Free Trial Interactive Demo Get Quote
Avoid Noise, Catch Threats, & Respond Quickly

Intrusion Detection System (IDS) Software

IDS best practices for deploying and managing intrusion detection system software.

AlienVault Unified Security Management™ provides you complete security visibility by delivering three types of intrusion detection system (IDS) software, combined with all of the essential security capabilities built-in and continuous threat intelligence updates from AlienVault Labs. Learn More

Download a Free Trial

  • Includes network intrusion detection (NIDS), host-based intrusion detection (HIDS), and wireless intrusion detection (WIDS)
  • Utilizes real-time insights from OTX based on crowd-sourced info on known malicious hosts
  • Stays current with continuous updates including new rule sets, signatures, reports, and more
  • Offers full threat context and step-by-step response guidance for attacks
  • Deploys and provides insights in less than an hour
of all targeted attacks were aimed
at businesses with fewer than
2,500 employees
of all attacks targeted
organizations with fewer
than 250 employees

Intrusion Detection Systems Built In

Catch Threats Anywhere Within Your Network

 When it comes to finding the threats in your environment, you need intrusion detection systems everywhere on your network. Today’s attacks can easily bypass gateway firewalls, and the single system on your DMZ isn’t enough to catch them. With AlienVault USM™, you can deploy intrusion detection anywhere and everywhere in your environment for complete, multi-layered security to catch threats wherever they exist within your network.

Host-based Intrusion Detection (HIDS) and File Integrity Monitoring (FIM)

Built-in host-based intrusion detection software analyzes system behavior and configuration status to track user access and activity as well as identify potential security exposures such as:

  • System compromise
  • Modification of critical configuration files (e.g. registry settings, /etc/passwd)
  • Common rootkits
  • Rogue processes

Network Intrusion Detection (NIDS)

Built-in software including Snort and Suricata provides signature-based anomaly detection, and protocol analysis technologies. This enables you to identify the latest attacks, malware infections, system compromise, policy violations, and other exposures.

Wireless Intrusion Detection (WIDS)

Built-in wireless software identifies rogue network access points, unauthorized login attempts, encryption-level in use, and other anomalous behavior that may be found on your wireless networks.

“We needed the ability to know if/when a possible/probable security violation occurs vs. constant monitoring by an individual. AlienVault fulfills this need.”

IT Professional,
Medium Enterprise Security Products & Services Company

“Having one platform that provides all the security information we need in one place is essential.”

Security Manager,
Medium Enterprise Health Care Company

“My favorite feature of AlienVault is how it ties in established industry standard tools, such as Snort and OSSEC, into one overall security management system. With AlienVault it’s easy to pick and choose the components that are important to me and ignore those that have little use.”

IT Systems Analyst,
Large Enterprise Financial Services Company

AlienVault Unified Security Management

Intrusion Detection Plus Other Essential Security Tools

Single-purpose IDS tools can only see the traffic on the networks they monitor. Additionally, stand alone IDS are notorious for false positives. AlienVault USM delivers a complete view into the security of your environment by combining intrusion detection software with automated asset discovery, vulnerability data, netflow analysis, event correlation and visibility to known malicious hosts. These security capabilities help reduce the "noise" that you can experience with IDS by correlating information from diverse sources to eliminate alarms that are not valid.

Faster Deployment Time

Go from install to insights in less than an hour with USM. All of the built-in security controls are pre-integrated and optimized to work together out of the box.

Low Administrative Overhead

Deploy and manage your IDS, HIDS, WIDS, SIEM, and more from the same console.

Tuned Event Correlation

With the core data sources are already built-in, our 1600 event correlation rules are already "fine tuned" and optimized, right out of the box.

Full Packet Capture

Any packet that triggers an IDS signature is automatically captured and displayed with the IDS event. Session monitoring and full packet capture can then be invoked for more extensive forensic investigation.

Reduced False Positives

IDS are notorious for "false positives" where events seem to indicate an intrusion, but are actually harmless. AlienVault USM helps reduce false positives by cross-correlating multiple security tools, including asset inventory, IDS, vulnerability scanning, behavioral analysis and visibility to netflow data.

Full Threat Context

All you need to know about an incident is captured in each alarm, including asset information (such as OS, software, identity), vulnerability data, visibility to netflow data, raw log data, and more.

