Emerging threat intelligence. Essential for today’s cyber threat landscape.
Within today’s dynamic and evolving threat environment, busy IT security teams don’t have the time or the resources to do threat analysis on their own. Instead, they turn to research organizations, like AlienVault Labs, to do the heavy lifting for them.
Unlike single-purpose threat intelligence feeds focused on only one security control, AlienVault Labs Threat Intelligence delivers eight coordinated rulesets, fueled by the collective power of the Open Threat Exchange™.
AlienVault Labs Threat Intelligence drives USM security capabilities in identifying the latest threats, resulting in the broadest view of attacker techniques and effective defenses. AlienVault Labs Threat Intelligence maximizes the efficiency of your security monitoring program by delivering the following directly to your AlienVault Unified Security Management (USM) installation:
- Network IDS signatures – detects the latest threats in your network
- Host-based IDS signatures – detects the latest threats on your systems
- Asset discovery signatures – identifies the latest operating systems, applications, and device information
- Vulnerability assessment signatures – to find the latest vulnerabilities on your systems
- Correlation rules – translates raw events into actionable remediation tasks
- Reporting modules – provides new ways of viewing data about your environment
- Dynamic incident response templates – delivers customized guidance on how to respond to each alert
- Newly supported data source plug‐ins – expands your monitoring footprint
With this easily consumable threat intelligence fueling your USM™ platform, you’ll be able to detect the latest threats and prioritize your response efforts. Specifically, you’ll extend your security program with:
- Real-time botnet detection – identifies infection and misuse of corporate assets
- Data exfiltration detection – prevents leakage of sensitive and proprietary data
- Command-and-control traffic (C&C) identification – identifies compromised systems communicating with malicious actors
- IP, URL, and domain reputation data – prioritizes response efforts by identifying known bad actors and infected sites
- APT (Advanced Persistent Threat) detection – detects targeted attacks often missed by other defenses
- Dynamic incident response and investigation guidance – provides customized instructions on how to respond and investigate each alert
Advanced Alien intelligence to combat advanced threats
Here are a few of our collection and analysis techniques:
- Malware analysis. Using advanced sandboxing techniques to quarantine malware samples while we conduct static and dynamic analysis, we analyze over 500,000 unique malware samples every day. This analysis provides key insights into the latest attacker tools and techniques.
- Honeypot deployment and analysis. Our global honeypots are essentially “virtual venus fly traps” set up to detect, capture, and analyze the latest attacker techniques and tools. Leveraging honeypots placed in high traffic networks, our threat intelligence subscribers are armed with the latest defensive strategies in the form of updated event correlation rules, IDS and vulnerability signatures, and more.
- Attacker profile analysis. We’re constantly monitoring hacker forums and underground networks for in-depth profiling of the common traits of cyber criminals. This information gives us unparalleled access for understanding the “attack horizon” and has resulted in major discoveries such as the evolution of Sykipot, Red October, and other malware outbreaks.
- Open collaboration with state agencies, academia, and other security research firms. Thanks to the broad reach of our threat intelligence sharing community, we’ve been able to establish strong connections with state agencies around the world, academic researchers and other security vendors. These relationships enable us access to pre-published vulnerability and malware updates as well as enhanced verification of our own research. By gathering threat intelligence from a diverse install base, spread across many industries and countries, and composed of organizations of all sizes, we’re able to shrink an attacker’s ability to isolate targets by industry or organization size.
Request a Quote