The AlienVault product team is constantly working to improve USM and OSSIM for all users. Over the past few months, we’ve conducted extensive user experience interviews and studies to analyze how customers are using our product, and to identify key areas where we can make your life better, your work easier, and help you spend your time more effectively. Here is a video on 5.3 focusing on one of the new features.
The need for speed
In v5.3, our primary focus is on efficiency – how can we help you get to the information you need more quickly and use the product in a more efficient way. Based on your feedback, we’ve made the following changes to help you work more quickly.
No more sticky notes! Every alarm in USM and OSSIM has an alarm ID. You can use these IDs to search for alarms in the Web UI or to link directly to the alarm in the URL to help you find and share the information you need faster.
Vulnerability Scans for Large Networks
Monitoring a big network? You don’t need to create multiple scans anymore. Run vulnerability scans on any size network - including a /16 network. Large scans will be split up into multiple scans of 3500 assets each and will run consecutively.
Alarm and Event Risk
The first thing you’ll notice is the new color-coded risk visualizations on the alarm and events screens. Green for low, orange for medium, and red for high. Risk is calculated based on the reliability and priority of the event and the asset value that has been assigned to the asset involved. Additionally, we’ve updated our filters so that you can quickly see all events and alarms with a certain level of risk.
Improved Policy Creation
We know how cumbersome it can be to create policies for USM and OSSIM, so we tried to make things a bit easier. In v5.3, you can quickly create policies based on risk by setting alerts for any events with reliability/priority "greater than" or "less than" a certain level.
Bulk Delete Messages in the Message Center
Clean up that inbox and manage your messages more efficiently. You can now delete multiple messages at once in the Message Center, instead of deleting them one by one.
Know what your users are doing on your network
Beyond efficiency, the second focus for our team was to improve your ability to detect insider threats. According to the 2016 Verizon Data Breach Report, “The majority of use of unapproved hardware in breaches involve use of USB drives to steal data.” AlienVault v5.3 delivers several enhancements to improve your ability to find indicators of insider threats such as data exfiltration and unauthorized user activity. These enhancements also improve your ability to comply with the latest regulatory requirements.
USB Device Detection
USB devices are the most common type of unapproved hardware used to steal data during a breach. As an enhancement to our insider threat detection capabilities, USM and OSSIM alert you when a USB device connects to an asset in your environment.
User Logon Activity
USM and OSSIM alert you when users log on and log off of machines in your environment so that you can keep track of where users are spending time on your network.
Stay up-to-date with the latest compliance changes
Along with enhancements noted above, we’ve updated our PCI DSS reports to be compatible with the new PCI DSS 3.2 standard. As of October 31, 2016, the existing PCI DSS 3.1 standards will expire and organizations will be expected to comply with the changes made in PCI DSS 3.2. Learn more about how AlienVault helps you achieve PCI compliance.
For more information about v5.3, you can check out the release notes on the forums. We would love to hear your feedback on the new release, so please post your questions and comments. If you’re new to AlienVault and you’d like to see how to put these features to work in your own environment, feel free to create your own personalized demo, explore the online demo, or download the free trial today.