Security monitoringProcess of collecting all device status and event information and processing normalized events for evidence of vulnerabilities, possible attacks, and other malicious activity. is often about monitoring often-overlooked things such as hostReference to a computer on a network., device, and application vulnerabilities, because those are typically the same things that attackersOne who maliciously attempts to bypass security restrictions or negatively impact a system or resource. will leverage against you later in carrying out attacks or attempting unauthorized accessAn incident-type categorization that may be a precursor to other actions or stages of an attack. to data or resources. A good network security monitoring system discovers things every day that provide value to security efforts. USM Anywhere can help to locate or identify:
- Misconfigured systems.
- Hosts that have fallen off the radar of assetAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers. management.
- Systems compromised by opportunistic malwareGeneric term for a number of different types of malicious code including viruses, worms, and Trojans. or other attacks by maliciousActivity in a system that exceeds or misuses that access in a manner that negatively affects the confidentiality, integrity, or availability of the organization's information systems. software.
- Inappropriate or unauthorized access of sensitive data or resources from both internal and external parties; for example, detecting web sites that should be blocked at the proxy serverComputer that acts as an intermediary for requests from computers seeking resources from other servers., but were not.
USM Anywhere priorities for network security operations are determined primarily by correlation rulesA correlation rule correlates incoming events based on previously defined relationships defined in the correlation directive, associating multiple events, of the same or different event types, from the same data source.. The rules link eventsAny traffic or data exchange detected by AlienVault products through a Sensor, or through external devices such as a firewall. together into meaningful bundles and turn data into useful information. Correlation is a function of USM Anywhere, which configures automated analysis of correlated events for identifying potential security threats and produces alerts to notify recipients of immediate issues. You can also create orchestration and suppression rules to secure your network security operations.