SANS Incident Response Survey: How to Fight Back
Incident Response (IR) teams are designed to detect, investigate and, when necessary, perform remediation in the event of a critical incident. This whitepaper explores the results of the latest SANS survey, providing a picture of what IR teams are up against today—the types of attacks they see, what defenses they have in place to detect and respond to these threats, and their perceived effectiveness and obstacles to incident handling.
2014 Magic Quadrant for SIEM
Once again, AlienVault is honored to be positioned in the Visionaries quadrant of the Gartner Magic Quadrant for SIEM. We believe this position validates our mission to deliver affordable security solutions for organizations of all sizes that offer a breadth of security capabilities that are easy to use. The Magic Quadrant summarizes Gartner’s yearly analysis of the SIEM market, examines the innovations driving that market, & compares the positions of leading competitor.
SANS Higher Education Survey: Balancing Accessibility with Security
Higher education has always balanced the need for open accessibility with the need to secure employee and student private data and internal data and networks. This whitepaper explores the results of the latest SANS survey covering how higher education institutions maintain a balance between the open nature of the academic world and the increasing security concerns and threats to sensitive and regulated data stored on a growing array of user devices.
Practical Threat Management & Incident Response for the SME
Due to small budgets, few or no dedicated security staff and overly complex security solutions, small and medium enterprises (SMEs) continue to face challenges in their efforts to proactively protect their networks, data and systems. This whitepaper written by SANS instructor Jake Williams examines what SMEs can do to protect themselves.
SIEM for Beginners
Get advice from security gurus on how to get up & running with SIEM quickly and painlessly. You'll learn about log collection, log management, log correlation, integrated data sources and how-to leverage threat intelligence in your SIEM implementation.
Wireless Intrusion Detection (WIDS) How-To Guide
Get instructions on the 5 basic steps to setup wireless intrusion detection services (WIDS) with AlienVault Unified Security Management™ (USM). You'll learn how to choose the right implementation, install your WIDS sensors, configure rsyslog and Kismet, and configure OpenVPN and AlienVault. AlienVault provides WIDS for visibility, security posturing, and compliance reporting. WIDS-specific information automatically flows into the USM correlation engine so you can include and use wireless information in the centralized web interface for incident response and compliance reports.
Vulnerability Management: Think Like an Attacker to Prioritize Risks
Attackers care about ROI – they want to accomplish their objective with the least investment of time and resources possible. To most effectively manage vulnerabilities, you need to think like the attacker: how would you how would you go about doing damage, exfiltrating valuable information and making money? What are the key assets in your network that you would target? How would you get to these assets? And how does the new attack strategy of implanting malicious code on your network by your users with well-known but tricky tactics like phishing factor in?
What is Log Correlation
Log correlation is the most powerful feature of Security Information and Event Management (SIEM.) The answers you need are invariably in the logs, but system logs don't say "Help! Help! I'm being broken into with a compromised account!" They say "Successful Login from Authenticated User." Log correlation is all about constructing rules that look for sequences and patterns in log events that are not visible in individual log sources. The analysis of log files in a SIEM would otherwise have to be done with repetitive human analysis.
451 Research Report: AlienVault USM - A Security Operations Center for the SMB
“AlienVault's USM is tailor-made for the needs of the security-savvy SMB. It offers affordability, and a comprehensive and ever-increasing feature set powered by the respectable AV Labs and Open Threat Exchange.” In this analyst report, Javvad Malik of 451 Research, reviews AlienVault's SMB- focused approach to SIEM and discusses the competitive landscape.
The Value of Crowd-Sourced Threat Intelligence
As an industry, we need a threat-sharing solution that allows IT practitioners to achieve preventative response by learning about how others are targeted, and then employ the right defenses to avoid becoming a target themselves. With this goal in mind, AlienVault created the Open Threat Exchange™ (OTX™) as an open information sharing and analysis network that provides real-time, actionable threat information submitted by over 8,000 contributors in more than 140 countries.
Practitioner’s Guide to a SOC
This guide is intended to provide a technical audience the core information necessary to evaluate the security controls essential to establishing a Security Operation Center (SOC). This guide will provide a solid understanding of what data a SOC needs to be able to effectively operate and what methods can be used to gather that data.
OSSIM vs Commercial Products
AlienVault believes in an open and collaborative approach to security. Based on OSSIM, the de facto standard open source SIEM created by AlienVault, the AlienVault Unified Security Management solution (USM) is well-suited to companies of all types and sizes. Our open source solution is a full-featured product, but may lack the full component of features and serves larger organizations require. Find out which AlienVault product works best for you.