AlienVault USM Anywhere provides five essential security capabilities in a single SaaS platform, giving you everything you need to detect and respond to threats and manage compliance. As a cloudThe use of many computers connected over a network to run multiple programs or applications at the same time, instead of running them on a local device or network.-based security solution, you can scale your threat detection and response capabilities as your hybrid environment changes.
The USM Anywhere cloud security management platform receives continuous updates from the AT&T Alien Labs™ Security Research Team. This team analyzes the different types of attacks, emerging threats, suspicious behavior, vulnerabilities, and exploitsPiece of software, data, or a sequence of commands that takes advantage of a flaw or vulnerability to cause unintended or unanticipated behavior to occur in software or hardware, that result in gaining increased privileges and access privileged data. that they uncover across the entire threat landscape.
USM Anywhere supplements the Security Research Team with data from AT&T Alien Labs™ Open Threat Exchange® (OTX™The world’s first truly open threat intelligence community that enables collaborative defense with actionable, community-powered threat data. This repository provides a continuous view of real time malicious activity.). OTX is the largest and most authoritative crowd-sourced threat intelligenceEvidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice about an existing or emerging hazard to assets that can be used to inform decisions regarding the subject's response to that hazard. exchange in the world.
Here is a brief description of the essential functions that USM Anywhere provides:
- Asset Discovery is an essential security capability of USM Anywhere, which discovers assetsAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers. in your environment, detects changes in assets, and discovers malicious assets in the network.
- Vulnerability Assessment, which is done in authenticated state, identifies vulnerabilities or compliance by comparing the installed software on assets with a database of known vulnerabilities. VulnerabilityA known issue or weakness in a system, procedure, internal control, software package, or hardware that could be used to compromise security. scans can be performed manually or scheduled to be performed periodically.
- Intrusion DetectionSecurity system capability that attempts to detect actions that may compromise the confidentiality, integrity, or availability of a resource. monitors network traffic for malicious activityActivity in a system that exceeds or misuses that access in a manner that negatively affects the confidentiality, integrity, or availability of the organization's information systems., monitors system log messages, and monitors user activity. Intrusion detection for USM Anywhere consists of network-based intrusion detection (NIDSNetwork Intrusion Dectection System (NIDS) monitors network traffic and events for suspicious or malicious activity using the sensors that provide management and network monitoring interfaces to networks and network devices.) components.
- Behavioral Monitoring identifies suspicious behavior and potentially compromised systems. USM Anywhere provides continuous monitoring of services run by particular systems. Data used for behavioral monitoringProcess of collecting all device status and event information and processing normalized events for evidence of vulnerabilities, possible attacks, and other malicious activity. and analysis is collected from network devices and user behavior. USM Anywhere has access to logs in the cloud (AzureMicrosoft Azure is a cloud computing platform and infrastructure created by Microsoft for building, deploying, and managing applications and services through a global network of Microsoft-managed data centers.: Monitor, AWSSuite of cloud computing services from Amazon that make up an on-demand computing platform.: CloudTrailAWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you., S3, ELBElastic Load Balancing automatically distributes incoming application traffic across multiple Amazon EC2 instances in the cloud.) and VMware logs.
- SIEMSecurity Information and Event Management (SIEM) systems employ a variety of separate tools to monitor host and network resources for threat activity and compliance status. and Log Management correlates and analyzes security eventInformation collected and displayed that describes a single system or user level activity that took place. data and respond. USM Anywhere SIEM draws intelligence from different sources including the Alien Labs Threat Intelligence SubscriptionThe AT&T Alien Labs™ Threat Intelligence Subscription provides subscribers with the ability to detect the latest threats with continually updated correlation rules, IDS signatures, vulnerability audits, asset discovery signatures, IP reputation data, collection and data source plugins, and report templates. and OTX. Correlation rulesA correlation rule correlates incoming events based on previously defined relationships defined in the correlation directive, associating multiple events, of the same or different event types, from the same data source., created by the Security Research Team, are used to identify patterns associated with malicious activity. OTX threat data provides IP reputationThreat ranking of IP addresses that have been submitted by the OTX community as being malicious or at least suspicious. information and OTX pulsesOTX pulses provide information on the reliability of threat data, who reported a threat, and other details of threat investigations., which consist of Indicators of Compromise (IOCs)An artifact observed with some degree of confidence to be an indication of a threat or intrusion. that identify a specific threat.
HIDS can be used to spot problems on hostReference to a computer on a network. endpoints, and can include file integrity monitoringA mechanism for validating the integrity of operating system and application software files using a verification method between the current file state and a known, good baseline. It is one of the most powerful techniques used to secure IT infrastructures and business data against a wide variety of both known and unknown threats., rootkitCollection of tools (programs) used to mask intrusion and obtain access to all commands and files of a computer or computer network. and registry checks. NIDS passive sniffing interfaces can analyze network payload data to monitor for potentially malicious activity.
All of USM Anywhere's various security operation features and functionality are accessible from the USM Anywhere web UI.