AlienVault Unified Security Management Data Sheet

Datasheet: AlienVault® USM Appliance

Powerful Threat Detection & Response for On-Premises Environments

AlienVault’s USM Appliance accelerates and simplifies threat detection, incident response and compliance management for IT teams with limited resources, starting on Day One. With essential security controls and integrated threat intelligence built-in, AlienVault USM Appliance puts complete security visibility of threats affecting your network and how to mitigate them within fast and easy reach.

Whether large or small, all organizations need complete visibility to:

  • Detect emerging threats across their environments
  • Respond quickly to incidents and conduct thorough investigations
  • Measure, manage, and report on compliance (PCI, HIPAA, ISO, and more)
  • Optimize existing security investments and reduce risk

USM Appliance delivers this complete security visibility by providing the five essential security capabilities in a unified platform, controlled by a single management console:

  • Asset Discovery - active and passive network discovery
  • Vulnerability Assessment – active network scanning, continuous vulnerability monitoring
  • Intrusion Detection - network and host IDS, file integrity monitoring
  • Behavioral Monitoring - netflow analysis, service availability monitoring
  • SIEM - log management, event correlation, analysis, and reporting

Integrated Threat Intelligence

AlienVault’s Threat Intelligence subscription maximizes the effectiveness of any security monitoring program by providing regularly updated correlation directives, intrusion detection signatures, response guidance, and much more. These constant updates enable the USM platform to analyze the mountain of event data from all of your data sources, and tell you exactly what are the most important threats facing your network right now, and what to do about them. Our threat experts spend countless hours researching the latest exploits, malware strains, attack techniques, and malicious IPs, so you don’t have to. We incorporate this expertise into our extensive and growing library of customizable correlation directives that ship with the USM platform, eliminating the need for you to conduct your own research and write your own correlation rules, giving you the ability to detect and respond to threats on day one.

The AlienVault Labs Security Research Team also curates the Open Threat Exchange™ (OTX™), the world’s first truly open threat intelligence community that enables collaborative defense with open access to collaborative research on emerging threats. OTX integrates with USM Appliance and enables everyone in the OTX community to actively collaborate, strengthening their own defenses while helping others do the same.

AlienVault USM Appliance: How it Works

All AlienVault USM Appliance products include these three core components available as hardware or virtual appliances:

USM Appliance Sensor - deployed throughout your network to collect logs to provide the five essential security capabilities you need for complete visibility.

USM Appliance Server - aggregates and correlates information gathered by the Sensors, and provides single pane-of-glass management, reporting and administration.

USM Appliance Logger – securely archives raw event log data for forensic investigations and compliance mandates.

USM Appliance All-in-One - combines the Server, Sensor, and Logger components onto a single system.

Deployment Options That Fit Your Unique Network

All of the AlienVault USM Appliance products are available in various models, based on size, scale, and configuration requirements. To make things even easier, no matter what deployment option you choose, every USM Appliance component works the same way and is fully interoperable with all other models, minimizing the training costs. For example, you can deploy an AlienVault USM Appliance Server as a hardware appliance, USM Appliance Sensors as virtual appliances, and a USM Appliance Logger as a hardware appliance, if that is what your business requires. The important thing is that no matter where your assets are and what your network looks like, you have full security visibility – all managed in one place.

Additionally, you can instantly upgrade each of our USM Appliance products as your environment changes and your needs evolve. Start out small and quickly expand your deployment, leveraging the power of USM Appliance from Day One.

Immediate Scalability. No Forklift Upgrades.

Our USM Appliance All-in-One products combine our Sensor, Logger, and Server. You can quickly expand these installations to become USM Appliance Standard or USM Appliance Enterprise products, where dedicated systems perform these functions. Additionally, a USM Appliance Federation Server is available to provide a centralized view of your data in a distributed environment.

The following deployment and configuration information will help you find the right USM product for you.