|
|
|
Host-based Intrusion Detection (HIDS) and File Integrity Monitoring (FIM)Built-in host-based intrusion detection software analyzes system behavior and configuration status to track user access and activity as well as identify potential security exposures such as:
|
Network Intrusion Detection (NIDS)Built-in software including Snort and Suricata provides signature-based anomaly detection, and protocol analysis technologies. This enables you to identify:
|
Attacks morph over time and new exploits are discovered every day. AlienVault Labs
does the heavy lifting for you, with a variety of collection and analysis techniques,
continually updating your USM installation continually with new signatures, rules,
reports, and plug ins.
Daily Malware AnalysisUsing advanced sandboxing techniques to quarantine malware samples while we conduct static and dynamic analysis, we analyze over 500,000 unique malware samples every day. This analysis provides key insights into the latest attacker tools and techniques. Honeypot Deployment and AnalysisOur global honeypots are essentially “virtual venus fly traps” set up to detect, capture, and analyze the latest attacker techniques and tools. Leveraging honeypots placed in high traffic networks, our threat intelligence subscribers are armed with the latest defensive strategies in the form of updated event correlation rules, IDS and vulnerability signatures, and more. |
Attacker Profile AnalysisWe’re constantly monitoring hacker forums and underground networks for in-depth profiling of the common traits of cyber criminals. This information gives us unparalleled access for understanding the “attack horizon” and has resulted in major discoveries such as the evolution of Sykipot, Red October, and other malware outbreaks. |
Threat Intelligence CollaborationWe’ve been able to establish strong connections with state agencies around the world, academic researchers and other security vendors. These relationships enable us access to pre-published vulnerability and malware updates as well as enhanced verification of our own research. |
||
|
||||
|
||||
|
Single-purpose IDS tools can only see the traffic on the networks they monitor. Additionally, stand alone IDS are notorious for false positives. AlienVault USM delivers a complete view into the security of your environment by combining intrusion detection software with automated asset discovery, vulnerability data, netflow analysis, event correlation and visibility to known malicious hosts. These security capabilities help reduce the "noise" that you can experience with IDS by correlating information from diverse sources to eliminate alarms that are not valid. |
|
Faster Deployment TimeGo from install to insights in less than an hour with USM. All of the built-in security controls are pre-integrated and optimized to work together out of the box. Low Administrative OverheadDeploy and manage your IDS, HIDS, SIEM, and more from the same console. Tuned Event CorrelationWith the core data sources are already built-in, our 1600 event correlation rules are already "fine tuned" and optimized, right out of the box. Full Packet CaptureAny packet that triggers an IDS signature is automatically captured and displayed with the IDS event. Session monitoring and full packet capture can then be invoked for more extensive forensic investigation.
|
Reduced False PositivesIDS are notorious for "false positives" where events seem to indicate an intrusion, but are actually harmless. AlienVault USM helps reduce false positives by cross-correlating multiple security tools, including asset inventory, IDS, vulnerability scanning, behavioral analysis and visibility to netflow data. Full Threat ContextAll you need to know about an incident is captured in each alarm, including asset information (such as OS, software, identity), vulnerability data, visibility to netflow data, raw log data, and more. Actionable AlarmsAlienVault USM includes many security monitoring methods to gather information from a variety of threat vectors. Because you have access to asset information, you can get to root cause faster than ever. Continually Updated Signatures and RulesReceive continuous and coordinated updates to catch the latest threats. |
Attack Alarms and InvestigationInvestigate Root Cause Faster Than EverInstantly know the who, what, where, when and how of attacks – no matter where they originate. |
|
Actionable AlarmsAlienVault USM includes several different security monitoring technologies to gather information on a variety of threat vectors. Because we provide you access to everything you need to know about an asset, you can get to root cause faster than ever. Risk PrioritizationAlienVault Labs Threat Intelligence applies more than 1600 event correlation rules against the raw event log data we collect, as well as the events triggered by our built-in intrusion detection software. This enables rapid, accurate, and actionable guidance that interprets the severity of the exposure based on the full threat context. Attack CategorizationEach alarm is categorized by the intent of the attacker for effective prioritization, so you know which events to focus on for deeper investigation and analysis. |
TicketingIn terms of remediation, AlienVault USM can notify people via email, open a ticket in the built-in ticketing system, or integrate with an external help desk / ticketing system. It can also be configured to execute a script to take automated and custom actions, based on your environment. USM's built-in software ticketing system creates trouble tickets from vulnerability scans and alarms. These tickets specify who owns the remediation, the status and descriptive information. The tickets also provide a historical record of issues handled, as well as the capability to transfer tickets, assign them to others and push work to other groups. Step-by-Step Investigation InstructionsAlienVault Labs provides specific, contextual guidance on what to do when an alarm is triggered, so you can contain and investigate the incident quickly. |
Augment Your Existing IDSIntegrate for Multi-Layered Threat DetectionThe most insidious threats are those that infiltrate through your perimeter defenses, so extending your intrusion detection toolset throughout your network is essential. |
|
Integrate with IDS TechnologiesAlready have an IDS on your gateway or DMZ? Simply forward your IDS and IPS event logs to our USM Sensor, and we'll correlate this data with our built-in IDS and other monitoring tools for full multi-layered threat detection. Detect Sophisticated ThreatsBy deploying IDS throughout your network and installing HIDS on critical servers, you'll be able to catch sophisticated threats like "low and slow" attacks and other stealthy malicious activity that a single perimeter-based IDS on its own wouldn't catch. |
Get Integrated Event CorrelationBenefit from our built-in IDS tools as well as our log analysis and event correlation engine. For example, USM's multi-layered threat detection and built-in SIEM event correlation will identify events such as:
|
Like What You See? |
 |
|
| Get a Quote Watch a Demo |  1.855.425.4367sales@alienvault.com |
|
|
Patrick Bedwell Mar 6, 2015 |
Resources
When it comes to finding the threats in your environment, you need intrusion detection systems everywhere on your network. Today’s attacks can easily bypass gateway firewalls, and the single system on your DMZ isn’t enough to catch them. With AlienVault USM™, you can deploy intrusion detection anywhere and everywhere in your environment for complete, multi-layered security to catch threats wherever they exist within your network.
