher service are great for security analysts. You can get at all the same data but the NetWatcher interface is just a lot easier to use. With NetWatcher you can also easily setup tripwires to alert you via SMS or email if that bad actor you have been looking for has been poking around. But–it’s important for me to point out here–there is a team of Security Analysts in the NetWatcher Secure Operations Center (SOC) doing this for you….
This is where the NetWatcher tool really shines. Most MSPs customers can’t afford an MSP’s service fees once they invest in AlienVault or tools like it. However, with NetWatcher the MSP does not have to pay any money until they sign a customer and make money and start the service. NetWatcher is the MSP’s tier II support and their SOC. NetWatcher analysts teach the MSP how to become a great MSSP along the way and there is no outlay of cash upfront.
Oh yea… there is this other cool little feature we should tell you about with NetWatcher… it’s our Sensor-in-the-Cloud. If you don’t want to deploy a sensor locally you don’t have to… your endpoints can use our Sensor-in-the-Cloud option. This is also great to turn on for endpoints that are on the network sometimes and off others (mobile workers). You want to know if your CXO let their kids play Minecraft and download unsafe JAR files on their corporate laptop while they were on vacation long before that asset ever hits the corp net…
So I think you can have all three with NetWatcher-Fast, Good and AFFORDABLE!