AlienVault Unified Security Management™ (USM) is an all-in-one platform for complete network security monitoring and intrusion detection. You can deploy USM in less than one hour and get actionable insights within minutes of installation.
of data breaches take months
or more to discover
of attacks specifically target
|Source 2013 Data Breach Investigations Report by Verizon|
Get all of the essential security capabilities you need in one AlienVault Unified Security Management platform, coordinated to work together “out of the box.” It’s the fastest, easiest way to get a complete picture of your network’s security status, with actionable threat intelligence to respond to threats and vulnerabilities quickly.
5 Essential Security Capabilities – All in One Console
Asset DiscoveryKnow what’s connected to your network.
Vulnerability AssessmentFind, verify, and remediate vulnerabilities.
Intrusion DetectionCatch threats anywhere within your network.
Behavioral MonitoringBaseline “normal behavior” and spot suspicious activity.
SIEMAutomate event correlation and get full threat context.
In order to secure your network, first you need to know what you have to protect. You need a simple, reliable way to know what’s connected to your network and the information required to make sense of the activities occurring on, and from, your assets suspected to be compromised.AlienVault USM™ provides built-in asset discovery to:
With USM, you get three core discovery and inventory technologies for full visibility into the devices that show up on your network.
Passive Network Monitoring
USM can identify hosts on the network and their installed software packages by passively monitoring and inspecting the traffic. Information collected includes:
Active Network Scanning
USM can also gently probe the network to coax responses from devices. These responses provide clues that help identify the device, the OS, running services, and the software installed on it. It can often identify the software vendor and version without having to send any credentials to the host.
The more you remove known vulnerabilities the more work attackers have to expend to successfully breach it. Save time improving your security posture by having AlienVault USM kick off scans, report, and contain all the information you need to assess and remediate vulnerabilities quickly.AlienVault USM provides built-in vulnerability assessment to:
With USM, you get a fast, effective way to expose your network’s vulnerabilities now and the means for continuously identifying insecure configurations, along with unpatched and unsupported software over time. You can mix and match the following features as needed.
Active Network Scanning
Actively probes hosts using carefully crafted network traffic to illicit a response. This can be viewed as "poking" for suspected vulnerabilities in IT assets.
Continuous Vulnerability Monitoring
Also known as passive vulnerability detection, USM correlates the data gathered by its asset discovery scans with known vulnerability information for improved accuracy. This provides valuable vulnerability information while minimizing network noise and system impact.
Conducts scans without requiring host credentials. This scan probes hosts with targeted traffic and analyzes the subsequent response to determine the configuration of the remote system and any vulnerabilities in installed OS and application software.
Conducts scanning on an authenticated basis. This entails access to the target host’s file system, to be able to perform more accurate and comprehensive vulnerability detection by inspecting the installed software and its configuration
Attacks aren’t all or nothing – they happen in multiple steps, so you want to detect them early and stop attackers in their tracks. Catching and responding to threats early requires that you gather a variety of threat vectors to know who, what, where, when and how of attacks.AlienVault USM provides built-in intrusion detection to:
With USM, you get asset discovery and vulnerability assessment, intrusion detection, behavioral monitoring, and SIEM (log management, event correlation, analysis and reporting) to get the complete view you need to effectively monitor the security of your network. Combining these different views, allows you to cut through the noise and see the information that really matters.
Network Intrusion Detection (IDS)
Built-in intrusion detection software including Snort and Suricata provides signature-based anomaly detection, and protocol analysis technologies. This enables you to identify the latest attacks, malware infections, system compromise, policy violations, and other exposures.
Host-based Intrusion Detection (HIDS) and File Integrity Monitoring (FIM)
Built-in host-based intrusion detection software analyzes system behavior and configuration status to track user access and activity as well as identify potential security exposures such as:
“With AlienVault, we’ve increased security visibility at a reduced cost.”
Medium Enterprise Computer Software Company
“The solution has been a wonderful addition to our other tool-sets (Nessus, nCircle and Checkpoint solutions). We have great visibility into our environment, and the reporting is excellent.”
Chief Security Officer,
“We needed the ability to know if/when a possible/probable security violation occurs vs. constant monitoring by an individual. AlienVault fulfills this need.”
Medium Enterprise Security Products & Services Company
“AlienVault allows us to get a quick picture of everything going on in our environment… it would be hard for me to name a better product for security operations.”
In order to catch the latest threats, you need a way to identify anomalies and other patterns that may signal new, unknown behavior. Behavioral monitoring enables you to spot and investigate suspicious network activity, as well as provides the traffic data required to reveal the events that occurred in a potential security breach.AlienVault USM provides built-in behavioral monitoring to:
With AlienVault USM, you get multi-layered network security monitoring to detect known threats, catch network activity with known malicious hosts, and spot suspicious activity that could signal a new, unknown threat.
Service and Infrastructure Monitoring
Provides continuous monitoring of services run by particular systems. On a periodic basis, or on demand, the device is probed to confirm that the service is still running and available. This lightweight, continuous monitoring will detect unexpected service outages throughout your critical infrastructure.
Network Flow Analysis
Performs network behavior analysis without needing the storage capacity required for full packet capture. Network flow analysis provides the high-level trends related to what protocols are used, which hosts use the protocol, and the bandwidth usage. This information can then be accessed in the same interface as the asset inventory and alarm data to simplify incident response.
Network Protocol Analysis / Packet Capture
Allows security analysts to perform full protocol analysis on network traffic enabling a full replay of the events that occurred during a potential breach. This level of network monitoring can be used to pinpoint the exploit method used or to determine what specific data was exfiltrated.
Automate correlation, get threat context, and know what to do next
During security incidents and investigations, you need to get to “whodunit” as quickly as possible. This can be complicated when mountains of security-relevant data are continuously being produced. By automating the correlation of real-time events you can gather all of the puzzle pieces in a single view.AlienVault USM provides built-in SIEM to:
With USM, you get the complete picture for every incident and built-in guidance provided by the AlienVault Labs security research team. When you’re network is under attack you’ll have all the security-related information you need in one place to see what happened and what to do about it.
SIEM in Action (an example):
Cross-Correlation in Action
For IDS-generated events, which by themselves can be quite noisy, USM does a lookup from the console to see what vulnerabilities that attack needs for the exploit to be successful. Then USM does an asset lookup to see if the asset is actually vulnerable and to determine the risk profile of the asset. All of this data is then correlated so that you are able to focus in on the information that really matters most.
Incident Response Guidance in ActionAn alert might identify that a host on your internal network is attempting to connect to a malicious external host. The dynamic incident response guidance would include details about:
of organizations who are breached have evidence of the breach in their log files... but many attacks still go undetected.
Source: Verizon Data Breach Report, 2013