Network Behavior Analysis & Anomaly Detection | AlienVault

Behavioral Monitoring Software

Understand Your Network & Identify Intruders

ALIENVAULT IS TRUSTED BY 7,000+ CUSTOMERS:
Career Builder, IPG Mediabrands, Dole Foods, Pappas Restaurants, U.S. Air Force, Indiana State University
THSB, Ziosk, Save Mart Supermarkets, High Plains Bank, Epsilon Systems Solutions, Pepco Holdings Inc
Lifespan Bioscience, Arcos Dorados Holdings, Bluegrass Cellular, Bank of Ireland, Hays Medical Center, Taylor-Morrison
National Film Board of Canada, Richland Washington School District, PWC, Delta Sonic, Shake Shack, Miami Parking Authority
Brookfield Zoo, Southwest Bank, Hawaiian Telcom, City of Fargo, Rainforest Alliance, HSB
Crawford Insurance, FoleyCAT, Pittsburgh Technical College, YMCA, Payoff, Crosskey Bank
Horizon Health Services, BAE Systems, Dominos, Food Services, GameStop, OshKosh
Food Services, GameStop, OshKosh, Steelcase, Tinder, Cambridge University

TAKE A TEST DRIVE NOW:

Explore USM Anywhere with Our Online Demo!

Get a Full Picture of System, Service, and Network Anomalies

Preventative security measures are often unsuccessful, with new polymorphic malware, and zero day exploits. Therefore it’s important to be on the watch for intruders. Context is critical when evaluating system and network behavior. For example, an abundance of Skype traffic in the network used by your inside sales team is probably a normal part of operations. However, if the database server that houses your customer list suddenly shows a burst of Skype traffic something is likely wrong.

As soon as AlienVault® USM Appliance™ is installed, the behavioral monitoring functionality starts gathering data to help you understand “normal” system and network activity. Using the built-in network behavior monitoring you can simplify the incident response when investigating an operational issue or potential security incident. And because USM Appliance combines network behavioral analysis with service availability monitoring, you'll have a full picture of system, service, and network anomalies.

Network Behavioral Analysis

When it comes to identifying threats in your environment, the best approach is a multi-layered one. Intrusion detection systems (network and host IDS) identify known threats, and network behavior analysis can help you identify anomalies and other patterns that signal new, and unknown threats.

With USM Appliance™, you can achieve complete and multi-layered security. USM Appliance provides the fusion of essential security capabilities required for reliable intrusion detection - fueling your incident response program and helping you meet various compliance requirements. By using a single unified console, the security analyst can break down security silos for a more seamless workflow.

Specifically, the behavioral monitoring capabilities built into USM Appliance provide this core functionality with the following techniques:

Service & Infrastructure Monitoring

provides continuous monitoring of services run by particular systems. On a periodic basis, or on demand, the device is probed to confirm that the service is still running and available. This lightweight, continuous monitoring will detect unexpected service outages throughout your critical infrastructure.

NetFlow Analysis

performs network behavior analysis without needing the storage capacity required for full packet capture. NetFlow analysis provides the high-level trends related to what protocols are used, which hosts use the protocol, and the bandwidth usage. This information can then be accessed in the same interface as the asset inventory and alarm data to simplify incident response. With USM Appliance, you can generate alarms and get alerted when your netflow goes above or below certain thresholds.

Network Protocol Analysis / Packet Capture

allows security analysts to perform full protocol analysis on network traffic enabling a full replay of the events that occurred during a potential breach. This level of network monitoring can be used to pinpoint the exploit method used or to determine what specific data was exfiltrated.

Watch a Demo ›
GET PRICE FREE TRIAL CHAT