How It Works

Build a Successful Managed Security Service with AlienVault USM


Cost effective, scalable, easy to deploy and manage, AlienVault USM is built to meet the challenges of today’s dynamic Managed Security Service Provider (MSSP).

AlienVault USM Is Fast and Simple for MSSPs to Deploy and Manage

The AlienVault® Unified Security Management® (USM) platform is affordable, fast to deploy, and easy to manage. As a cloud-hosted service, USM Anywhere™ significantly reduces the cost and burden of on-site installation, management, and hardware maintenance. Because AlienVault manages the platform availability, security, log storage, and updates, you save significantly on time, effort, and total cost of ownership (TCO).

With USM Anywhere, only a lightweight sensor component sits in the customer’s cloud or on-premises environment, and setup is as simple as connecting the sensor to the USM Anywhere service in the AlienVault Secure Cloud. So, you can start detecting threats from Day One.

In addition, AlienVault USM supports a modern federation architecture, ideal for MSSPs. With USM Central™, MSSPs gain centralized visibility of all alarm activity from their customers’ deployments.

USM Anywhere Sensors

AlienVault USM uses lightweight sensors that are deployed in your customers’ cloud and on-premises environments to collect and normalize log data and other security-related data. This data is sent to the USM Anywhere service, hosted in the AlienVault Secure Cloud. Each sensor is purpose-built to fully leverage the native data collection methods of each environment: AWS, Azure, and on-premises physical and virtual infrastructure deployed on Hyper-V or VMware. This is the only component deployed in customer environment, commonly one sensor per environment type or location.

USM Anywhere Secure Cloud

AlienVault USM centralizes threat detection, incident response, and compliance management across your customers’ cloud, on-premises, and hybrid IT environments. A cloud-hosted service, AlienVault USM Anywhere collects and analyzes log data transferred through USM Anywhere sensors over an encrypted connection. Log data is stored long-term in the AlienVault Secure Cloud for compliance and forensics requirements, eliminating the challenges and expense of on-premises log storage.

USM central

USM Central enables you to centrally monitor all of your customers’ AlienVault USM deployments from a single location. A cloud-hosted service, it provides a consolidated view of alarms, vulnerabilities, and events and allows you to click-through to individual USM deployments to investigate and respond to incidents.

For AlienVault USM Appliance™ information, click here

Start Detecting Threats in 5 Easy Steps

Step One: Deploy Lightweight Sensors in Your Environment

To get started with AlienVault Unified Security Management (USM) Anywhere, simply download and deploy a cloud or virtual sensor in your cloud or on-premises environments.

USM Anywhere cloud sensors natively monitor Amazon Web Services and Microsoft Azure Cloud. On-premises, virtual sensors run on VMware and Microsoft Hyper-V to monitor your physical and virtual IT infrastructure.

Step Two: Scan Your Environment for Assets & Vulnerabilities

Once your USM sensors are installed and configured, you can begin to monitor your cloud and on-premises environments. When you log in to your USM Anywhere account, you can launch and schedule regular scans to discover assets and identify any vulnerabilities on those assets that could be exploited by attackers.

Step Three: Monitor for Threats & Malicious Behavior

Your USM Anywhere account is the control center for your hybrid cloud security. As soon as you log in, you see trends, dashboards, and alarms that simplify and accelerate your threat detection and incident response activities across your critical infrastructure.

USM Anywhere provides security monitoring of both your cloud and on-premises infrastructure, so all your security-related data is readily available in a single pane of glass.

Step Four: Analyze & Store Log Data in USM Anywhere

USM Anywhere collects, analyzes, and stores security-related log data from your cloud and on-premises infrastructure, including cloud access logs, VPC flow logs, asset access logs, and VMware access logs.

USM Anywhere’s advanced Search and Analysis interface allows you to quickly search and filter security- related data in highly granular ways, to pivot on selected data, and to generate compliance-ready custom report views. This makes it faster and easier to investigate incidents and to manage your overall security and compliance needs.

Step Five: Take Action to Defend Against Emerging Threats

USM Anywhere provides a single point of advanced security analysis, threat detection, incident investigation, and security orchestration.

With built-in Automated Action Response, you can automate your investigation and response activities by launching application actions based on threat data analyzed in USM Anywhere, create custom alarms, and decide when to supress noisy or false-positive alarms.

AlienVault Federation: A Better Approach

AlienVault uses a federated approach to monitoring multiple AlienVault USM deployments.

In a federated model, each of your end customers has their own, unique AlienVault USM deployment that collects, correlates and stores security events from across their cloud and on-premises environments. The alarm data from these deployments can be collected and monitored centrally in your SOC through USM Central. Together, AlienVault USM and USM Central deliver a scalable, federated solution, achieving the same functionality of multi-tenancy without the technical and business limitations.

The Advantages of the AlienVault USM Federated Approach Include:

  • COST: The “pay as you grow” model of the AlienVault USM federated architecture enables you to minimize costs upfront and as you grow your customer base.
  • QUALITY OF SERVICE: AlienVault‘s federated architecture is designed to isolate and prevent any issues affecting one of your customers to affect the quality of service (QoS) delivered to the rest of your customers.
  • DEPLOYMENT FLEXIBILITY: AlienVault USM gives you the ability to offer your customers the right-sized solution they need for their environment and budget. With role-based access controls (RBAC), you can determine the correct level of visibility and control for each customer deployment.
  • EASE OF USE: With USM Central, you can efficiently monitor all security activities across your customers’ environments and instantly click-through on any alarm to the individual AlienVault USM deployment, so you can investigate and respond quickly.
  • DATA MANAGEMENT: With USM Anywhere, each customer’s data is stored in its own dedicated container, completely isolated from other customers’ data. Whereas multi-tenancy is prone to data leakage and breakage that can affect multiple customer accounts, single-tenancy ensures that all customers’ data is kept separate and leak-proof.
  • DATA PRIVACY & COMPLIANCE: USM Anywhere and USM Central have been attested as compliant to PCI DSS, SOC 2, and HIPAA, giving you confidence in AlienVault’s ability to secure the confidentiality, integrity, and availability of your data and your customers’ data.

Get Started with the AlienVault MSSP Partner Program Today!

Become an AlienVault MSSP Partner today! Join hundreds of leading global MSSPs that are building successful and profitable managed security service offerings with AlienVault USM. As an AlienVault MSSP, you’ll have access to:

  • Special pricing and deployment options only available to AlienVault MSSPs
  • Dedicated AlienVault account managers and ongoing support
  • Exclusive sales, marketing, and educational resources to support your business
  • A large prospect base of organizations seeking an AlienVault MSSP Partner

become an mssp today