With the AlienVault® Unified Security Management™ (USM™) family of products, you can choose the right deployment model to fit your unique requirements. Whether you are a small business with one location, a mid-size organization needing to deploy a mix of hardware appliances in your network and virtual appliances in your data center, a business running portions of your operation in cloud environments, or an MSSP monitoring your customer’s infrastructure, the different USM family of products provide the flexibility you need.
You have the choice to deploy USM and manage it yourself on-premises or deploy just virtual sensors into your on-premises and cloud environments while centralizing collection and analysis from the cloud-hosted USM Anywhere, or you can rely on one of our authorized Managed Security Service Providers (MSSPs) to manage your AlienVault deployment. AlienVault’s USM family of products was built to give you the freedom to match your security solution with your environment, so pick your path.
The AlienVault® family of products offers you the flexibility to decide how best to monitor your
infrastructure, regardless of your organization’s size or mix between cloud and on-premises
infrastructure. You can quickly deploy AlienVault USM Appliance™ in your virtual or physical data
center to monitor your on-premises network.
Alternatively, you can use USM Anywhere™, a cloud-hosted security monitoring platform with
sensors that deploy natively into your cloud environment and virtual sensors that deploy into your
on-premises network, to give you a centralized view of your entire hybrid cloud infrastructure.
1USM Anywhere cloud sensors are not interoperable with USM Appliance products.
2AlienVault USM Appliance All-in-One products combine the Server, Sensor, and Logger components onto a single system.
3The AlienVault USM Appliance Standard and USM Appliance Enterprise product lines offer increased scalability and performance
by provisioning dedicated systems for each component (Server, Sensor, and Logger).
The USM Appliance All-in-One combines the Sensor, Logger, and Server components in a single virtual or hardware appliance. If your capacity needs or environment grows, you can quickly expand these All-in-One appliance deployments to become USM Appliance Standard or USM Appliance Enterprise deployments, where dedicated appliances perform each of these functions.
USM Anywhere is hosted in AlienVault’s Secure Cloud and allows you to expand as your monitoring and data collection needs grow. The USM Anywhere subscription is based on data volume and allows you to quickly and easily change your subscription to a higher volume as your data needs grow. Deploy sensors where you need them most, in your cloud and on-premises infrastructure.
AlienVault USM Anywhere is a SaaS security monitoring solution that centralizes threat detection, incident response, and compliance management across your cloud, hybrid cloud, and on-premises environments.
USM Anywhere uses lightweight cloud sensors to natively monitor Amazon Web Services and Microsoft Azure Cloud. On premises, virtual sensors run on VMware and Microsoft Hyper-V to monitor your physical and virtual IT infrastructure. Data collection, security analysis, and threat detection are centralized in the AlienVault Secure Cloud and provide you with a single view into both your cloud and on-premises infrastructure.
This deployment consolidates all USM functions into a single hardware or virtual appliance for
reduced complexity and rapid deployment. All event logs are forwarded to a single USM
Appliance All-in-One for collection, aggregation, analysis, correlation, and reporting.
Larger networks with a higher volume of events and / or performance requirements will want to
deploy separate USM Standard or Enterprise components as either hardware or virtual
appliances to benefit from the improved performance and capacity.
MSSPs use the USM Appliance platform to deliver their managed security services to their customers. AlienVault USM Appliance supports a federated model that makes it easy for an MSSP to quickly deploy a USM Appliance into a customer environment and immediately begin monitoring. Alarm information is forwarded to a Federation server within the MSSP’s network, giving the MSSP’s SOC personnel real-time visibility into the threats discovered in their customer’s network, allowing them to quickly respond.
For example, an MSSP managing a customer with a main office and several branch offices would deploy USM Appliance Sensors in each branch office as well as the main office. The MSSP would deploy a USM Appliance All-in-One or USM Appliance Server in the main office as well, to manage all of the sensors and analyze the data from the different offices.
The Service Provider would then deploy another USM Appliance Server, the USM Appliance Federation Server, in its SOC to manage the customer’s deployment. All data from the customer’s network would reside in a USM Appliance Logger deployed in the MSSP’s secure environment.
This model allows MSSPs partnered with AlienVault to deliver monitoring services via their dedicated, highly talented SOC teams.