AlienVault Threat Intelligence

Essential for Keeping Up with Today’s Cyber Threat Landscape.

In today’s dynamic and evolving threat environment, busy IT security teams don’t have the time or the resources to do threat analysis on their own. Instead, they turn to AlienVault Labs to do the heavy lifting for them by providing continuous updates to the threat intelligence integrated into the USM platform.
(Note: AlienVault Threat Intelligence is included in the first year license cost for every USM All-in-One appliance, Standard Server or Enterprise Server.)

Your USM platform receives updated Threat Intelligence every 30 minutes under the direction of the AlienVault Labs threat research team. This dedicated team spends countless hours analyzing the different types of attacks, emerging threats, suspicious behavior, vulnerabilities and exploits they uncover across the entire threat landscape. They also leverage the power of the AlienVault Open Threat Exchange™ (OTX), the world’s largest crowd-sourced repository of threat data. With over 26,000 participants from over 140 countries providing global insight into the latest attack trends and bad actors, USM users are assured they’ve got the most up-to-date, comprehensive threat intelligence in their USM deployment, on day one.

The AlienVault Advantage:

Ownership of both the USM platform’s built-in data sources and management platform gives AlienVault a unique advantage. Providing predictable data sources gives our threat research team a comprehensive understanding of the interactions between the different data types being correlated and analyzed. This in-depth knowledge then enables us to engineer the USM platform to provide effective security controls and seamlessly integrated threat intelligence for any environment.

AlienVault Labs Threat Intelligence drives USM security capabilities in identifying the latest threats, resulting in the broadest view of attacker techniques and effective defenses. Unlike single-purpose updates focused on only one security control, AlienVault Labs Threat Intelligence delivers eight coordinated rule sets to the USM platform, fueled by the threat research team’s organic research and collective power of OTX . These rule sets maximizes the efficiency of your security monitoring program by delivering the following updates directly to your AlienVault USM installation:

  • Correlation directives – USM ships with over 2,000 pre-defined rules that translate raw events into specific, actionable threat information. Regular updates to these rules ensure that you are covered on the latest threats.
  • Network IDS signatures – detect the latest threats in your network
  • Host IDS signatures – detect the latest threats on your critical systems
  • Asset discovery signatures – identify the latest operating systems, applications, and device information
  • Vulnerability assessment signatures – find the latest vulnerabilities on your systems
  • Reporting modules – provide new ways of viewing data about your environment and satisfying auditor requests
  • Dynamic incident response templates – customized guidance on how to respond to each alert
  • Newly supported data source plugins – expand your monitoring footprint

Smarter Security

With this easily consumable threat intelligence fueling your USM™ platform, you’ll be able to detect the latest threats and prioritize your response efforts. Specifically, you’ll extend your security program with:

Real-Time Botnet Detection

Identifies infection, compromise, and misuse of corporate assets

IP, URL, and Domain Reputation Data

Prioritizes response efforts by identifying known bad actors and infected sites

Data Exfiltration Detection

Prevents leakage of sensitive and proprietary data

APT (Advanced Persistent Threat) Detection

Detects targeted attacks often missed by other defenses

Command-and-Control Traffic (C&C) Identification

Identifies compromised systems communicating with malicious actors

Dynamic Incident Response and Investigation Guidance

Provides customized instructions on how to respond and investigate each alert

Advanced Alien Intelligence to
Combat Advanced Threats

Here are a few of our collection and analysis techniques:

Security Artifact Analysis

Using a wide range of collection techniques, including advanced sandboxing to quarantine malware samples, the AlienVault Threat Research team analyzes over 1 million unique security artifacts every day. This analysis provides key insights into the latest attacker tools and techniques.

Honeypot Deployment and Analysis

Our global honeypots are essentially “virtual venus fly traps” set up to detect, capture, and analyze the latest attacker techniques and tools. Leveraging honeypots placed in high traffic networks, our USM platform customers are armed with the latest defensive strategies in the form of updated event correlation rules, IDS and vulnerability signatures, and more.

Attacker Profile Analysis

We’re constantly monitoring hacker forums and underground networks for in-depth profiling of the common traits of cyber criminals. This information gives us unparalleled access for understanding the “attack horizon” and has resulted in major discoveries such as the evolution of Sykipot, Red October, and other malware outbreaks.

Open Collaboration with State Agencies, Academia, and Other Security Research Firms

Thanks to the broad reach of our threat intelligence sharing community, we’ve been able to establish strong connections with state agencies around the world, academic researchers and other security vendors. These relationships enable us access to pre-published vulnerability and malware updates as well as enhanced verification of our own research. By gathering threat intelligence from a diverse install base, spread across many industries and countries, and composed of organizations of all sizes, we’re able to shrink an attacker’s ability to isolate targets by industry or organization size.

Experience AlienVault Threat Intelligence for yourself.
The free trial includes continuous Threat Intelligence updates from AlienVault Labs.

Download a Free Trial

Take a Product Tour.

Real-time threat intelligence utilizes kill-chain taxonomy to identify attackers, their victims, their methods and their intents.
Each alarm provides detailed and customized instructions on how to investigate and respond to malicious activity.
Customizable executive dashboards provide overviews and click-through details about your security and compliance posture.
All you need to know about an asset for incident investigation and response – in one window.
Automated asset discovery provides granular details on all devices in your network.
Targeted guidance eliminates the guesswork associated with integrating data sources and provides precise suggestions for improving visibility.
Built-in network flow analysis provides all the data you need for in-depth investigations – including packet capture.
Secure storage of raw event data satisfies regulatory compliance requirements while an easy-to-use interface allows for quick searches.
Identify malicious actors attempting to interact with your network using our dynamic IP reputation data.
Centralized, integrated "how to" documentation for all you need to know about USM.
Built-in network IDS and host IDS results in more accurate threat detection and event correlation, faster deployment and simpler management.
Built-in vulnerability assessment simplifies security monitoring and speeds remediation.

Free Trial Demo Get Price ChatNeed help?