Network Behavior Analysis & Anomaly Detection | AlienVault

Behavioral Monitoring Software

Understand Your Network & Identify Intruders

ALIENVAULT IS TRUSTED BY 7,000+ CUSTOMERS:
Career Builder
IPG Mediabrands
Dole Foods
Pappas Restaurants
Subaru
U.S. Air Force
Indiana State University
THSB
Ziosk
Save Mart Supermarkets
High Plains Bank
Epsilon Systems Solutions
Pepco Holdings Inc
Lifespan Bioscience
Arcos Dorados Holdings
Bluegrass Cellular
Bank of Ireland
Hays Medical Center
Taylor-Morrison
National Film Board of Canada
Richland Washington School District
PWC
Delta Sonic
Shake Shack
Miami Parking Authority
Subaru
Brookfield Zoo
Southwest Bank
Hawaiian Telcom
City of Fargo
Rainforest Alliance
HSB
Crawford Insurance
FoleyCAT
Pittsburgh Technical College
YMCA
Payoff
Crosskey Bank
Horizon Health Services
BAE Systems
Dominos
Food Services
GameStop
OshKosh
Steelcase
Tinder
Cambridge University

Explore the Total Economic Impact™ of AlienVault USM

Commissioned Study Conducted by

Get the Full Study ›

Get a Full Picture of System, Service, and Network Anomalies

Preventative security measures are often unsuccessful, with new polymorphic malware, and zero day exploits. Therefore it’s important to be on the watch for intruders. Context is critical when evaluating system and network behavior. For example, an abundance of Skype traffic in the network used by your inside sales team is probably a normal part of operations. However, if the database server that houses your customer list suddenly shows a burst of Skype traffic something is likely wrong.

As soon as AlienVault Unified Security Management™ (USM) is installed, the behavioral monitoring functionality starts gathering data to help you understand “normal” system and network activity. Using the built-in network behavior monitoring you can simplify the incident response when investigating an operational issue or potential security incident. And because AlienVault USM™ combines network behavioral analysis with service availability monitoring, you'll have a full picture of system, service, and network anomalies.

Reviews of AlienVault Unified Security Management™ on  Software Reviews on TrustRadius

Network Behavioral Analysis

When it comes to identifying threats in your environment, the best approach is a multi-layered one. Intrusion detection systems (network and host IDS) identify known threats, and network behavior analysis can help you identify anomalies and other patterns that signal new, and unknown threats.

With AlienVault’s USM platform, you can achieve complete and multi-layered security. AlienVault USM provides the fusion of essential security capabilities required for reliable intrusion detection - fueling your incident response program and helping you meet various compliance requirements. By using a single unified console, the security analyst can break down security silos for a more seamless workflow.

Specifically, the behavioral monitoring capabilities built into AlienVault USM provide this core functionality with the following techniques:

Service & Infrastructure Monitoring

provides continuous monitoring of services run by particular systems. On a periodic basis, or on demand, the device is probed to confirm that the service is still running and available. This lightweight, continuous monitoring will detect unexpected service outages throughout your critical infrastructure.

NetFlow Analysis

performs network behavior analysis without needing the storage capacity required for full packet capture. NetFlow analysis provides the high-level trends related to what protocols are used, which hosts use the protocol, and the bandwidth usage. This information can then be accessed in the same interface as the asset inventory and alarm data to simplify incident response. With USM Appliance, you can generate alarms and get alerted when your netflow goes above or below certain thresholds.

Network Protocol Analysis / Packet Capture

allows security analysts to perform full protocol analysis on network traffic enabling a full replay of the events that occurred during a potential breach. This level of network monitoring can be used to pinpoint the exploit method used or to determine what specific data was exfiltrated.

Watch a Demo ›
GET PRICE FREE TRIAL CHAT