Actionable Alarms

AlienVault USM includes many security monitoring methods to gather information from a variety of threat vectors. Because you have access to asset information, you can get to root cause faster than ever.

Continually Updated Signatures and Rules

Receive continuous and coordinated updates to catch the latest threats.

Augment Your Existing IDS

Integrate for Multi-Layered Threat Detection

The most insidious threats are those that infiltrate through your perimeter defenses, so extending your intrusion detection toolset throughout your network is essential.

Integrate with IDS Technologies

Already have an IDS on your gateway or DMZ? Simply forward your IDS and IPS event logs to our USM Sensor, and we'll correlate this data with our built-in IDS and other monitoring tools for full multi-layered threat detection.

Detect Sophisticated Threats

By deploying IDS throughout your network and installing HIDS on critical servers, you'll be able to catch sophisticated threats like "low and slow" attacks and other stealthy malicious activity that a single perimeter-based IDS on its own wouldn't catch.

Get Integrated Event Correlation

Benefit from our built-in IDS tools as well as our log analysis and event correlation engine. For example, USM's multi-layered threat detection and built-in SIEM event correlation will identify events such as:

  • Insider threats and other suspicious behavior
  • Privileged user activity - authorized and unauthorized
  • Policy violations such as use of unauthorized software or services
  • Data exfiltration attempts

Global Threat Intelligence, Localized for You

Utilize Global Threat Intelligence Automatically

Attacks morph over time and new exploits are discovered every day. AlienVault Labs
does the heavy lifting for you, with a variety of collection and analysis techniques,
continually updating your USM installation continually with new signatures, rules,
reports, and plug ins.

Daily Malware Analysis

Using advanced sandboxing techniques to quarantine malware 
samples while we conduct static and dynamic analysis, we analyze over 500,000 unique malware samples every day. This analysis provides key insights into the latest attacker tools and techniques.

Honeypot Deployment and Analysis

Our global honeypots are essentially “virtual venus fly traps” set up to detect, capture, and analyze the latest attacker techniques and tools. Leveraging honeypots placed in high traffic networks, our threat intelligence subscribers are armed with the latest defensive strategies in the form of updated event correlation rules, IDS and vulnerability signatures, and more.

Attacker Profile Analysis

We’re constantly monitoring hacker forums and underground networks for in-depth profiling of the common traits of cyber criminals. This information gives us unparalleled access for understanding the “attack horizon” and has resulted in major discoveries such as the evolution of Sykipot, Red October, and other malware outbreaks.

Threat Intelligence Collaboration

We’ve been able to establish strong connections with state agencies around the world, academic researchers and other security vendors. These relationships enable us access to pre-published vulnerability and malware updates as well as enhanced verification of our own research.

8,000+ Collection points in more than 140 countries
500,000 Unique malware samples analyzed
every day

Attack Alarms and Investigation

Investigate Root Cause Faster Than Ever

Instantly know the who, what, where, when and how of attacks – no matter where they originate.

Actionable Alarms

AlienVault USM includes several different security monitoring technologies to gather information on a variety of threat vectors. Because we provide you access to everything you need to know about an asset, you can get to root cause faster than ever.

Risk Prioritization

AlienVault Labs Threat Intelligence applies more than 1600 event correlation rules against the raw event log data we collect, as well as the events triggered by our built-in intrusion detection software. This enables rapid, accurate, and actionable guidance that interprets the severity of the exposure based on the full threat context.

Attack Categorization

Each alarm is categorized by the intent of the attacker for effective prioritization, so you know which events to focus on for deeper investigation and analysis.


In terms of remediation, AlienVault USM can notify people via email, open a ticket in the built-in ticketing system, or integrate with an external help desk / ticketing system. It can also be configured to execute a script to take automated and custom actions, based on your environment. USM's built-in software ticketing system creates trouble tickets from vulnerability scans and alarms. These tickets specify who owns the remediation, the status and descriptive information. The tickets also provide a historical record of issues handled, as well as the capability to transfer tickets, assign them to others and push work to other groups.

Step-by-Step Investigation Instructions

AlienVault Labs provides specific, contextual guidance on what to do when an alarm is triggered, so you can contain and investigate the incident quickly.