Cloud-based Intrusion Detection System (IDS) | AlienVault

Cloud‑based Intrusion Detection System (IDS)

Detect the Latest Threats to Your Cloud Environments

Career Builder
IPG Mediabrands
Dole Foods
Pappas Restaurants
U.S. Air Force
Indiana State University
Save Mart Supermarkets
High Plains Bank
Epsilon Systems Solutions
Pepco Holdings Inc
Lifespan Bioscience
Arcos Dorados Holdings
Bluegrass Cellular
Bank of Ireland
Hays Medical Center
National Film Board of Canada
Richland Washington School District
Delta Sonic
Shake Shack
Miami Parking Authority
Brookfield Zoo
Southwest Bank
Hawaiian Telcom
City of Fargo
Rainforest Alliance
Crawford Insurance
Pittsburgh Technical College
Apple Bank
Horizon Health Services
BAE Systems
Food Services


Explore USM Anywhere with Our Online Demo!

Get Intrusion Detection for Cloud and On‑Premises with USM Anywhere

A cloud-based intrusion detection system (IDS) is essential for companies migrating workloads and services to public cloud infrastructure like Amazon Web Services and Microsoft Azure.

That’s because cloud environments pose a unique security challenge: While you must monitor for threats and intrusions in the cloud as you do your on‑premises infrastructure, traditional intrusion detection systems (IDS) can’t give you full visibility into your cloud environments. Yet, having to purchase and manage a point security solution just for cloud-based intrusion detection can consume time, budget, and resources you can’t afford to spare.

That’s why AlienVault® USM Anywhere™ includes native cloud IDS capabilities as part of its unified security essentials. With USM Anywhere, you can deploy one platform for intrusion detection, asset discovery, vulnerability assessment, SIEM, log management, and behavioral monitoring for all your cloud and on‑premises infrastructure.

By combining these essential security capabilities for cloud and on‑premises onto a single platform, USM Anywhere saves you significant time and money compared to deploying traditional security solutions, and it’s easy to use.

In addition, USM Anywhere receives threat intelligence updates continuously from the AlienVault Labs Security Research Team, including correlation rules, IDS signatures, and more. This means that you can always detect the latest threats without having to spend time researching or updating your correlation rules.

Deploy One Unified Solution for Your Security and Compliance Needs

  • Network IDS, Host-based IDS, and Cloud-based IDS
  • Asset Discovery and Vulnerability Assessment
  • Behavioral Monitoring
  • SIEM and Log Management

Detect Threats to Your Critical Infrastructure—No Matter Where It Is

  • Natively monitor your AWS and Azure clouds and on‑premises physical and virtual (VMware, Hyper-V) environments
  • Detect threats to cloud applications like Microsoft Office 365 and Google G Suite
  • Protect your legacy investments by collecting and correlating events from your existing IDS / IPS

Respond to Threats Faster with Automated Incident Response

  • Reduce Time to Detection (TTD) and Time to Response (TTR) with automation
  • Push incident response actions to third-party security tools like Palo Alto Networks and Cisco Umbrella

Let Our Security Research Team Do the Heavy Lifting for You

  • Receive curated updates from the AlienVault Labs Security Research Team—built directly into your USM Anywhere deployment
  • Stay up-to-date and ready to detect the latest threats to your cloud and on‑premises environments
Reviews of AlienVault Unified Security Management™ on  Software Reviews on TrustRadius

Deploy One Unified Solution for Your Security and Compliance Needs

With USM Anywhere’s native cloud-based intrusion detection system (IDS), you can detect threats to your cloud infrastructure from the same console as the rest of your security monitoring needs. By reducing the number of solutions you need to manage, you can free up time and resources for other critical priorities.

Unlike other cloud security solutions, USM Anywhere provides cloud IDS as part of a unified platform that delivers multiple essential security and compliance monitoring capabilities in one cost-effective package:

Asset Discovery

Easily create an inventory of the critical assets you need to monitor across all your environments.

Vulnerability Assessment

Schedule automated internal vulnerability scans to identify and patch vulnerabilities before they’re exploited.

Intrusion Detection

USM Anywhere delivers cloud-based IDS, network-based IDS, and host-based IDS to detect threats across the breadth of your infrastructure.

