Free Trial Interactive Demo Get Quote
Intelligence Powered by AlienVault Labs.

Real-Time Security Intelligence from the Experts

View 3-minute demo video

Security analysts are a lot like detectives. During security incidents and investigations, they need to get to “whodunit” as quickly as possible. This is complicated, especially when mountains of security-relevant data are constantly being produced. Context is key: one piece of information by itself may mean nothing, but then again, it may become a very important piece of a larger puzzle.

Security intelligence is an essential part of putting that puzzle together. By automating the correlation of real-time events identified through built-in essential security, AlienVault’s Unified Security Management™ (USM™) platform provides the security analyst with all of the puzzle pieces in one single view.

Download a Free Trial

78%

of initial intrusions are rated as
low difficulty

Dynamic Incident Response Guidance - for Every Alarm.

Defend Against New Threats with Intelligence from AlienVault Labs

Being a security analyst isn’t easy. You don’t have all day to research new exploits. But it turns out AlienVault Labs is a team dedicated to doing just that. In addition, there are often so many items to respond to, it’s hard to know what to do next. AlienVault’s dynamic incident response guidance and it’s vigilance in discovering new malicious hosts and exploits can help you.

For each alarm that is generated by the AlienVault USM event correlation engine, customized step-by-step instructions are listed in our console. By providing contextually relevant workflow-driven response procedures, analysts know exactly what to do next. The AlienVault Labs research team has curated these how-to-respond instructions based on rich CSIRT experience, as well as our own threat intelligence.

For example, an alert might identify that a host on your internal network is attempting to connect to a malicious external host. The dynamic incident response guidance would include details about:

  • The internal host such as owner, network segment, and software that is installed
  • The network protocol in use and specific risks associated with it
  • The external host and what exploits it has executed in the past
  • The importance of identifying potential C&C (command and control) traffic
  • Specific actions to take for further investigation and threat containment – and why you should take them

Security Intelligence in Action.

To demonstrate the power of AlienVault’s unified security intelligence, consider the following example:

  • A port scan is detected by your firewall.
  • The source address of the scan is correlated with the destination address of an SSH session from an internal host. A lookup in USM’s asset inventory automatically identifies the risk profile of the internal host - the host is critical to business operations creating a critical security incident.
  • The compromised host is then scanned for other vulnerabilities from within USM and it is found to be missing a critical security patch.
  • The compromised host is patched and returned to service.
  • A complete forensic analysis for the past 30 days is run for the compromised host to determine if additional corrective action is required.
  • The incident is anonymized and reported to the AlienVault Labs so other AlienVault installations are protected from a similar exploit. Note: this step is optional, as you can opt-in to share this information.​

This whole process is run from AlienVault’s unified management console.

Download a Free Trial

Take a Product Tour.

Each alarm provides detailed and customized instructions on how to respond and investigate.
Executive dashboards provide overviews and click-through details about your security and compliance posture.
All you need to know about an asset for incident response and investigations – in one window.
Automated asset discovery provides granular details on all discovered devices in your network.
Targeted guidance eliminates the guesswork associated with integrating data sources and provides precise suggestions for improving visibility.
Built-in network flow analysis provides all the data you need for in-depth investigations – including full packet capture.
Secure storage of raw event data satisfies regulatory compliance requirements while an easy-to-use interface allows for quick searches.
Identify malicious actors attempting to interact with your network using our dynamic IP reputation data.
Real-time security intelligence identifies attackers and their methods for effective incident response.
Centralized, integrated "how to" documentation for all you need to know about USM.
Built-in network IDS, host-based IDS, and wireless IDS results in more accurate event correlation, faster deployment and simpler management.
Built-in vulnerability assessment simplifies security monitoring and speeds remediation.