Today we released version 5.0 of our Unified Security Management platform, also known as USM. It’s been an action-packed three weeks as our super-hero dev crew has delivered three great products, one each week:
- An AWS-native version of our USM platform that provides monitoring capabilities that anyone who has tried to use CloudTrail or wondered how to secure their AWS instances in the “shared responsibility” model you should check out
- A beta version of the next-gen of OTX, OTX 2.0, built on a social media platform that will enable unmatched accessibility to data, research, and researchers--it will transform how the world conducts threat research. Learn more in the blog about it.
- A new version of our USM platform that accelerates and simplifies threat detection and response, on day one. I’m going to take a minute and talk about the major enhancements that are in the USM 5.0 release, since you’ve already heard about USM for AWS and OTX 2.0
The ideation behind the USM product line is to deliver features that accelerate and simply our customers’ ability to detect and respond to threats on day one. We build our products specifically for IT teams with limited resources, and we always want to make it easier for you to do your job more effectively.
With that in mind, here are some of the great features in UMS 5.0, and why we added them:
Learn more about USM 5.0 here. You’ll see how quickly you can get information on threats within your network that you weren’t aware of.
Asset-Oriented Security – We focused a lot of attention on improving our user experience and workflow to simplify threat detection and response, specifically focused on your assets. Our goal was to put security and threat information about your assets at your fingertips.
The rationale for focusing on assets is simple—in any given day, IT teams typically have questions like ‘should that system be on the network”, “what is the status of my in-scope devices”, “what systems are vulnerable to that new exploit” and many other asset-related questions. In other words, we focused on assets because you focus on assets.
Our customers are looking for a tool to answer many of those questions. They want to see that information in one place and to see it quickly and take action--get summary and detailed information on assets, and then drill into the details from that one screen. For example, you can now see a summary of all of the vulnerabilities, alarms, and events on any asset on the network, all on one screen.
See information including vulnerabilities, alarms and events for any asset and drill down into any element for more insight.
With USM 5.0, we improved the ability to create and manage groups of assets. You can manage the underlying assets at the group level and create groups any combination of assets quickly and easily, to match your workflows and best practices. You can enable or disable functionality and run vulnerability scans on the assets. You can also create customize labels for device attributes, which is very helpful when managing multiple sites and/or clients.
10X database performance increase – We gave our DB a 10X performance boost and improved the storage capacity. We know how frustrating it can be to wait for queries to run or reports to generate. So we upgraded the DB to minimize the time you spend waiting for the system to generate the information you need. This means that you will be able to correlate and analyze more data, faster, and for longer periods of time than before.
We also increased DB compression. This gives you more capacity to store your network events over a longer period of time, and it scales to fit your needs as your network grows. You’ll be able to store more events locally as well, which accelerates and improves correlation, reporting, and forensic analysis.
There’s a new Rapid Response Message Center as well– We centralized all security advisories, threat intelligence updates, availability of new updates and patches, in-system messages, warnings, and errors, in one place. We did this to make sure you are aware of critical events and essential information related to the operation of the USM platform.
In speaking to our customers, one important piece of feedback we received was that many of them didn’t know where to go to see in-system messages (such as disk space running out), or external messages (such as new threat intelligence updates from AlienVault Labs or a new release from the AlienVault dev team).
After listening to our customers, we improved the usability of USM 5.0 by putting all of these alerts, updates, and messages in one place to make it easier for you to get the information you need and respond quickly to system issues and breaking threats.
The last thing I want to highlight is the new Launchpad training class that teaches new owners about the USM platform’s full range of capabilities, so you can make the most of your new USM platform on day one. The USM platform is feature-rich, and new users are sometimes unaware of all the capabilities that ships with every USM platform. We are including one seat to this class with every USM All-in-One, USM Standard, or USM Enterprise appliance purchased, to ensure our customers are dialed in to the wealth of functionality at their fingertips.