Behavioral Monitoring

Identify patterns of anomalous or suspicious user activity and traffic that can affect your organization’s security posture.

SIEM and Log Management

Analyze, search, and store event log data to detect threats and anomalies and to prepare for compliance readiness.

By unifying these capabilities in one easy-to-use solution, USM Anywhere helps you conserve time and resources without sacrificing your organization’s security.

Built with resource-constrained teams in mind, USM Anywhere also ensures that your security plan stays up-to-date—without requiring you to devote time to researching emerging threats. Instead, the AlienVault Labs Security Research Team continuously builds threat intelligence updates into your USM deployment so you’re always ready to detect the latest threats.

Detect Threats to Your Critical Infrastructure—No Matter Where It Is

Traditional security monitoring solutions built for on-premises infrastructure have a major blind spot when it comes to the cloud, and attackers know it. Cloud service providers secure the underlying cloud infrastructure, but not any services or applications you deploy in the cloud. Without cloud threat monitoring tools, your organization may be vulnerable to cloud attacks.

USM Anywhere simplifies threat detection by delivering the IDS capabilities you need to detect threats both in the cloud and on-premises, from a single solution.

With USM Anywhere’s purpose-built cloud IDS capabilities, you can count on full security visibility of your cloud environments. Our native cloud sensors are purpose-built for AWS and Azure, and hook directly into the cloud APIs to detect malware, attacks, and other threats that may affect your AWS and Azure environments.

From the same unified solution, you can detect threats to your organization’s cloud IT applications, including Microsoft Office 365 and Google G Suite.

For on-premises threat detection, USM Anywhere delivers both network and host-based intrusion detection (NIDS and HIDS). Network intrusion detection uses signature-based anomaly detection and protocol analysis technologies to detect threats at the network level. With NIDS, you can catch the latest attacks, policy violations, and other exposures affecting your on-premises systems and devices.

Host-based intrusion detection (HIDS) gives you security visibility at the application layer, including file integrity monitoring (FIM). With HIDS, you can track user access and activity to detect security exposures such as changes to configuration files.

Respond to Threats Faster with Automated Incident Response

Built with resource-constrained teams in mind, USM Anywhere provides the capabilities you need for faster, more efficient incident detection and response.

USM Anywhere integrates built-in intrusion detection with security orchestration capabilities, enabling you to respond quickly to threats affecting your cloud and on-premises environments. Alarms are prioritized automatically to help you identify on the most urgent threats to work on first, and you can also receive notifications via email or Amazon SNS.

USM Anywhere enables you to respond to threats swiftly and effectively. For example, you can define an action that disables networking on a machine if ransomware is detected, preventing the attack from propagating while you investigate.

You can also execute response actions towards third-party security tools like Cisco Umbrella and Palo Alto Networks next-generation firewalls directly from USM Anywhere. That’s because USM Anywhere delivers pre-built integrations known as AlienApps™ that connect with other essential security and IT products. AlienApps enable you to orchestrate your threat detection and incident response activities across your IT ecosystem—all from a single pane of glass.

alienvault labs

Actionable Threat Intelligence Delivered Directly to You

Most teams don’t have unlimited resources to research the latest threats in the wild. That’s why the AlienVault Labs Security Research Team works on your behalf to scour the global threat landscape for emerging latest attack methods, bad actors, and vulnerabilities that could impact your security. This team analyzes hundreds of thousands of threat indicators daily and delivers continuous threat intelligence updates automatically to your USM environment, in the form of actionable IDS signatures, correlation rules, remediation guidance, and more. With this integrated threat intelligence subscription, you always have the most up-to-date threat intelligence as you monitor your environment for emerging threat.

To provide deeper and wider insight into attack trends and bad actors, the AlienVault Labs Security Research Team leverages the power of the Open Threat Exchange® (OTX™)—the world’s first truly open threat intelligence community. This community of security researchers and IT professionals collaborate and share millions of threat artifacts as they emerge “in the wild,” so you get global insight into attack trends and bad actors that could impact your operations.

Learn More About Threat Intelligence ›

SC Media 5-Star
CRN Security 100 2017
CRN Cloud PPG 2017
SC Magazine Awards 2017 Europe Winner
Forbes Cloud 100 2017
Deloitte Fast 500
Cybersecurity Excellence Awards Winner 2017
Watch a Demo ›