AlienVault Unified Security Management Solution
AlienVault’s Unified Security Management platform provides a simplified, cost effective way for organizations with limited security staff and budget to detect and respond to threats and address compliance needs. With essential security controls built-in, AlienVault USM puts complete security visibility within fast and easy reach of smaller security teams who need to do more with less.
AlienVault is one of the unique solutions in the SIEM segment and offers much more than the traditional SIEM solutions with Cutting edge, crowd-sourced security intelligence from AlienVault Labs Exchange™ (OTX).
With our Managed Subscription model offering, customers benefit from the the following.
- Easy centralized management with federated features
- Convert your CAPEX to OPEX and billing is on monthly subscription plans
- Start small with 25 devices and grow.
- Log Management, SIEM, Network & Host IDS, File Integrity Monitoring, Vulnerability Assessments, Behavioral Monitoring, Threat detection, Alerting – All in One Security Platform
- Full Suite of Compliance Reporting – PCI-DSS, HIPPA, NERC-CIP, ISO 27001, GPG13
B-Infosec Managed Security Services
With the growing security landscape and threats, Whether large or small, all organisations need complete visibility to:
- Detect emerging threats across your environment
- Respond quickly to incidents and conduct thorough investigations
- Measure, manage, and report on compliance (PCI, HIPAA, ISO 27001, and more)
- Optimise your existing security investments and reduce risk
We offer a Comprehensive and Scalable Managed Security Services on a Monthly Subscription Model. No upfront Investment and Convert your Security Intelligence to OPEX with our Pay as you Grow Model.
- Asset Discovery
- Vulnerability Assesment
- Behavioural Monitoring
- Intrusion Detection
- SIEM/Event Correlation
- Threat Intelligence & Detection
- Security Operations & Monitoring
- Security Intelligence & Analytics
Discover all the assets in your network In minutes
At AlienVault, we believe that security practitioners and IT professionals have enough to worry about, and more than enough work to do. The first thing to worry about is what’s connected to your network.
Within minutes of installing AlienVault Unified Security Management™ (USM) you’ll be able to discover all of the IP-enabled devices on your network, what software is installed on them, how they’re configured, any potential vulnerabilities and active threats being executed against them.
You’ll be able to quickly answer questions such as:
- What devices are on my network?
- What are users doing?
- What vulnerabilities exist in my network?
- Are there known attackers trying to interact with my network?
- Are there active threats in my network?
Find, Verify, & Remove Vulnerabilities Rapidly
AlienVault Unified Security Management (USM) provides built-in vulnerability assessment with the essential capabilities you need for complete security visibility and threat intelligence, all in one easy-to-use console.
AlienVault USM™ enables you to:
- Get built-in vulnerability assessment capabilities
- Scan and monitor for new vulnerabilities continuously
- Prioritize and remediate vulnerabilities more effectively
- Gain complete security visibility and threat detection
- Detect the latest threats with continuous threat intelligence
Get Immediate Results on Day One
- Deploy quickly: Go from download to detection in less than one hour
- Auto-discover asset information: Collect device, software, configuration, vulnerability, and active threat data
- Get actionable, relevant threat intelligence: See prioritized threats, detailed context, and remediation guidance
Understand Your Network & Identify Intruders
Preventative security measures are often unsuccessful, with new polymorphic malware, and zero day exploits. Therefore it’s important to be on the watch for intruders. Context is critical when evaluating system and network behaviour. For example, an abundance of Skype traffic in the network used by your inside sales team is probably a normal part of operations. However, if the database server that houses your customer list suddenly shows a burst of Skype traffic something is likely wrong.
As soon as AlienVault Unified Security Management™ (USM) is installed, the behavioral monitoring functionality starts gathering data to help you understand “normal” system and network activity. Using the built-in network behavior monitoring you can simplify the incident response when investigating an operational issue or potential security incident. And because AlienVault USM™ combines network behavioral analysis with service availability monitoring, you’ll have a full picture of system, service, and network anomalies.
