Intrusion Detection System (IDS) Software | AlienVault

Intrusion Detection System (IDS)

With powerful intrusion detection system capabilities and integrated threat intelligence, AlienVault Unified Security Management (USM) accelerates threat detection in the cloud and on-premises – all in a single easy-to-use platform that deploys in minutes.

Watch a 90-Second Demo

Accelerate Threat Detection with
Intrusion Detection Systems

AlienVault® Unified Security Management™ (USM™) delivers built-in intrusion detection systems for your critical IT infrastructure, enabling you to detect threats as they emerge in the cloud and on premises. With AlienVault USM, you can also collect and correlate events from your existing IDS/IPS into a single console for complete security visibility while protecting your investments.

USM provides comprehensive intrusion detection as part of an all-in-one unified security management console. It includes built-in host intrusion detection (HIDS), network intrusion detection (NIDS), as well as AWS IDS and Azure IDS for your public cloud environments.

To ensure that you are always equipped to detect the latest emerging threats, AlienVault Labs Security Research Team delivers continuous threat intelligence updates directly to USM. This threat data is backed by the AlienVault Open Threat Exchange™ (OTX™)—the world’s first open threat intelligence community.

Intrusion Detection Systems for Any Environment

  • Intrusion Detection for AWS & Azure Clouds
  • Network Intrusion Detection System (NIDS)
  • Host Intrusion Detection System (HIDS) and File Integrity Monitoring (FIM)

Quickly View Threats in the Dashboard

  • Use the Kill Chain Taxonomy to quickly assess threat intent and strategy
  • Automatic notifications and noise reduction help you to work more efficiently

Powerful Analytics Uncover Threat and Vulnerability Details – All in One Console

  • Search and analyze events and event details in highly granular, flexible ways
  • Identify assets and vulnerabilities in a consolidated view

Integrated Threat Intelligence from AlienVault Labs

  • Continuous threat intelligence delivered, so you can focus on responding to threats faster
  • Powered by the Open Threat Exchange (OTX)
Reviews of AlienVault Unified Security Management™ on  Software Reviews on TrustRadius

Intrusion Detection Systems for Any Environment

Intrusion Detection in the Cloud

While traditional IDS software is not optimized for public cloud environments, intrusion detection remains an essential part of your cloud security monitoring. That’s why USM Anywhere provides native intrusion detection system (IDS) capabilities in AWS and Azure cloud environments. Purpose-built cloud sensors in USM Anywhere leverage the control plane management tools in AWS and Azure, giving you full visibility into every operation that happens in your cloud “data center.”

Network Intrusion Detection System (NIDS)

On premises, use the built-in network intrusion detection system (NIDS) to catch threats targeting your vulnerable systems with signature-based anomaly detection and protocol analysis technologies. NIDS sensors collect data from multiple on-premises applications, systems, and devices to identify the latest attacks, malware infections, system compromise techniques, policy violations, and other exposures.

Host-based Intrusion Detection System (HIDS) and File Integrity Monitoring (FIM)

Host Intrusion Detection Systems (HIDS) enable you to analyze system behavior and configuration status to track user access and activity. With built-in HIDS in USM, you can detect potential security exposures such as system compromise and changes to critical configuration files (e.g. registry settings, /etc/passwd), common rootkits, and rogue processes.

Benefits of Host Intrusion Detection include:

  • Simple installation of HIDS sensors
  • The ability to log verbose application activity, providing security visibility at the application layer
  • The ability to run file and Windows registry integrity scans to spot any tampering with sensitive and essential files
  • Rootkit detection and other malware installation detection on your servers and workstations

Quickly View Threats in the Dashboard

USM uses the Kill Chain Taxonomy to highlight the most important threats facing your environment and the anomalies you should investigate. You can easily see the types of threats directed against your critical infrastructure and when known bad actors have triggered an alarm.

Attack Intent & Strategy

The Kill Chain Taxonomy breaks out threats into five categories, allowing you to understand the intent of the attacks and how they’re interacting with your cloud environment, on-premises network, and assets:

  • System Compromise – Behavior indicating a compromised system.
  • Exploitation & Installation – Behavior indicating a successful exploit of a vulnerability or backdoor/RAT being installed on a system.
  • Delivery & Attack – Behavior indicating an attempted delivery of an exploit.
  • Reconnaissance & Probing – Behavior indicating an actor attempt to discover information about your network.
  • Environmental Awareness – Behavior indicating policy violations, vulnerable software, or suspicious communications.

Complete Threat Evidence

See attack methods, related events, source and destination IP addresses, as well as remediation recommendations in a unified view, so you can investigate and respond to threats faster.

Reduced Noise

Correlating IDS/IPS data with multiple built-in security tools reduces false positives and increases accuracy of alarms.

Automatic Notifications

Set up email notifications to proactively inform you of critical alarms that may indicate a system compromise or attack.

Workflow Management

With USM Appliance™, you can easily create tickets from any alarm, delegate to users, or integrate with an external ticketing system to manage your response and remediation activities.

Powerful Analytics Uncover Threat and Vulnerability Details – All in One Console

Get to the bottom of who and what’s targeting your assets and what systems are vulnerable.

Search and Analyze Events

You have the flexibility to conduct your own analysis. For example, you may want to search for events that came from the same host as the offending traffic triggering an alarm.

  • Search events to identify activity and trends
  • Filters help you find more granular data
  • Sort by event name, IP address, and more
  • Examine raw log data related to alarm activity
  • Raw logs are digitally signed for evidentiary purposes

Check Assets and Vulnerabilities

Search the built-in asset inventory for assets involved with an alarm. Integrated vulnerability assessment scans indicate whether an attack is relevant by identifying vulnerable operating systems, applications and services and more – all consolidated into a single view.

  • See all reported alarms and events by asset
  • Modify your mitigation / remediation strategy based on presence of threats targeting vulnerable systems
  • Correlate reported vulnerabilities with malicious traffic

Examine Event Details

See the alarm, the individual event(s) that triggered the alarm, and the priority of the alarm.

You can click on any event to examine details such as:

  • Normalized event
  • SIEM information
  • Reputation of source and destination IP addresses
  • Knowledge base about the event
  • Forensics data about what triggered the event

Inspect Packet Captures

Use integrated packet capture functionality to capture interesting on-premises traffic for offline analysis. In USM Appliance, packets can be viewed in the web user interface, or you can download the capture as a PCAP file.

  • Set capture timeout
  • Select number of packets to capture
  • Choose source and destination IP addresses to capture

Integrated Threat Intelligence from AlienVault Labs Security Research Team

The AlienVault Labs Security Research Team constantly scours the global threat landscape to identify the latest attack methods, bad actors, and vulnerabilities that could impact your security. The team curates this data and delivers continuous threat intelligence updates directly to your USM environment, so you always have the most up-to-date threat intelligence as you monitor your environment for emerging threats.

Every day, AlienVault Labs collects millions of threat indicators, including data from the Open Threat Exchange (OTX), the world’s first truly open threat intelligence community. This community of security researchers and IT professionals share threat data as it emerges “in the wild,” so you get global insight into attack trends and bad actors that could impact your operations.

Continuous Threat Intelligence Delivered

In USM, security intelligence is continuously delivered in the form of coordinated rulesets. These include:

  • Network IDS signatures
  • Host-based IDS signatures
  • Asset discovery signatures
  • Vulnerability assessment signatures
  • Correlation rules
  • Reporting modules
  • Dynamic incident response templates
  • Newly supported & updated data source plug‐ins
Watch a Demo ›