AlienVault threat intelligence

IT teams of all sizes suffer from having too much security event data and not enough actionable threat intelligence. Many security tools generate a steady stream of alerts about important (and not so important) activity, causing IT teams to sacrifice their valuable time by trying to manually correlate disparate activity in their log files. They dig through thousands of seemingly innocuous events, hoping to find those few indicators that can signify system compromise or data breach. At the same time, attack techniques have become more sophisticated, making breaches harder to detect.

Logs carry important information such as what your users are doing, what data they are accessing, the performance of your systems and overall network health. They will also contain evidence of system compromise and data exfiltration, if you know where to look. However, reading raw logs isn’t easy, for several reasons, including:

• Logs vary from system to system or even from version to version on the same system
• They are usually hard to interpret and not easily read by IT staff
• Logs are focused on recording events generated by each system and have limited visibility (e.g., a firewall sees packets and network sessions, while an application sees users, data, and requests)
• Logs are static, fixed points in time, without the full context or sequence of related events.

AlienVault USM solves these problems with its powerful correlation engine. Our extensive and growing library of pre-built correlation directives continuously analyze event data to identify potential security threats in your network. USM automatically detects and links behavior patterns found in disparate yet related events generated across different types of assets, telling you what are the most significant threats facing your network right now.

Security Artifact Analysis

Using a wide range of collection techniques, including advanced sandboxing to quarantine malware samples, the AlienVault Threat Research team analyzes over 10 million unique security artifacts every day. This analysis provides key insights into the latest attacker tools and techniques.

Honeypot Deployment and Analysis

Our global honeypots are essentially “virtual venus fly traps” set up to detect, capture, and analyze the latest attacker techniques and tools. Leveraging the insight gained by honeypots placed in high traffic networks, our AlienVault Labs team arms our USM customers with the latest defensive strategies in the form of updated event correlation rules, IDS and vulnerability signatures, and more.

Attacker Profile Analysis

We’re constantly monitoring hacker forums and underground networks for in-depth profiling of the common traits of cyber criminals. This information gives us unparalleled access for understanding the “attack horizon” and has resulted in major discoveries such as the evolution of Sykipot, Red October, and other malware outbreaks.

Open Collaboration with State Agencies, Academia, and Other Security Research Firms

Thanks to the broad reach of our threat intelligence sharing community, we’ve been able to establish strong connections with state agencies around the world, academic researchers and other security vendors. These relationships enable us to get access to pre-published vulnerability and malware updates as well as enhanced verification of our own research. By gathering community-powered threat intelligence from a diverse installed base that is spread across many industries and countries and composed of organizations of all sizes, we’re able to shrink an attacker’s ability to isolate targets by industry or organization size.