How it Works - AlienVault USM Anywhere

How it Works

From Installation to Security Insights in Minutes

In a few simple steps, USM Anywhere delivers advanced threat detection and incident response in your cloud, hybrid cloud, and on-premises environments.


Take a Test Drive of USM Anywhere Now

Get Complete Security Visibility in Minutes

AlienVault’s® Unified Security Management™ (USM) Anywhere provides complete security monitoring for your cloud, hybrid cloud, and on-premises IT infrastructure. With five essential security capabilities in an all-in-one cloud platform, USM Anywhere simplifies and accelerates threat detection and compliance management for today’s resource- constrained organizations.

Delivered as a software as a service (SaaS), USM Anywhere consists of a highly scalable, two-tier architecture to manage and monitor every aspect of your hybrid cloud security.

USM Anywhere Secure Cloud

USM Anywhere Secure Cloud delivers centralized cloud security management, including security analysis, threat detection, compliance-ready log management, and reporting. All data that is sent from the USM Anywhere Sensors in your cloud environment to the AlienVault Secure Cloud is securely transferred over an encrypted connection.

USM Anywhere Sensors

USM Anywhere uses lightweight cloud and virtual sensors that are purpose-built to monitor your cloud and on-premises environments. The sensors collect security-related data from across your environments and then sends that data to the USM Anywhere Secure Cloud for security analysis, threat detection, and incident response.

Start Detecting Threats in 5 Easy Steps

Step One: Deploy Lightweight Sensors in Your Environment

To get started with AlienVault Unified Security Management (USM) Anywhere, simply download and deploy a cloud or virtual sensor in your cloud or on-premises environments.

USM Anywhere cloud sensors natively monitor Amazon Web Services and Microsoft Azure Cloud. On-premises, virtual sensors run on VMware and Microsoft Hyper-V to monitor your physical and virtual IT infrastructure.

Step Two: Scan Your Environment for Assets & Vulnerabilities

Once your USM sensors are installed and configured, you can begin to monitor your cloud and on-premises environments. When you log in to your USM Anywhere account, you can launch and schedule regular scans to discover assets and identify any vulnerabilities on those assets that could be exploited by attackers.

Step Three: Monitor for Threats & Malicious Behavior

Your USM Anywhere account is the control center for your hybrid cloud security. As soon as you log in, you see trends, dashboards, and alarms that simplify and accelerate your threat detection and incident response activities across your critical infrastructure.

USM Anywhere provides security monitoring of both your cloud and on-premises infrastructure, so all your security-related data is readily available in a single pane of glass.

Step Four: Analyze & Store Log Data in USM Anywhere

USM Anywhere collects, analyzes, and stores security-related log data from your cloud and on-premises infrastructure, including cloud access logs, VPC flow logs, asset access logs, and VMware access logs.

USM Anywhere’s advanced Search and Analysis interface allows you to quickly search and filter security- related data in highly granular ways, to pivot on selected data, and to generate compliance-ready custom report views. This makes it faster and easier to investigate incidents and to manage your overall security and compliance needs.

Step Five: Take Action to Defend Against Emerging Threats

USM Anywhere provides a single point of advanced security analysis, threat detection, incident investigation, and security orchestration.

With built-in Automated Action Response, you can automate your investigation and response activities by launching application actions based on threat data analyzed in USM Anywhere, create custom alarms, and decide when to supress noisy or false-positive alarms.

AlienApps Extend Security Orchestration Capabilities!

USM Anywhere is a highly extensible platform that leverages AlienApps— modular software components tightly integrated into the USM Anywhere platform that extend, orchestrate, and automate functionality between the built-in security controls in USM Anywhere and other third-party security and productivity tools. With AlienApps, you can:  

  • Collect critical data from your on-premises and cloud infrastructure as well as cloud services
  • Enrich your data and analyze it using the latest AlienVault Threat Intelligence
  • Orchestrate and automate your incident investigation and response activities
  • Gain new security capabilities as new AlienApps are introduced into USM Anywhere as the threat landscape evolves

We’ve Got a Plugin for That

In addition to the AlienApps ecosystem, USM Anywhere includes hundreds of plugins, so you can readily ingest security data from the existing data sources in your environment.

The AlienVault USM Anywhere Plugin library provides source-optimized data collection for a complete range of technologies, making it easy for you to get complete visibility into your entire environment.

View the current list of plugins in USM Anywhere >

Don’t see the plugin you’re looking for? AlienVault will build a plugin for most commercially available products at no additional charge. Just submit a request and we will build it for you.

Request a USM Anywhere plugin here >

USM Anywhere Sensor Requirements


  • t2. large instance in a virtual private cloud (VPC) or an m3. large in EC2-Classic
  • 12GB EBS Volume for short-term storage of your data as it is processed
  • Internet connection to USM Anywhere Secure Cloud


  • Virtualization Environment of VMware ESXi 5.1 or later
  • 4 Processing Cores
  • 12 GB RAM dedicated to VMware
  • 100 GB Storage


  • An Azure account with privileges
  • A virtual network inside the resource group
  • Administrative credentials for your Linux (ssh) and Windows (WinRM) instances
  • A subnet inside the virtual network
  • Administrative access to Active Directory within Azure
  • A storage account
  • Internet connection to USM Anywhere Secure Cloud


  • Virtualization Environment of 2012 R2 OS with either Hyper-V Manager or Virtual Machine Manager
  • 4 Processing Cores
  • 12 GB RAM dedicated to VMware
  • 100 GB Storage


Achieve Confidence, Clarity, & Control Over Your IT Chaos with USM Anywhere

USM Anywhere centralizes threat detection, incident response, and compliance management across your cloud, hybrid cloud, and on-premises environments. See how it can transform security for your organization today!

Watch a Demo ›