AlienVault Unified Security Management (USM) gives you complete network security monitoring in a single pane of glass.
Effective network security monitoring requires you to collect, analyze, and correlate security data from across your network to identify threats and intrusions. Alone, intrusion detection systems (IDS) are not enough. To fully monitor and protect your network, you need a unified view of—
Traditionally, orchestrating this information within network security monitoring software has been complex, expensive, and out of reach for most organizations. AlienVault® Unified Security Management™ (USM™) breaks through this complexity and expense by bringing together five essential security capabilities on an all-in-one platform that’s cost effective and easy to use.
In addition, continuous threat intelligence updates from AlienVault Labs are delivered to USM, backed by the AlienVault Open Threat Exchange™ (OTX™) — the world’s first open threat intelligence community.
AlienVault USM delivers essential network security monitoring tools in a single pane of glass, enabling you to—
Know Your Assets & Vulnerabilities
Detect Threats & Intrusions Faster
Monitor Network Behavior for Suspicious Activity
Analyze Security Incidents with SIEM
Leverage AlienVault Labs™ Threat Intelligence
For effective network security monitoring, you need to see what devices are connected to your network and how the vulnerabilities on those assets expose you to threats and intrusions.
Because USM uniquely combines asset discovery and inventory, vulnerability assessment, intrusion detection data and threat intelligence all within a single pane of glass, you can know (within in minutes of installation)–
Knowing which vulnerabilities are actively being exploited in the wild helps you to better plan and prioritize your remediation activities.
Asset Discovery & Inventory
Attacks do not usually happen in one swift blow. Rather, they unfold in multiple steps. The earlier you detect attacks, the better chance you have at intervening to prevent a data breach or other harm.
USM enables early intrusion detection and response with built-in NIDS and HIDS. These tools monitor your traffic and hosts, looking for anomalous behaviors and known attack patterns. The built-in SIEM capability in USM automatically correlates IDS data with other security information to give you complete visibility of your security posture.
In addition, AlienVault Labs delivers the latest IDS attack signatures and correlation directives directly to your USM environment, so that you always have the most up-to-date threat intelligence as you monitor your environment for intrusions and other threats.
Network Intrusion Detection System (NIDS)
Host-based Intrusion Detection System (HIDS)
To catch the latest threats, you must be able to keep a pulse on your network traffic to identify any anomalies and other unknown patterns of behavior. Behavioral monitoring enables you to spot and investigate suspicious network traffic and activities that fall outside of your baseline or “normal” operations.
AlienVault USM provides built-in behavioral monitoring capabilities to:
With AlienVault USM, you can use multi-layered behavioral monitoring techniques to detect anomalous and suspicious activity that could signal an emerging threat or intrusion in your network environment.
Network Flow Analysis
Service and Infrastructure Monitoring
Network Protocol Analysis / Packet Capture
The goal of network security monitoring is to detect and respond to threats as early as possible to prevent data loss or disruption to your operations. However, this can be complicated when mountains of security-related events and log data are continuously produced by multiple disparate security tools.
USM has powerful SIEM and centralized logging capabilities built in so you can aggregate and make sense of security data generated across your network. Going beyond traditional SIEM products, USM natively combines five essential security capabilities so that when an incident happens, you have immediate 360° visibility of the actors, targeted assets and their vulnerabilities, methods of attack, and more.
USM ships with over 3,000 pre-defined SIEM correlation rules. As threats evolve, threat intelligence is continuously updated by AlienVault Labs and delivered directly to USM, so you can launch faster and start detecting threats in your environment on day one.
Incident Response Guidance
To successfully monitor your network environment for security threats and intrusions, you need always-up-to-date security intelligence. Without a dedicated in-house team of security analysts, this can be a challenge.
That’s why AlienVault Labs spends countless hours analyzing the current threat landscape and mapping out the different types of attacks, the latest threats, suspicious behavior, vulnerabilities and exploits they uncover.
AlienVault Labs continuously publishes intelligence updates to USM in the form of correlation directives, IDS signatures, vulnerability audits, asset discovery signatures, IP reputation data, report templates, data source plugins, and more.
The AlienVault Labs team leverages security intelligence from OTX, the world’s largest crowd-sourced repository of threat data, so you get global insight into attack trends and bad actors that may impact your network.
Correlation Directive Updates Delivered
AlienVault researches, writes, and continuously delivers the latest correlation directives to USM, saving you significant time and effort, so you can focus on responding to incidents and protecting your data.
Integrated Community-Driven OTX Pulse Subscriptions