How it Works - AlienVault USM Anywhere

How It Works

From Installation to Security Insights in Minutes


In a few simple steps, AlienVault USM Anywhere delivers advanced threat detection, incident response, and compliance management across your cloud, on-premises, and hybrid environments.

Get Complete Security Visibility in Minutes

AlienVault® USM Anywhere™ provides centralizes security monitoring for your cloud, on-premises, and hybrid IT environments, including cloud applications like Office 365 and G Suite. With multiple essential security capabilities in one unified platform, USM Anywhere simplifies and accelerates threat detection and compliance management for today’s resource-constrained IT security teams.

Delivered as a cloud service, USM Anywhere deploys rapidly and enables you to start detecting threats within minutes. Because there’s no hardware appliance to install or maintain in your data center, you save significant time, resources, and money for an overall low total cost of ownership.

USM Anywhere uses virtual sensors that run on VMware and Microsoft Hyper-V to monitor your on-premises physical and virtual IT infrastructure. In the cloud, lightweight cloud sensors natively monitor Amazon Web Services and Microsoft Azure Cloud. Security analysis and log storage are centralized in the AlienVault Secure Cloud and provide you with centralized security visibility of your critical infrastructure.

USM Anywhere also receives a continuous stream of threat intelligence updates from the AlienVault Labs Security Research Team, so you always have the latest security intelligence at your fingertips. AlienVault Labs leverages data from the Open Threat Exchange® (OTX™) — the world’s largest open threat community—to gain expansive intelligence on threats as they appear in the wild.

USM Anywhere Secure Cloud

AlienVault USM Anywhere centralizes threat detection, incident response, and compliance management across all of your environments. A cloud-hosted service, USM Anywhere collects and analyzes log data transferred through the USM Anywhere sensors over an encrypted connection. Log data is stored long-term in the AlienVault Secure Cloud for compliance and forensics requirements, eliminating the challenges and expense of on-premises log storage.

USM Anywhere Sensors

AlienVault USM Anywhere uses lightweight sensors deployed in your cloud and on-premises environments to collect and normalize log data and other security-related data. This data is sent to the USM Anywhere service, hosted in the AlienVault Secure Cloud. Each sensor is purpose-built to fully leverage the native data collection methods of each environment: AWS, Azure, and on-premises physical and virtual infrastructure deployed on Hyper-V or VMware. This is the only component deployed in your environment, commonly one sensor per environment, location, or cloud account.

Continuous Threat Intelligence

AlienVault USM Anywhere receives the latest threat intelligence from the AlienVault Labs Security Research Team. This team constantly analyzes emerging threats and delivers continuous threat intelligence updates automatically to your USM platform, including IDS signatures, correlation rules, remediation guidance, and more. With integrated threat intelligence, USM Anywhere stays up to date as you monitor your environment for emerging threats — zero effort required.

Start Detecting Threats in 5 Easy Steps

Step One: Deploy Lightweight Sensors in Your Environment

To get started with AlienVault Unified Security Management (USM) Anywhere, simply download and deploy a cloud or virtual sensor in your cloud or on-premises environments.

USM Anywhere cloud sensors natively monitor Amazon Web Services and Microsoft Azure Cloud. On-premises, virtual sensors run on VMware and Microsoft Hyper-V to monitor your physical and virtual IT infrastructure.

Step Two: Scan Your Environment for Assets & Vulnerabilities

Once your USM sensors are installed and configured, you can begin to monitor your cloud and on-premises environments. When you log in to your USM Anywhere account, you can launch and schedule regular scans to discover assets and identify any vulnerabilities on those assets that could be exploited by attackers.

Step Three: Monitor for Threats & Malicious Behavior

Your USM Anywhere account is the control center for your hybrid cloud security. As soon as you log in, you see trends, dashboards, and alarms that simplify and accelerate your threat detection and incident response activities across your critical infrastructure.

USM Anywhere provides security monitoring of both your cloud and on-premises infrastructure, so all your security-related data is readily available in a single pane of glass.

