AlienVault USM Anywhere

AlienVault USM Anywhere:

Protect Your Network & Cloud with One Unified Security Solution


Explore USM Anywhere with Our Online Demo!

Threat Detection & Incident Response for All Your Environments

AlienVault® USM Anywhere™ is a SaaS security monitoring solution that centralizes threat detection, incident response, and compliance management across your on-premises, cloud, or hybrid environments.

Unlike any other security solution on the market today, USM Anywhere delivers five essential security capabilities in a unified SaaS solution, giving you everything you need to keep your business secure in a single pane of glass. It combines asset discovery, vulnerability management, intrusion detection, SIEM, and behavioral monitoring in one affordable and easy-to-use solution.

With USM Anywhere, you can avoid the time, expense, and resources required to maintain multiple point security solutions in your data center and cloud infrastructure. Instead, you can focus on what matters most — protecting your IT infrastructure against today’s emerging threats.

USM Anywhere uses virtual sensors that run on VMware and Microsoft Hyper-V to monitor your on-premises physical and virtual IT infrastructure. In the cloud, lightweight cloud sensors natively monitor Amazon Web Services and Microsoft Azure Cloud.

Data collection, security analysis, and threat detection are centralized in the AlienVault Secure Cloud and provide you with a single view into all of your critical infrastructure.

USM Anywhere also receives a continuous stream of threat intelligence updates from the AlienVault Labs Security Research Team, so you always have the latest security intelligence at your fingertips. Additionally, AlienVault Labs leverages data from the Open Threat Exchange® (OTX®) — the world’s largest open threat community—to gain expansive intelligence on threats as they appear in the wild.

Get Complete Security Visibility Into

AlienApps Extend Security Orchestration Capabilities!

USM Anywhere is a highly extensible platform that leverages AlienApps— modular software components tightly integrated into the USM Anywhere platform that extend, orchestrate, and automate functionality between the built-in security controls in USM Anywhere and other third-party security and productivity tools. With AlienApps, you can:  

  • Collect critical data from your on-premises and cloud infrastructure as well as cloud services
  • Enrich your data and analyze it using the latest AlienVault Threat Intelligence
  • Orchestrate and automate your incident investigation and response activities
  • Gain new security capabilities as new AlienApps are introduced into USM Anywhere as the threat landscape evolves

The Unified Security Management Difference

5 Essential Security Capabilities in a Single Console

AlienVault USM Anywhere provides five essential security capabilities in a single SaaS platform, giving you everything you need to detect and respond to threats and manage compliance.

Asset Discovery

Know who and what is connected

  • API-powered asset discovery
  • Network asset discovery
  • Software & services discovery

Asset Discovery

Vulnerability Assessment

Know where vulnerabilities expose you to exploitation and compromise

  • Network vulnerability scanning
  • Cloud vulnerability scanning
  • Cloud infrastructure assessment

Vulnerability Assessment

Intrusion Detection

Know when suspicious activities happen in your environment

  • Cloud IDS
  • Network IDS
  • Host IDS
  • File Integrity Monitoring

Threat Detection

Behavioral Monitoring

Identify suspicious behavior and potentially compromised systems

  • Cloud access logs (Azure: Monitor, AWS: CloudTrail, S3, ELB)
  • AWS VPC Flow monitoring
  • Asset access logs
  • VMware access logs

Behavioral Monitoring


Correlate and analyze security event data and respond

  • Event correlation
  • Incident response
  • Integrated AlienVault Open Threat Exchange™ data
  • 12-month raw log retention

Security Intelligence

alienvault labs

Actionable Threat Intelligence Delivered Directly to You

Most teams don’t have unlimited resources to research the latest threats in the wild. That’s why the AlienVault Labs Security Research Team works on your behalf to scour the global threat landscape for emerging latest attack methods, bad actors, and vulnerabilities that could impact your security. This team analyzes hundreds of thousands of threat indicators daily and delivers continuous threat intelligence updates automatically to your USM environment, in the form of actionable IDS signatures, correlation rules, remediation guidance, and more. With this integrated threat intelligence subscription, you always have the most up-to-date threat intelligence as you monitor your environment for emerging threat.

To provide deeper and wider insight into attack trends and bad actors, the AlienVault Labs Security Research Team leverages the power of the Open Threat Exchange® (OTX™)—the world’s first truly open threat intelligence community. This community of security researchers and IT professionals collaborate and share millions of threat artifacts as they emerge “in the wild,” so you get global insight into attack trends and bad actors that could impact your operations.

Learn More About Threat Intelligence ›

Centralized Security Visibility Into All Your Environments


USM Anywhere provides centralized security monitoring, incident response, and compliance management across all your cloud and on-premises environments, so you achieve complete visibility of your security posture with one solution.

USM Anywhere natively monitors –

  • AWS and Microsoft Azure public clouds
  • Virtualized on-premises / private clouds on VMware and Hyper-V virtual machines
  • Physical IT infrastructure in your data center
  • Offices, retail stores, and other on-premises facilities

USM Anywhere uses purpose-built cloud sensors to monitor your Amazon Web Services and Microsoft Azure cloud environments, and VMware and Hyper-V virtual sensors to monitor your virtual and physical on-premises infrastructure. Security-related data is collected and sent to the AlienVault Cloud for security analysis, threat correlation, and secure, compliance-ready data storage.

