Emerging Threat Intelligence.

Essential for Today’s Cyber Threat Landscape.

Within today’s dynamic and evolving threat environment, busy IT security teams don’t have the time or the resources to do threat analysis on their own. Instead, they turn to research organizations, like AlienVault Labs, to do the heavy lifting for them.

Unlike single-purpose threat intelligence feeds focused on only one security control, AlienVault Labs Threat Intelligence delivers eight coordinated rulesets, fueled by the collective power of the Open Threat Exchange™.

AlienVault Labs Threat Intelligence drives USM security capabilities in identifying the latest threats, resulting in the broadest view of attacker techniques and effective defenses. AlienVault Labs Threat Intelligence maximizes the efficiency of your security monitoring program by delivering the following directly to your AlienVault Unified Security Management (USM) installation:

  • Network IDS signatures – detects the latest threats in your network
  • Host-based IDS signatures – detects the latest threats on your systems
  • Asset discovery signatures – identifies the latest operating systems, applications, and device information
  • Vulnerability assessment signatures – to find the latest vulnerabilities on your systems
  • Correlation rules – translates raw events into actionable remediation tasks
  • Reporting modules – provides new ways of viewing data about your environment
  • Dynamic incident response templates – delivers customized guidance on how to respond to each alert
  • Newly supported data source plug‐ins – expands your monitoring footprint

Smarter Security

With this easily consumable threat intelligence fueling your USM™ platform, you’ll be able to detect the latest threats and prioritize your response efforts. Specifically, you’ll extend your security program with:

Real-Time Botnet Detection

Identifies infection and misuse of corporate assets

IP, URL, and Domain Reputation Data

Prioritizes response efforts by identifying known bad actors and infected sites

Data Exfiltration Detection

Prevents leakage of sensitive and proprietary data

APT (Advanced Persistent Threat) Detection

Detects targeted attacks often missed by other defenses

Command-and-Control Traffic (C&C) Identification

Identifies compromised systems communicating with malicious actors

Dynamic Incident Response and Investigation Guidance

Provides customized instructions on how to respond and investigate each alert

Advanced Alien Intelligence to
Combat Advanced Threats

Here are a few of our collection and analysis techniques:

Malware Analysis

Using advanced sandboxing techniques to quarantine malware samples while we conduct static and dynamic analysis, we analyze over 500,000 unique malware samples every day. This analysis provides key insights into the latest attacker tools and techniques.

Honeypot Deployment and Analysis

Our global honeypots are essentially “virtual venus fly traps” set up to detect, capture, and analyze the latest attacker techniques and tools. Leveraging honeypots placed in high traffic networks, our threat intelligence subscribers are armed with the latest defensive strategies in the form of updated event correlation rules, IDS and vulnerability signatures, and more.

Attacker Profile Analysis

We’re constantly monitoring hacker forums and underground networks for in-depth profiling of the common traits of cyber criminals. This information gives us unparalleled access for understanding the “attack horizon” and has resulted in major discoveries such as the evolution of Sykipot, Red October, and other malware outbreaks.

Open Collaboration with State Agencies, Academia, and Other Security Research Firms

Thanks to the broad reach of our threat intelligence sharing community, we’ve been able to establish strong connections with state agencies around the world, academic researchers and other security vendors. These relationships enable us access to pre-published vulnerability and malware updates as well as enhanced verification of our own research. By gathering threat intelligence from a diverse install base, spread across many industries and countries, and composed of organizations of all sizes, we’re able to shrink an attacker’s ability to isolate targets by industry or organization size.

Download a Free Trial

Take a Product Tour.

Each alarm provides detailed and customized instructions on how to respond and investigate.
Executive dashboards provide overviews and click-through details about your security and compliance posture.
All you need to know about an asset for incident response and investigations – in one window.
Automated asset discovery provides granular details on all discovered devices in your network.
Targeted guidance eliminates the guesswork associated with integrating data sources and provides precise suggestions for improving visibility.
Built-in network flow analysis provides all the data you need for in-depth investigations – including full packet capture.
Secure storage of raw event data satisfies regulatory compliance requirements while an easy-to-use interface allows for quick searches.
Identify malicious actors attempting to interact with your network using our dynamic IP reputation data.
Real-time security intelligence identifies attackers and their methods for effective incident response.
Centralized, integrated "how to" documentation for all you need to know about USM.
Built-in network IDS, host-based IDS, and wireless IDS results in more accurate event correlation, faster deployment and simpler management.
Built-in vulnerability assessment simplifies security monitoring and speeds remediation.

Free Trial Demo Get Price ChatNeed help?