Step Four: Analyze & Store Log Data in USM Anywhere

USM Anywhere collects, analyzes, and stores security-related log data from your cloud and on-premises infrastructure, including cloud access logs, VPC flow logs, asset access logs, and VMware access logs.

USM Anywhere’s advanced Search and Analysis interface allows you to quickly search and filter security- related data in highly granular ways, to pivot on selected data, and to generate compliance-ready custom report views. This makes it faster and easier to investigate incidents and to manage your overall security and compliance needs.

Step Five: Take Action to Defend Against Emerging Threats

USM Anywhere provides a single point of advanced security analysis, threat detection, incident investigation, and security orchestration.

With built-in Automated Action Response, you can automate your investigation and response activities by launching application actions based on threat data analyzed in USM Anywhere, create custom alarms, and decide when to supress noisy or false-positive alarms.

Flexible Deployment Options for Any Organization

Every organization deserves a strong security posture, regardless of the size of your IT environment or the size of your IT security budget. That’s why AlienVault offers flexible deployment options and pricing that spans the SMB to the Enterprise.

With multiple editions, you can choose the right deployment model to fit your unique requirements. Whether you are a small business starting a security program, a mid-size organization with a mix of on-premises and cloud infrastructure, or a geographically distributed enterprise with multiple sites, AlienVault USM Anywhere provides the flexibility you need.

USM Anywhere’s subscription-based pricing making it affordable for even small IT security teams to get started with a with a low-risk, minimal investment. There’s no need to spend heavily upfront or to oversize the solution for future growth. The platform and pricing tiers readily scale as you grow. Our pricing model is straight forward and gradual, so you can be confident that USM Anywhere will continue to meet your needs as you grow without any sudden or unexpected price spikes.

 

AlienVault USM Anywhere™

Essentials

Provides the essential security capabilities needed for effective threat detection and response, enabling small IT teams to establish a security and compliance program quickly, easily, and affordably.

Standard

Ideal for IT security teams that are looking to gain operational efficiency and significantly reduce their time to response through advanced security orchestration, automated incident response, and deep security analysis.

Enterprise

Designed for organizations with large or heavily distributed IT environments. It includes higher capacity options for monthly data volumes, 24 x 7 support, and federation capabilities so you can centrally monitor all sites and infrastructures, easily and efficiently.

Managed Security Service

AlienVault has a global network of certified Managed Security Service Provider (MSSP) partners that deliver robust and cost-effective managed security and compliance services using AlienVault USM. If you are interested in outsourcing your security monitoring or simply need some help to extend your security monitoring program, we can help you find the right MSSP.

AlienVault USM Appliance ™

AlienVault USM Appliance is a self-hosted appliance option for organizations that require an on-premises solution. It provides security monitoring for physical and virtual on-premises infrastructure only.

Get Complete Security Visibility Into

Orchestrate and Automate Your Security with AlienApps!

USM Anywhere is a highly extensible platform that leverages AlienApps— modular software components tightly integrated into the USM Anywhere platform that extend, orchestrate, and automate functionality between the built-in security controls in USM Anywhere and other third-party security and productivity tools. With AlienApps, you can:  

  • Collect critical data from your on-premises and cloud infrastructure as well as cloud services
  • Enrich your data and analyze it using the latest AlienVault Threat Intelligence
  • Orchestrate and automate your incident investigation and response activities
  • Gain new security capabilities as new AlienApps are introduced into USM Anywhere as the threat landscape evolves

Learn more about AlienApps ›

We’ve Got a Plugin for That

In addition to the AlienApps ecosystem, USM Anywhere includes hundreds of plugins, so you can readily ingest security data from the existing data sources in your environment.

The AlienVault USM Anywhere plugin library provides source-optimized data collection for a complete range of technologies, making it easy for you to get complete visibility into your entire environment.

View the current list of plugins in USM Anywhere >

Don’t see the plugin you’re looking for? AlienVault will build a plugin for most commercially available products at no additional charge. Just submit a request and we will build it for you.

Request a USM Anywhere plugin here ›

Watch a Demo ›
GET PRICE FREE TRIAL CHAT