AlienVault USM Deployment Options

Deployment Options

Maximum Deployment Flexibility to Fit Your Needs

In the Cloud
Through an MSSP

How Do You Want to Deploy Unified Security Management?

With the AlienVault® Unified Security Management™ (USM™) family of products, you can choose the right deployment model to fit your unique requirements. Whether you are a small business with one location, a mid-size organization needing to deploy a mix of hardware appliances in your network and virtual appliances in your data center, a business running portions of your operation in cloud environments, or an MSSP monitoring your customer’s infrastructure, the different USM family of products provide the flexibility you need.

You have the choice to deploy USM and manage it yourself on-premises or deploy just virtual sensors into your on-premises and cloud environments while centralizing collection and analysis from the cloud-hosted USM Anywhere, or you can rely on one of our authorized Managed Security Service Providers (MSSPs) to manage your AlienVault deployment. AlienVault’s USM family of products was built to give you the freedom to match your security solution with your environment, so pick your path.

Deployments the Way You Want

The AlienVault® family of products offers you the flexibility to decide how best to monitor your infrastructure, regardless of your organization’s size or mix between cloud and on-premises infrastructure. You can quickly deploy AlienVault USM Appliance™ in your virtual or physical data center to monitor your on-premises network.

Alternatively, you can use USM Anywhere™, a cloud-hosted security monitoring platform with sensors that deploy natively into your cloud environment and virtual sensors that deploy into your on-premises network, to give you a centralized view of your entire hybrid cloud infrastructure.

1USM Anywhere cloud sensors are not interoperable with USM Appliance products.

2AlienVault USM Appliance All-in-One products combine the Server, Sensor, and Logger components onto a single system.

3The AlienVault USM Appliance Standard and USM Appliance Enterprise product lines offer increased scalability and performance by provisioning dedicated systems for each component (Server, Sensor, and Logger).

For detailed information about these options,
Please download our datasheets here ›

Immediate Scalability. No Forklift Upgrades.

The USM Appliance All-in-One combines the Sensor, Logger, and Server components in a single virtual or hardware appliance. If your capacity needs or environment grows, you can quickly expand these All-in-One appliance deployments to become USM Appliance Standard or USM Appliance Enterprise deployments, where dedicated appliances perform each of these functions.

USM Anywhere is hosted in AlienVault’s Secure Cloud and allows you to expand as your monitoring and data collection needs grow. The USM Anywhere subscription is based on data volume and allows you to quickly and easily change your subscription to a higher volume as your data needs grow. Deploy sensors where you need them most, in your cloud and on-premises infrastructure.

In the Cloud
Through an MSSP

USM Anywhere Cloud-hosted

AlienVault USM Anywhere is a SaaS security monitoring solution that centralizes threat detection, incident response, and compliance management across your cloud, hybrid cloud, and on-premises environments.

Learn More

USM Anywhere uses lightweight cloud sensors to natively monitor Amazon Web Services and Microsoft Azure Cloud. On premises, virtual sensors run on VMware and Microsoft Hyper-V to monitor your physical and virtual IT infrastructure. Data collection, security analysis, and threat detection are centralized in the AlienVault Secure Cloud and provide you with a single view into both your cloud and on-premises infrastructure.

Deploying USM for Amazon Web Services (AWS)

In the Cloud
Through an MSSP

USM Appliance for a Single Location

This deployment consolidates all USM functions into a single hardware or virtual appliance for reduced complexity and rapid deployment. All event logs are forwarded to a single USM Appliance All-in-One for collection, aggregation, analysis, correlation, and reporting.

Deployment to single location

USM Appliance for Larger Networks with Multiple Remote Sites

Larger networks with a higher volume of events and / or performance requirements will want to deploy separate USM Standard or Enterprise components as either hardware or virtual appliances to benefit from the improved performance and capacity.

  • Server:
    Aggregates and correlates information gathered by the Sensors, and provides single pane-of-glass management, reporting and administration.
  • Logger:
    Securely archives raw event log data for forensic investigations and compliance mandates.
  • Sensor:
    Deploys throughout your network to discover assets, scan assets for software, services, and vulnerabilities, collect event data, and monitor network traffic, giving you everything you need for complete visibility.
In the Cloud
Through an MSSP

MSSPs Manage Multiple Remote Sites

MSSPs use the USM Appliance platform to deliver their managed security services to their customers. AlienVault USM Appliance supports a federated model that makes it easy for an MSSP to quickly deploy a USM Appliance into a customer environment and immediately begin monitoring. Alarm information is forwarded to a Federation server within the MSSP’s network, giving the MSSP’s SOC personnel real-time visibility into the threats discovered in their customer’s network, allowing them to quickly respond.

For example, an MSSP managing a customer with a main office and several branch offices would deploy USM Appliance Sensors in each branch office as well as the main office. The MSSP would deploy a USM Appliance All-in-One or USM Appliance Server in the main office as well, to manage all of the sensors and analyze the data from the different offices.

The Service Provider would then deploy another USM Appliance Server, the USM Appliance Federation Server, in its SOC to manage the customer’s deployment. All data from the customer’s network would reside in a USM Appliance Logger deployed in the MSSP’s secure environment.

This model allows MSSPs partnered with AlienVault to deliver monitoring services via their dedicated, highly talented SOC teams.

Learn More

Looking for a Managed Security Provider?

Managing Multiple Remote Sites

Watch a Demo ›