Free Trial Interactive Demo Get Quote
Understand Your Network & Identify Intruders.

Behavioral Monitoring Software

View 3-minute demo video

Preventative security measures are often unsuccessful, with new polymorphic malware, and zero day exploits. Therefore it’s important to be on the watch for intruders. Context is critical when evaluating system and network behavior. For example, an abundance of Skype traffic in the network used by your inside sales team is probably a normal part of operations. However, if the database server that houses your customer list suddenly shows a burst of Skype traffic something is likely wrong.

As soon as AlienVault’s Unified Security Management™ (USM™) platform is installed, the behavioral monitoring functionality starts gathering data to help you understand “normal” system and network activity. Using the built-in network behaviour monitoring you can simplify the incident response when investigating an operational issue or potential security incident. And because USM combines network behavioral analysis with service availability monitoring, you'll have a full picture of system, service, and network anomalies.

Download a Free Trial

69%

of all data breaches are discovered
by external parties.

Network Behavioral Analysis

Behavioral monitoring for your network & systems is essential for spotting unknown threats. It's also useful in investigating suspicious behavior and policy violations.

When it comes to identifying threats in your environment, the best approach is a multi-layered one. Intrusion detection systems (network, host-based, and wireless IDS) identify known threats, and network behavior analysis can help you identify anomalies and other patterns that signal new, and unknown threats.

With AlienVault’s Unified Security Management platform, you can achieve complete and multi-layered security. AlienVault USM provides the fusion of essential security capabilities required for reliable threat detection - fueling your incident response program and helping you meet various compliance requirements. By using a single unified console, the security analyst can break down security silos for a more seamless workflow.

Specifically, the behavioral monitoring capabilities built into AlienVault USM provide this core functionality with the following techniques:

Service & Infrastructure Monitoring

provides continuous monitoring of services run by particular systems. On a periodic basis, or on demand, the device is probed to confirm that the service is still running and available. This lightweight, continuous monitoring will detect unexpected service outages throughout your critical infrastructure.

Network Flow Analysis

performs network behavior analysis without needing the storage capacity required for full packet capture. Network flow analysis provides the high-level trends related to what protocols are used, which hosts use the protocol, and the bandwidth usage. This information can then be accessed in the same interface as the asset inventory and alarm data to simplify incident response.

Network Protocol Analysis / Full Packet Capture

allows security analysts to perform full protocol analysis on network traffic enabling a full replay of the events that occurred during a potential breach. This level of network monitoring can be used to pinpoint the exploit method used or to determine what specific data was exfiltrated.

Download a Free Trial

Take a Product Tour.

Each alarm provides detailed and customized instructions on how to respond and investigate.
Executive dashboards provide overviews and click-through details about your security and compliance posture.
All you need to know about an asset for incident response and investigations – in one window.
Automated asset discovery provides granular details on all discovered devices in your network.
Targeted guidance eliminates the guesswork associated with integrating data sources and provides precise suggestions for improving visibility.
Built-in network flow analysis provides all the data you need for in-depth investigations – including full packet capture.
Secure storage of raw event data satisfies regulatory compliance requirements while an easy-to-use interface allows for quick searches.
Identify malicious actors attempting to interact with your network using our dynamic IP reputation data.
Real-time security intelligence identifies attackers and their methods for effective incident response.
Centralized, integrated "how to" documentation for all you need to know about USM.
Built-in network IDS, host-based IDS, and wireless IDS results in more accurate event correlation, faster deployment and simpler management.
Built-in vulnerability assessment simplifies security monitoring and speeds remediation.