Network Behavioral Analysis
Behavioural monitoring for your network & systems is essential for spotting unknown threats. It’s also useful in investigating suspicious behavior and policy violations
Service & Infrastructure Monitoring
provides continuous monitoring of services run by particular systems. On a periodic basis, or on demand, the device is probed to confirm that the service is still running and available. This lightweight, continuous monitoring will detect unexpected service outages throughout your critical infrastructure.
performs network behavior analysis without needing the storage capacity required for full packet capture. NetFlow analysis provides the high-level trends related to what protocols are used, which hosts use the protocol, and the bandwidth usage. This information can then be accessed in the same interface as the asset inventory and alarm data to simplify incident response.
Network Protocol Analysis / Packet Capture
allows security analysts to perform full protocol analysis on network traffic enabling a full replay of the events that occurred during a potential breach. This level of network monitoring can be used to pinpoint the exploit method used or to determine what specific data was exfiltrated.
Intrusion Detection Systems for Any Environment
AlienVault USM™ delivers intrusion detection for your network that enables you to inspect traffic between devices, not just at the edge. You can also correlate events from your existing IDS/IPS into a single console for complete network visibility while preserving your investments.
Network Intrusion Detection System (NIDS)
Catch threats targeting your vulnerable systems with signature-based anomaly detection and protocol analysis technologies. Identify the latest attacks, malware infections, system compromise techniques, policy violations, and other exposures.
Host-based Intrusion Detection System (HIDS) and File Integrity Monitoring (FIM)
Analyze system behavior and configuration status to track user access and activity. Detect potential security exposures such as system compromise, modification of critical configuration files (e.g. registry settings, /etc/passwd), common rootkits, and rogue processes.
Deploys in Less Than One Hour
Sign up and deploy AlienVault USM quickly. Start seeing actionable alarms in less than one hour.
Integrated SIEM Correlation
More than 2,000 correlation directives (and growing) to alert you to the most important threats.
Automatically receive new IDS signatures and updated correlation directives for the latest threats.
Works with Other IDS
Forward IDS and IPS event logs from your existing devices to the USM Sensor for event correlation.
SIEM and Log Management Simplified
AlienVault Unified Security Management™(USM) delivers a complete SIEM with built-in, essential security controls and seamlessly integrated threat intelligence so you can accelerate your threat detection and compliance.
Single-purpose SIEM software or log management tools provide valuable information, but often require expensive integration efforts to bring in log files from disparate sources such as asset management, vulnerability assessment, and IDS products. With the AlienVault USM™ platform, SIEM is built-in with other essential security tools for complete security visibility that simplifies and accelerates threat detection, incident response, and compliance management.
Fully Integrated SIEM Capabilities on Day 1
Drastically simplify SIEM deployment and gain valuable insight into your environment with an all-in-one platform that includes all the essential security capabilities you need, managed from a single pane of glass, working together to provide the most complete view of your security posture.
- SIEM / event correlation
- Asset discovery and inventory
- Vulnerability assessment
- Intrusion detection
- NetFlow monitoring
- Actionable, relevant threat intelligence from AlienVault Labs threat research team
- Integrated global real-time view of emerging threats and bad actors from OTX, the world’s first truly open threat intelligence community that enables collaborative defense with actionable, community-powered threat intelligence
Essential for Keeping Up with Today’s Cyber Threat Landscape
In today’s dynamic and evolving threat environment, busy IT security teams don’t have the time or resources to do threat analysis of emerging threats on their own. Instead, they turn to AlienVault Labs to do the research for them with continuous Threat Intelligence updates that are fully integrated into the AlienVault Unified Security Managment™ (USM) platform for threat assessment, detection, and response.
The AlienVault Advantage:
Ownership of both the built-in data sources and the management platform that make up the USM platform gives AlienVault a unique advantage over other security point products. Providing predictable data sources enables our threat research team to have a comprehensive understanding of the interactions between the different data types being collected, correlated and analyzed. This in-depth knowledge enables us to engineer the USM platform to provide effective security controls and seamlessly integrated threat intelligence for any environment.
