Regularly Scheduled Auto-scanning
Create scans that run daily, weekly, or monthly during your off-peak hours. Automated scanning ensures continuous visibility of your vulnerabilities as your IT landscape changes.
Authenticated scans perform vulnerability assessment by using host credentials to probe your assets deeply, looking for vulnerable software packages, local processes, and services running on the system.
Cloud Infrastructure Scanning
AlienVault USM uses purpose-built cloud sensors to interface directly with cloud providers to automatically perform network vulnerability assessments of your AWS and Azure environments, including assets, security groups, and configurations.
Before explaining how this integration works, it’s important to understand how the AlienVault Labs Security Research Team develops its threat intelligence updates. Through a combination of proprietary research, collaboration with other security research institutions, and insights from the community-driven threat data within the AlienVault Open Threat Exchange (OTX), AlienVault collects tens of millions of threat indicators every day, including malicious IP addresses and URLs, domain names, malware samples, and suspicious files. AlienVault aggregates data from a wide range of sources, including:
Next, we have set up automated systems and processes which leverage machine learning to assess the validity and severity of each of these threat indicators collected in OTX, including:
Even though we have a whole chapter dedicated to Threat Intelligence, we still feel compelled to emphasize how essential dynamic threat intelligence is to the value of your SIEM, and the overall functioning of your SOC. Without threat intelligence, your SIEM would have no alarms, and no interesting reports to review. While it would be nice to have no alarms to respond to (because that means nothing is wrong or you’re on vacation), it basically means that there’s no correlation or analysis being done on your raw event log data. Or, you may have some sample or DIY correlation rules as a starting point, but you’re no longer looking for the latest threats because your threat intelligence hasn’t been updated since the LoveBug virus.
The point is…threats are constantly evolving, cyber attackers are constantly upping their game, and so too must your SOC. As new indicators and countermeasures are being discovered, collected, shared, analyzed and implemented, the more difficult we will all make it for the bad guys. That’s why AlienVault built the platform (AlienVault USM), the community (OTX), and the threat intelligence (AlienVault Labs Security Research Team) to create a SOC for all teams to implement—no matter the size.