What It Is:
AlienVault Reputation Monitor Alert is a free service that alerts you whenever your public IPs and domains appear in the Open Threat Exchange (OTX), indicating they could be compromised. OTX contains data from a wide range of sources including AlienVault users, other security researchers and vendors. Discovering your IPs here is a prime indicator that they could be already compromised. The OTX Reputation Monitor Alert service also monitors your DNS registration and SSL certificates to make sure there aren’t any unwanted changes.
Why It Works:
Reputation Monitor Alert leverages the power of OTX, the world’s first truly open threat intelligence community that enables collaborative defense with actionable, community-powered threat data. Over 26,000 participants from over 140 countries, from organizations of all sizes across many industries and countries, contribute data to OTX today. This global, continuously updated threat intelligence helps you secure your networks from system compromise, data loss, and service disruption.
1) Join the AlienVault Community
2) Submit Your IPs & Domains
3) Activate Email Alerts
You simply join OTX, submit your IPs and domains, and we’ll take care of the rest… If we discover a problem, we’ll send you an email or you can monitor it from the web interface. The free Reputation Monitor Alert service does not require USM or OSSIM™; however, we do recommend these for complete and unified security monitoring.
Administrators of AlienVault OSSIM and USM deployments can voluntarily contribute IP reputation data from a broad range of devices in their environment (firewalls, proxies, web servers, anti-virus systems, and intrusion detection/prevention systems). They can also contribute Indicators of Compromise (IoCs) to OTX pulses that contain more details. The AlienVault Labs team verifies and curates the data in OTX, ensuring its accuracy, relevance, and timeliness. By gathering threat data from a diverse install base, composed of organizations of all sizes across many industries and countries, OTX is able to limit an attacker’s ability to isolate targets by industry or organization size.
Monitoring your public-facing assets’ reputation with Reputation Monitor Alert is very important, but it is crucial to monitor the reputation of the systems interacting with your network.
OTX integrates with AlienVault USM and OSSIM to provide you constantly updated threat intelligence about malicious IPs, URLs, domains and other indicators of compromise (IOCs) s related to hosts communicating with your network.
|AlienVault USM leverages OTX’s community-generated threat intelligence to detect and alert you to malicious activity in your network. By correlating IOCs with events from network components such as firewalls, proxies, web servers, anti-virus systems, and intrusion detection systems, USM helps you prioritize and respond to threats faster.|
|Picture this: you are investigating a potential security incident after you receive an alarm in USM that has identified a suspicious connection with a known malicious host. You check the OTX data (integrated in USM) and see that this host has been communicating with other assets in your environment. This alerts you to potential compromise and/or breaches that may have gone unnoticed otherwise. This saves you valuable time when investigating alerts and allows you to respond in a more agile and efficient manner.||You also get visibility to details about the assets under attack, including OS, installed software and known vulnerabilities on the system, all from the same USM console. With USM and OTX, you finally have the visibility you need to secure your network, with all the security tools you need at your fingertips.|