Centralized security monitoring in USM Anywhere gives you powerful threat detection capabilities across your cloud and on-premises landscape, helping to eliminate your security blind spots and regain control over shadow IT. Even as you migrate workloads and services from your data center to the cloud, you have the assurance of continuous security visibility.

Discover the Difference of Unified Security Management for the Data Center & the Cloud

USM Anywhere goes beyond other unified security solutions on the market today. Here’s how –


  • Monitor cloud and on-premises IT infrastructure from a single location
  • Eliminate your security blind spots and shadow IT
  • Ensure continuous security monitoring as you migrate services and workloads to the cloud


  • Scan your environments for assets, vulnerabilities, and emerging threats
  • Collect IDS and behavioral monitoring data from on-premises and cloud infrastructure
  • Analyze and store your log data with built-in SIEM


  • Monitor your AWS and Azure environments from one cloud-based solution
  • Deploy faster and get immediate security insights into your cloud environment
  • Get the assurance of a dedicated, single-tenant data store


  • Explore your security data faster and deeper with an interactive security analyzer
  • Orchestrated security threat detection and auto-responses for greater ease of use
  • Extend your security orchestration capabilities with AlienApps
  • Evolve to graph-based Security Analytics for more advanced security analysis


  • Get deeper and wider insight into attack trends and bad actors without having to research
  • Tap into OTX - the world’s largest open community of threat intelligence


  • Lower your total cost of ownership by eliminating data center, hardware, setup fees, and maintenance
  • Continuously save on operational costs without sacrificing reliability and regular upgrades
  • Scale your security monitoring as you grow your operations

Cloud-Readiness Built at the Core

USM Anywhere is one of the few truly cloud-native security monitoring solutions built in the cloud for the cloud. It uses direct hooks into cloud infrastructure provides’ APIs to give you a richer data set, greater control over your cloud security, and immediate visibility of your cloud environment within minutes of installation. USM Anywhere leverages native cloud infrastructure provider services like AWS CloudWatch and Azure Monitor to collect data from your cloud environments, creating a more seamless and efficient way to monitor your cloud security.


USM Anywhere supports long-term log retention, known as “cold storage.” By default, USM Anywhere enables 12 months of cold storage with the ability to extend your long-term storage capacity. In addition, USM Anywhere supports a “write once, read many” (WORM) approach to prevent log data from being modified.


When you send sensitive security-related data to a security monitoring solution in the cloud, you want to ensure that your data is protected and leak-proof. That’s why AlienVault uses a single-tenant data store architecture to securely manage all of our customers’ accounts.

With USM Anywhere, your data is stored in its own dedicated container, which is completely isolated from other customers’ data. Whereas multi-tenancy is prone to data leakage and breakage that can affect multiple customer accounts, (especially as SaaS providers scale) single-tenancy ensures that all customers’ data is kept separate and leak-proof. It’s a better architecture for you and for us.

Powerful Security Analysis at Your Fingertips


USM Anywhere provides advanced security orchestration rules that automate actions and responses according to your needs, making your work more efficient. You can –

  • Reduce alarm “noise” with suppression rules
  • Generate custom alarms based on any parameter
  • Auto-respond to events with orchestration rules
  • Create orchestration rules for third-party AlienApps


USM Anywhere takes a new approach to SIEM event correlation that makes security analysis faster, more flexible, and more effective than ever. With our unique Graph-based Analytics Engine, you can –

  • View a complete state model of your environment at any given time as well as compare different time periods
  • Run ad-hoc queries on large and complex data sets faster and more efficiently
  • Enhance correlation by keying off of connections between assets, users, and activities in your infrastructure and the changes occurring between them.


When you centralize security monitoring of all your cloud and on-premises IT environments, you need a highly efficient way to parse large amounts of security-related data from across a complex and dynamically changing IT infrastructure. USM Anywhere provides a more intuitive and flexible interface to search and analyze your security-related data. With it, you can –

  • Search and filter in highly granular ways
  • Pivot around selected data for deeper analysis
  • Create and export custom data views and compliance-ready reports

All the Benefits of Security Monitoring Delivered as a SaaS Solution

Say Goodbye to Expensive Hardware

With a SaaS solution, you can eliminate hardware costs, set up fees, and ongoing maintenance costs to reduce your total cost of ownership.

High Reliability Delivered

We work hard to ensure high reliability and deliver regular system upgrades so that you don’t have to.

Scale as Your Business Grows

USM Anywhere is sized and priced to suit your business needs today and in the future. As you grow, simply add more capacity. View Pricing ›

Accessible from Anywhere

With USM Anywhere, you can monitor your security posture from anywhere. So, you can finally stop spending your holidays in the office server room.

Fast & Easy Deployment

Take deployment from months to minutes. Simply download and activate your USM Anywhere Sensors to start seeing security-related events.

Reduced Time to Benefit

With a rapid install, minimal configurations, and instant, actionable security insights, you can start detecting threats in USM Anywhere on Day One.

Future-Proof Your Investment

USM Anywhere is a highly extensible platform, so you’ll continue to benefit as new AlienApps for security and productivity are launched.

Secure Data at Rest and in Transit

All data is sent via an encrypted connection to AlienVault’s Secure Cloud. Your data is stored in an isolated single-tenant data store with unique SSH credentials.

SC Media 5-Star
CRN Partner Program Guide Winner 2017
SC Magazine Awards 2017 Europe Winner
Forbes Cloud 100 2017
Deloitte Fast 500
Cybersecurity Excellence Awards Winner 2017
Watch a Demo ›