Continuous monitoring capabilities in AlienVault Unified Security Management™ (USM) allow you to detect and respond to threats no matter when they occur.
Continuous Information Security Monitoring to Combat Continuous Threats
As threats continue to evolve and increase in volume and frequency, you can no longer rely on static information security monitoring. Rather, you need continuous security monitoring that provides a comprehensive view of your IT environment.
Continuous Information Security Monitoring can assist in:
However, many enterprises lack the ability to leverage their existing IT security investments into a seamless process to obtain truly integrated continuous security monitoring.
AlienVault USM™ comes fully integrated with a suite of continuous information security monitoring capabilities:
Service & Infrastructure Monitoring
Continuous Vulnerability Monitoring
Always on Network Monitoring
Continuous monitoring for security doesn’t necessarily mean that you need to monitor all things at all times. Rather, it means that you need to know the status of key services across your infrastructure to determine the health of critical systems.
Before you can do this though, you first need to determine which systems are the most important to the business. Once you determine that, you need to establish what information security-related services or protocols you need to monitor on a continuous basis.
AlienVault USM provides built-in asset discovery to determine what’s on your network at any given time as well as built-in continuous monitoring of services run by critical systems. You can use active or passive network scanning to determine what is on your network. On a periodic basis, or on-demand, AlienVault USM probes the device to confirm that the service is still running and available.
Vulnerability management is an ongoing process, therefore by its very nature an essential part of any information security continuous monitoring initiative.
However, frequent vulnerability scanning can impact your production systems. Additionally, the output from the scans can generate extensive lists of vulnerabilities that you need to triage and prioritize.
AlienVault USM can address both of these concerns. Continuous vulnerability monitoring, also known as passive vulnerability detection, means AlienVault USM correlates the data gathered by its asset discovery scans with known vulnerability information. This provides continual vulnerability information without the overhead of network noise and system impact.
AlienVault USM also helps prioritize remediation with multiple technologies to complement vulnerability scanning such as Host and Network IDS (Intrusion Detection Systems), NetFlow and SIEM (Security Information and Event Management). This gives you visibility where a vulnerable asset is actually exposed to threats – allowing you to focus on the most important issues first.
Always on Network Monitoring
The IT landscape of today is very different from what it was several years ago. Traditional perimeter and endpoint monitoring alone is no longer sufficient, which is why it is important to continuously monitor the network in order to better understand what activity is occurring and uncovering threats before they materialize.
AlienVault USM’s Network Flow Analysis provides the high level trends related to what protocols are used, which hosts use the protocol and the bandwidth usage. This allows for continuous monitoring and gives you a picture of what is happening across your network at any given time.
In addition to this, Network Protocol Analysis and Packet Capture allows you to undertake detailed analysis of activities that transpired and fully replay events that led up to an incident. Always on – always monitoring.