Get Complete Network Security Visibility, Quickly & Easily

Network security monitoring software you can
deploy in less than one hour

View 3-minute demo video

AlienVault Unified Security Management™ (USM) is an all-in-one platform for complete network security monitoring and threat detection. You can deploy USM in less than one hour and get actionable insights within minutes of installation.

Download a Free Trial

  • Know what’s connected to your network
  • Identify vulnerable systems and how to remediate
  • Detect threats and activity with known malicious hosts
  • Baseline network behavior and spot suspicious activity
  • Investigate incidents with automatically correlated data
  • Determine what to do next with step-by-step guidance
66%
of data breaches take months
or more to discover
71%
of attacks specifically target
user devices

AlienVault Unified Security Management

Complete security visibility and threat intelligence in a single pane of glass

Get all of the essential security capabilities you need in one Unified Security Management™ platform, coordinated to work together “out of the box.” It’s the fastest, easiest way to get a complete picture of your network’s security status, with actionable threat intelligence to respond to threats and vulnerabilities quickly.

5 Essential Security Capabilities – All in One Console

Asset Discovery

Know what’s connected to your network.
  • Active network scanning
  • Passive network monitoring
  • Asset inventory
  • Host-based Software Inventory (optional)

Asset Discovery

Vulnerability Assessment

Find, verify, and remediate vulnerabilities.
  • Network vulnerability testing
  • Continuous vulnerability monitoring

Vulnerability Assessment

Threat Detection

Catch threats anywhere within your network.
  • Network IDS
  • Host IDS
  • Wireless IDS
  • File integrity monitoring

Threat Detection

Behavioral Monitoring

Baseline “normal behavior” and spot suspicious activity.
  • Log Collection
  • Netflow analysis
  • Service availability monitoring
  • Full packet capture

Behavioral Monitoring

Security Intelligence

Automate event correlation and get full threat context.
  • SIEM Correlation
  • Incident response guidance
  • Reporting and alarms

Security Intelligence

Asset Discovery

Discover, inventory, and start monitoring your network in minutes

 In order to secure your network, first you need to know what you have to protect. You need a simple, reliable way to know what’s connected to your network and the information required to make sense of the activities occurring on, and from, your assets suspected to be compromised.

AlienVault USM provides built-in asset discovery to:
  • Determine what’s on your network at any given time
  • Know when new servers and endpoints are attached
  • Be certain of how your devices are configured
  • Correlate asset info with threat and vulnerability data
  • Accelerate investigations of impacted assets

With USM, you get three core discovery and inventory technologies for full visibility into the devices that show up on your network.

Passive Network Monitoring

USM can identify hosts on the network and their installed software packages by passively monitoring and inspecting the traffic. Information collected includes:

  • IP and hardware MAC address pairings, used for inventorying
  • and to detect MAC spoofing
  • IP header analysis to identify operating systems and running software packages
  •  TCP/IP traffic analysis for OS fingerprinting and basic network topography

Active Network Scanning

USM can also gently probe the network to coax responses from devices. These responses provide clues that help identify the device, the OS, running services, and the software installed on it. It can often identify the software vendor and version without having to send any credentials to the host.

Host-Based Software Inventory

An optional, lightweight, host-based agent provides an additional, more granular level of visibility. By enumerating all the software installed on the machine, the agent greatly extends, deepens, and enhances your understanding of the devices on your network, resulting in a much more dynamic and accurate inventory.

Vulnerability Assessment

Find, verify, prioritize, and fix your network security risk quickly

The more you remove known vulnerabilities the more work attackers have to expend to successfully breach it. Save time improving your security posture by having AlienVault USM kick off scans, report, and contain all the information you need to assess and remediate vulnerabilities quickly.

AlienVault USM provides built-in vulnerability assessment to:
  • Correlate asset info with vulnerabilities and threats
  • Prioritize vulnerabilities based on risk severity
  • Conduct false-positive analysis
  • See vulnerability info and how to remediate it
  • Keep your scans up to date on new vulnerabilities

With USM, you get a fast, effective way to expose your network’s vulnerabilities now and the means for continuously identifying insecure configurations, along with unpatched and unsupported software over time. You can mix and match the following features as needed.

Active Network Scanning

Actively probes hosts using carefully crafted network traffic to illicit a response. This can be viewed as "poking" for suspected vulnerabilities in IT assets.

Continuous Vulnerability Monitoring

Also known as passive vulnerability detection, USM correlates the data gathered by its asset discovery scans with known vulnerability information for improved accuracy. This provides valuable vulnerability information while minimizing network noise and system impact.

Unauthenticated Scanning

Conducts scans without requiring host credentials. This scan probes hosts with targeted traffic and analyzes the subsequent response to determine the configuration of the remote system and any vulnerabilities in installed OS and application software.

Authenticated Scanning

Conducts scanning on an authenticated basis. This entails access to the target host’s file system, to be able to perform more accurate and comprehensive vulnerability detection by inspecting the installed software and its configuration

Threat Detection

Catch threats anywhere within your network

 Attacks aren’t all or nothing – they happen in multiple steps, so you want to detect them early and stop attackers in their tracks. Catching and responding to threats early requires that you gather a variety of threat vectors to know who, what, where, when and how of attacks.

AlienVault USM provides built-in threat detection to:
  • Provide network, host-based, and wireless IDS
  • Correlate threat data with vulnerability and asset info
  • Determine and investigate impacted systems
  • Detect network activity with known malicious hosts
  • Catch new threats with continuous threat intelligence

With USM, you get intrusion detection combined with asset discovery, vulnerability data, behavioral monitoring, and event correlation to get the complete view you need to effectively monitor the security of your network. Combining these different views, allows you to cut through the noise and see the information that really matters.