AlienVault Labs Threat Intelligence drives the USM platform’s threat assessment capabilities by identifying the latest threats, resulting in the broadest view of threat vectors, attacker techniques and effective defenses. Unlike single-purpose updates focused on only one security control, AlienVault Labs regularly delivers eight coordinated rule set updates to the USM platform. These updates eliminate the need for you to spend precious time conducting your own research on emerging threats, or on alarms triggered by your security tools. These rule sets maximise the efficiency of your security monitoring program by delivering the following updates directly to your AlienVault USM™ installation:
- Correlation directives – USM ships with over 2,000 pre-defined rules that translate raw events into specific, actionable threat information by linking disparate events from across your network
- Network IDS signatures – detect the latest malicious traffic on your network
- Host IDS signatures – identify the latest threats targeting your critical systems
- Asset discovery signatures – detect the latest operating systems, applications, and device information
- Vulnerability assessment signatures – uncover the latest vulnerabilities on your systems
- Reporting modules – receive new views of critical data about your environment to management and satisfy auditor requests
- Dynamic incident response templates – customized guidance on how to respond to each alert
- Newly supported data source plugins – expand your monitoring footprint by integrating data from legacy security devices and applications
Automate and Accelerate IT Compliance.
Although specific requirements may vary slightly between compliance standards, AlienVault USM™ can help you quickly achieve comprehensive compliance. AlienVault USM delivers complete IT compliance management capabilities in a single platform and console view.
These capabilities include asset discovery, vulnerability assessment, intrusion detection, service availability monitoring, log management, and file integrity monitoring (FIM), allowing you to:
- Quickly identify and resolve compliance issues
- Utilize flexible reporting and detailed executive dashboards
- Quickly and automatically discover and scan assets
- Stay on top of threats with host and network IDS for continuous threat detection
- Demonstrate compliance with real-time security control evaluation
AlienVault USM™ unifies essential compliance management software in a single platform.
- Log retention, management, and analysis—all in one platform
- Analyze logs automatically to detect malicious behavior directed at in-scope devices
- Integrate data from legacy security tools
Asset Discovery & Monitoring
- Active and passive asset discovery
- Network and Host IDS
- SIEM and log aggregation
Flexible Reporting & Dashboard
- Auditor-ready report templates for PCI-DSS, ISO27002, HIPAA and more
- Role-based access control for customized views
- Custom report queries and fast searches
Combat Serious Threats to Your Network with AlienVault USM
The purpose of a Security Operations Center (SOC) is to identify, investigate, prioritize and resolve issues that could affect the security of a company’s information assets.
A well-developed and run SOC can put information at the fingertips of an organization and help identify when an attack starts, who is attacking, how the attack is being conducted, and what data or systems are being compromised.
AlienVault USM delivers the power of an SOC out of the box with Security Operations Center tools and essential capabilities that allow you to:
- Identify Which Assets You Need to Protect
- Pinpoint Assets Vulnerable to Attack
- Understand Techniques Used to Attack Your Assets
- Recognize When a Breach Has Occurred
- Determine What Actions Will Have the Most Impact on Your Security Posture
Real-Time Security Intelligence from the Experts
Security analysts are a lot like detectives. During security incidents and investigations, they need to get to “whodunit” as quickly as possible. This is complicated, especially when mountains of security-relevant data are constantly being produced. Context is key: one piece of information by itself may mean nothing, but then again, it may become a very important piece of a larger puzzle
Security intelligence is an essential part of putting that puzzle together. By automating the correlation of real-time events identified through built-in essential security, AlienVault’s Unified Security Management™ (USM) platform provides the security analyst with all of the puzzle pieces in one single view
Dynamic Incident Response Guidance – for Every Alarm
Being a security analyst isn’t easy. You don’t have all day to research new exploits. But it turns out AlienVault Labs is a team dedicated to doing just that. In addition, there are often so many items to respond to, it’s hard to know what to do next. AlienVault’s dynamic incident response guidance and it’s vigilance in discovering new malicious hosts and exploits can help you.
For each alarm that is generated by the AlienVault USM™ event correlation engine, customized step-by-step instructions are listed in our console. By providing contextually relevant workflow-driven response procedures, analysts know exactly what to do next. The AlienVault Labs research team has curated these how-to-respond instructions based on rich CSIRT experience, as well as our own threat intelligence.
For example, an alert might identify that a host on your internal network is attempting to connect to a malicious external host. The dynamic incident response guidance would include details about:
- The internal host such as owner, network segment, and software that is installed
- The network protocol in use and specific risks associated with it
- The external host and what exploits it has executed in the past
- The importance of identifying potential C&C (command and control) traffic
- Specific actions to take for further investigation and threat containment – and why you should take them