AlienVault Unified Security Management: How it Works
As soon as AlienVault USM is installed within your network, you’ll start to see essential information about devices, applications, user activity, and network traffic. In fact, most customers identify policy violations and potential threats within just a few minutes after the installation is complete.
This is possible due to AlienVault’s modular, scalable, three-tier architecture. Specifically, all AlienVault USM products include these three core components:
- Sensors - deployed throughout your network to collect logs and provide the five essential security capabilities you need for complete visibility.
- Server - aggregates and correlates information gathered by the Sensors, and provides single pane-of-glass management, reporting and administration.
- Logger – securely archives raw event log data for forensic investigations and compliance mandates.
These core components provide the real-time threat detection, event correlation, and security intelligence to stay ahead of the threat – and your auditor.
Local detection of global threats.
AlienVault’s Sensor combines asset discovery, vulnerability assessment, threat detection, and behavioral monitoring to provide full visibility into deployed assets, identification of vulnerabilities, detection of attacks, and analysis of network behavior. The Sensor provides frontline reconnaissance for AlienVault’s Unified Security Management (USM) platform and is designed to reduce the cost and complexity of implementing stand-alone IDS, HIDS, vulnerability assessment, netflow analysis, and asset discovery products. Additionally, AlienVault’s flexible USM architecture enables the Sensor to be deployed centrally alongside the other USM components or distributed to strategic points in the network.
AlienVault’s Server is the cornerstone of the Unified Security Management (USM) platform and combines security automation, unified management, and shared threat intelligence to correlate data, to spot anomalies, reduce risk, generate alerts, and improve operational efficiency. The Server is easily accessible via a web-based console for centralized administration of our essential security capabilities as well as for viewing alerts, tickets, reports, and dashboards.
AlienVault’s Logger is the secure data archive the Unified Security Management (USM) platform. Together with the Sensors and Server, the Logger provides more comprehensive and effective log management than standalone logging products in order to meet increasingly demanding security and compliance. The AlienVault Logger stores information according to strict security market standards. It collects data in its native format, digitally signs and time-stamps the data, and securely stores the raw format, preserving data integrity for chain-of-custody purpose. Additionally, you can quickly isolate log data for investigations and forensic analysis through integrated, web-based search options.