AlienVault Threat Intelligence

Essential for Keeping Up with Today’s Cyber Threat Landscape.

In today’s dynamic and evolving threat environment, busy IT security teams don’t have the time or resources to do threat analysis of emerging threats on their own. Instead, they turn to AlienVault Labs to do the research for them with continuous Threat Intelligence updates that are fully integrated into the USM platform for threat assessment, detection, and response.
(Note: The AlienVault Threat Intelligence Service is included in the first year license cost for every USM All-in-One appliance, Standard Server or Enterprise Server.)

Your USM platform receives updates every 30 minutes from the AlienVault Labs threat research team. This dedicated team spends countless hours analyzing the different types of attacks, emerging threats, suspicious behavior, vulnerabilities and exploits they uncover across the entire threat landscape.

The AlienVault Advantage:

Ownership of both the built-in data sources and the management platform that make up the USM platform gives AlienVault a unique advantage over other security point products. Providing predictable data sources enables our threat research team to have a comprehensive understanding of the interactions between the different data types being collected, correlated and analyzed. This in-depth knowledge enables us to engineer the USM platform to provide effective security controls and seamlessly integrated threat intelligence for any environment.

AlienVault Labs Threat Intelligence drives the USM platform’s threat assessment capabilities by identifying the latest threats, resulting in the broadest view of threat vectors, attacker techniques and effective defenses. Unlike single-purpose updates focused on only one security control, AlienVault Labs regularly delivers eight coordinated rule set updates to the USM platform. These updates eliminate the need for you to spend precious time conducting your own research on emerging threats, or on alarms triggered by your security tools. These rule sets maximize the efficiency of your security monitoring program by delivering the following updates directly to your AlienVault USM installation:

  • Correlation directives – USM ships with over 2,000 pre-defined rules that translate raw events into specific, actionable threat information by linking disparate events from across your network
  • Network IDS signatures – detect the latest malicious traffic on your network
  • Host IDS signatures – identify the latest threats targeting your critical systems
  • Asset discovery signatures – detect the latest operating systems, applications, and device information
  • Vulnerability assessment signatures – uncover the latest vulnerabilities on your systems
  • Reporting modules – receive new views of critical data about your environment to management and satisfy auditor requests
  • Dynamic incident response templates – customized guidance on how to respond to each alert
  • Newly supported data source plugins – expand your monitoring footprint by integrating data from legacy security devices and applications

Threat detection trusted by thousands of customers.

Abel & Cole AutoGrid American Express Nasdaq

Finding Smaller Needles
in Bigger Haystacks

Identify the Most Significant Threats Facing Your Network Right Now.

IT teams of all sizes suffer from having too much security event data and not enough actionable threat intelligence. Many security tools generate a steady stream of alerts about important (and not so important) activity, causing IT teams to sacrifice their valuable time by trying to manually correlate disparate activity in their log files. They dig through thousands of seemingly innocuous events, hoping to find those few indicators that can signify system compromise or data breach. At the same time, attack techniques have become more sophisticated, making breaches harder to detect.

Logs carry important information such as what your users are doing, what data they are accessing, the performance of your systems and overall network health. They will also contain evidence of system compromise and data exfiltration, if you know where to look. However, reading raw logs isn’t easy, for several reasons, including:

  • Logs vary from system to system or even from version to version on the same system
  • They are usually hard to interpret and not easily read by IT staff
  • Logs are focused on recording events generated by each system and have limited visibility (e.g., a firewall sees packets and network sessions, while an application sees users, data, and requests)
  • Logs are static, fixed points in time, without the full context or sequence of related events.

AlienVault USM solves these problems with its powerful correlation engine. Over 2,000 pre-built correlation directives continuously analyze event data to identify potential security threats in your network. USM automatically detects and links behavior patterns found in disparate yet related events generated across different types of assets, telling you what are the most significant threats facing your network right now.

Smarter Security

With this easily consumable threat intelligence fueling your USM™ platform, you’ll be able to detect the latest threats and prioritize your response efforts. Specifically, you’ll extend your security program with:

Real-Time Botnet Detection

Identifies infection, compromise, and misuse of corporate assets

IP, URL, and Domain Reputation Data

Prioritizes response efforts by identifying known bad actors and infected sites

Data Exfiltration Detection

Prevents leakage of sensitive and proprietary data

APT (Advanced Persistent Threat) Detection

Detects targeted attacks often missed by other defenses

Command-and-Control (C&C) Traffic Identification

Identifies compromised systems communicating with malicious actors

Dynamic Incident Response and Investigation Guidance

Provides customized instructions on how to respond and investigate each alert

Advanced Alien Intelligence to
Combat Advanced Threats

Here are a few of our collection and analysis techniques:

Security Artifact Analysis

Using a wide range of collection techniques, including advanced sandboxing to quarantine malware samples, the AlienVault Threat Research team analyzes over 1 million unique security artifacts every day. This analysis provides key insights into the latest attacker tools and techniques.

Honeypot Deployment and Analysis

Our global honeypots are essentially “virtual venus fly traps” set up to detect, capture, and analyze the latest attacker techniques and tools. Leveraging the insight gained by honeypots placed in high traffic networks, our AlienVault Labs team arms our USM customers with the latest defensive strategies in the form of updated event correlation rules, IDS and vulnerability signatures, and more.

Attacker Profile Analysis

We’re constantly monitoring hacker forums and underground networks for in-depth profiling of the common traits of cyber criminals. This information gives us unparalleled access for understanding the “attack horizon” and has resulted in major discoveries such as the evolution of Sykipot, Red October, and other malware outbreaks.

Open Collaboration with State Agencies, Academia, and Other Security Research Firms

Thanks to the broad reach of our threat intelligence sharing community, we’ve been able to establish strong connections with state agencies around the world, academic researchers and other security vendors. These relationships enable us to get access to pre-published vulnerability and malware updates as well as enhanced verification of our own research. By gathering community-powered threat intelligence from a diverse installed base that is spread across many industries and countries and composed of organizations of all sizes, we’re able to shrink an attacker’s ability to isolate targets by industry or organization size.

Ready to learn more?
The free trial includes continuous Threat Intelligence updates from AlienVault Labs.

Download a Free Trial

Take a Product Tour.

Real-time threat intelligence utilizes kill-chain taxonomy to identify attackers, their victims, their methods and their intents.
Each alarm provides detailed and customized instructions on how to investigate and respond to malicious activity.
Customizable executive dashboards provide overviews and click-through details about your security and compliance posture.
All you need to know about an asset for incident investigation and response – in one window.
Automated asset discovery provides granular details on all devices in your network.
Targeted guidance eliminates the guesswork associated with integrating data sources and provides precise suggestions for improving visibility.
Built-in network flow analysis provides all the data you need for in-depth investigations – including packet capture.
Secure storage of raw event data satisfies regulatory compliance requirements while an easy-to-use interface allows for quick searches.
Identify malicious actors attempting to interact with your network using our dynamic IP reputation data.
Centralized, integrated "how to" documentation for all you need to know about USM.
Built-in network IDS and host IDS results in more accurate threat detection and event correlation, faster deployment and simpler management.
Built-in vulnerability assessment simplifies security monitoring and speeds remediation.

Threat Intelligence Resources:

Free Trial Demo Get Price ChatNeed help?