Avoid Noise, Catch Threats, & Respond Quickly

Intrusion Detection System (IDS) Software

IDS best practices for deploying and managing intrusion detection system software.

Intrusion Detection Systems Built In

Catch Threats Anywhere Within Your Network

 When it comes to finding the threats in your environment, you need intrusion detection systems everywhere on your network. Today’s attacks can easily bypass gateway firewalls, and the single system on your DMZ isn’t enough to catch them. With AlienVault USM™, you can deploy intrusion detection anywhere and everywhere in your environment for complete, multi-layered security to catch threats wherever they exist within your network.

Host-based Intrusion Detection (HIDS) and File Integrity Monitoring (FIM)

Built-in host-based intrusion detection software analyzes system behavior and configuration status to track user access and activity as well as identify potential security exposures such as:

  • System compromise
  • Modification of critical configuration files (e.g. registry settings, /etc/passwd)
  • Common rootkits
  • Rogue processes

Network Intrusion Detection (NIDS)

Built-in software including Snort and Suricata provides signature-based anomaly detection, and protocol analysis technologies. This enables you to identify:

  • Latest attacks
  • Malware infections
  • System compromise
  • Policy violations
  • Other exposures

Global Threat Intelligence, Localized for You

Utilize Global Threat Intelligence Automatically

Attacks morph over time and new exploits are discovered every day. AlienVault Labs
does the heavy lifting for you, with a variety of collection and analysis techniques,
continually updating your USM installation continually with new signatures, rules,
reports, and plug ins.

Daily Malware Analysis

Using advanced sandboxing techniques to quarantine malware 
samples while we conduct static and dynamic analysis, we analyze over 500,000 unique malware samples every day. This analysis provides key insights into the latest attacker tools and techniques.

Honeypot Deployment and Analysis

Our global honeypots are essentially “virtual venus fly traps” set up to detect, capture, and analyze the latest attacker techniques and tools. Leveraging honeypots placed in high traffic networks, our threat intelligence subscribers are armed with the latest defensive strategies in the form of updated event correlation rules, IDS and vulnerability signatures, and more.

Attacker Profile Analysis

We’re constantly monitoring hacker forums and underground networks for in-depth profiling of the common traits of cyber criminals. This information gives us unparalleled access for understanding the “attack horizon” and has resulted in major discoveries such as the evolution of Sykipot, Red October, and other malware outbreaks.

Threat Intelligence Collaboration

We’ve been able to establish strong connections with state agencies around the world, academic researchers and other security vendors. These relationships enable us access to pre-published vulnerability and malware updates as well as enhanced verification of our own research.

8,000+ Collection points in more than 140 countries
500,000 Unique malware samples analyzed
every day

AlienVault Unified Security Management

Intrusion Detection Plus Other Essential Security Tools

Single-purpose IDS tools can only see the traffic on the networks they monitor. Additionally, stand alone IDS are notorious for false positives. AlienVault USM delivers a complete view into the security of your environment by combining intrusion detection software with automated asset discovery, vulnerability data, netflow analysis, event correlation and visibility to known malicious hosts. These security capabilities help reduce the "noise" that you can experience with IDS by correlating information from diverse sources to eliminate alarms that are not valid.

Faster Deployment Time

Go from install to insights in less than an hour with USM. All of the built-in security controls are pre-integrated and optimized to work together out of the box.

Low Administrative Overhead

Deploy and manage your IDS, HIDS, SIEM, and more from the same console.

Tuned Event Correlation

With the core data sources are already built-in, our 1600 event correlation rules are already "fine tuned" and optimized, right out of the box.

Full Packet Capture

Any packet that triggers an IDS signature is automatically captured and displayed with the IDS event. Session monitoring and full packet capture can then be invoked for more extensive forensic investigation.

Reduced False Positives

IDS are notorious for "false positives" where events seem to indicate an intrusion, but are actually harmless. AlienVault USM helps reduce false positives by cross-correlating multiple security tools, including asset inventory, IDS, vulnerability scanning, behavioral analysis and visibility to netflow data.

Full Threat Context

All you need to know about an incident is captured in each alarm, including asset information (such as OS, software, identity), vulnerability data, visibility to netflow data, raw log data, and more.

Actionable Alarms

AlienVault USM includes many security monitoring methods to gather information from a variety of threat vectors. Because you have access to asset information, you can get to root cause faster than ever.

Continually Updated Signatures and Rules

Receive continuous and coordinated updates to catch the latest threats.

Attack Alarms and Investigation

Investigate Root Cause Faster Than Ever

Instantly know the who, what, where, when and how of attacks – no matter where they originate.

Actionable Alarms

AlienVault USM includes several different security monitoring technologies to gather information on a variety of threat vectors. Because we provide you access to everything you need to know about an asset, you can get to root cause faster than ever.

Risk Prioritization

AlienVault Labs Threat Intelligence applies more than 1600 event correlation rules against the raw event log data we collect, as well as the events triggered by our built-in intrusion detection software. This enables rapid, accurate, and actionable guidance that interprets the severity of the exposure based on the full threat context.

Attack Categorization

Each alarm is categorized by the intent of the attacker for effective prioritization, so you know which events to focus on for deeper investigation and analysis.


In terms of remediation, AlienVault USM can notify people via email, open a ticket in the built-in ticketing system, or integrate with an external help desk / ticketing system. It can also be configured to execute a script to take automated and custom actions, based on your environment. USM's built-in software ticketing system creates trouble tickets from vulnerability scans and alarms. These tickets specify who owns the remediation, the status and descriptive information. The tickets also provide a historical record of issues handled, as well as the capability to transfer tickets, assign them to others and push work to other groups.

Step-by-Step Investigation Instructions

AlienVault Labs provides specific, contextual guidance on what to do when an alarm is triggered, so you can contain and investigate the incident quickly.

Augment Your Existing IDS

Integrate for Multi-Layered Threat Detection

The most insidious threats are those that infiltrate through your perimeter defenses, so extending your intrusion detection toolset throughout your network is essential.

Integrate with IDS Technologies

Already have an IDS on your gateway or DMZ? Simply forward your IDS and IPS event logs to our USM Sensor, and we'll correlate this data with our built-in IDS and other monitoring tools for full multi-layered threat detection.

Detect Sophisticated Threats

By deploying IDS throughout your network and installing HIDS on critical servers, you'll be able to catch sophisticated threats like "low and slow" attacks and other stealthy malicious activity that a single perimeter-based IDS on its own wouldn't catch.

Get Integrated Event Correlation

Benefit from our built-in IDS tools as well as our log analysis and event correlation engine. For example, USM's multi-layered threat detection and built-in SIEM event correlation will identify events such as:

  • Insider threats and other suspicious behavior
  • Privileged user activity - authorized and unauthorized
  • Policy violations such as use of unauthorized software or services
  • Data exfiltration attempts
Free Trial Demo Get Price ChatNeed help?