Network Intrusion Detection (IDS)

Built-in intrusion detection software including Snort and Suricata provides signature-based anomaly detection, and protocol analysis technologies. This enables you to identify the latest attacks, malware infections, system compromise, policy violations, and other exposures.

Host-based Intrusion Detection (HIDS) and File Integrity Monitoring (FIM)

Built-in host-based intrusion detection software analyzes system behavior and configuration status to track user access and activity as well as identify potential security exposures such as:

  • System compromise
  • Modification of critical configuration files (e.g. registry settings, /etc/passwd)
  • Common rootkits
  • Rogue processes

Wireless Intrusion Detection (WIDS)

Built-in wireless intrusion detection software identifies rogue network access points, unauthorized login attempts, encryption-level in use, and other anomalous behavior that may be found on your wireless networks.

“With AlienVault, we’ve increased security visibility at a reduced cost.”

IT Professional,
Medium Enterprise Computer Software Company

“The solution has been a wonderful addition to our other tool-sets (Nessus, nCircle and Checkpoint solutions). We have great visibility into our environment, and the reporting is excellent.”

Chief Security Officer,
Law Firm

“We needed the ability to know if/when a possible/probable security violation occurs vs. constant monitoring by an individual. AlienVault fulfills this need.”

IT Professional,
Medium Enterprise Security Products & Services Company

“AlienVault allows us to get a quick picture of everything going on in our environment… it would be hard for me to name a better product for security operations.”

Security Officer,
Community College

Behavioral Monitoring

Baseline network behavior and spot suspicious activity

In order to catch the latest threats, you need a way to identify anomalies and other patterns that may signal new, unknown behavior. Behavioral monitoring enables you to spot and investigate suspicious network activity, as well as provides the traffic data required to reveal the events that occurred in a potential security breach.

AlienVault USM provides built-in behavioral monitoring to:
  • Identify protocols and baseline “normal behavior”
  • Spot anomalies, policy violations, and suspicious activity
  • Monitor system services and detect unexpected outages
  • Conduct full protocol analysis on network traffic

With AlienVault USM, you get multi-layered network security monitoring to detect known threats, catch network activity with known malicious hosts, and spot suspicious activity that could signal a new, unknown threat.

Service and Infrastructure Monitoring

Provides continuous monitoring of services run by particular systems. On a periodic basis, or on demand, the device is probed to confirm that the service is still running and available. This lightweight, continuous monitoring will detect unexpected service outages throughout your critical infrastructure.

Network Flow Analysis

Performs network behavior analysis without needing the storage capacity required for full packet capture. Network flow analysis provides the high-level trends related to what protocols are used, which hosts use the protocol, and the bandwidth usage. This information can then be accessed in the same interface as the asset inventory and alarm data to simplify incident response.

Network Protocol Analysis / Full Packet Capture

Allows security analysts to perform full protocol analysis on network traffic enabling a full replay of the events that occurred during a potential breach. This level of network monitoring can be used to pinpoint the exploit method used or to determine what specific data was exfiltrated.

Security Intelligence

Automate correlation, get threat context, and know what to do next

During security incidents and investigations, you need to get to “whodunit” as quickly as possible. This can be complicated when mountains of security-relevant data are continuously being produced. By automating the correlation of real-time events you can gather all of the puzzle pieces in a single view.

AlienVault USM provides built-in security intelligence to:
  • Offer 1,600 correlation directives out of the box
  • Cross-correlate asset, threat, and vulnerability data
  • Calculate security risk and prioritize investigation
  • Use a single pane of glass for investigations
  • Determine appropriate response for every alarm

With USM, you get the complete picture for every incident and built-in guidance provided by the AlienVault Labs security research team. When you’re network is under attack you’ll have all the security-related information you need in one place to see what happened and what to do about it.

Security Intelligence in Action (an example):

  • A port scan is detected by your firewall and an alarm is generated in the USM console.
  • In the USM console, the source address of the scan is correlated with the destination address of an SSH session from an internal host. A lookup in USM’s asset inventory automatically identifies the risk profile of the internal host and determines that the host is critical to business operations. This identifies it as a critical security incident.
  • From within the USM console, the compromised host is scanned for other vulnerabilities and it is found to be missing a critical security patch.
  • A ticket is generated within the USM console to patch the compromised host. The compromised host is patched and returned to service.
  • A complete forensic analysis for the past 30 days is run for the compromised host from the USM console to determine if additional corrective action is required.
  • The incident is automatically reported to the AlienVault Open Threat Exchange which is monitored by AlienVault Labs so that it can be synthesized and reported to other AlienVault installations. The entire community is then aware and protected from a similar exploit. Note: this step is optional, as you must opt-in to join the Open Threat Exchange.

Cross-Correlation in Action

For IDS-generated events, which by themselves can be quite noisy, USM does a lookup from the console to see what vulnerabilities that attack needs for the exploit to be successful. Then USM does an asset lookup to see if the asset is actually vulnerable and to determine the risk profile of the asset. All of this data is then correlated so that you are able to focus in on the information that really matters most.

Incident Response Guidance in Action

An alert might identify that a host on your internal network is attempting to connect to a malicious external host. The dynamic incident response guidance would include details about:
  • The internal host such as owner, network segment, and software that is installed
  • The network protocol in use and specific risks associated with it
  • The external host and what exploits it has executed in the past
  • The importance of identifying potential C&C (command and control) traffic
  • Specific actions to take for further investigation and threat containment – and why you should take them
84%

of organizations who are breached have evidence of the breach in their log files... but many attacks still go undetected.
Don't be a statistic.

Source: Verizon Data Breach Report, 2013

Free Trial Demo Get Price ChatNeed help?