PCI DSS

Network Security
Monitoring

AlienVault Unified Security Management (USM) gives you complete network security monitoring in a single pane of glass.

Watch a 90-Second Demo

Trusted by thousands of customers.

Bumble Bee TunaCareer BuilderDole FoodsHyattPappas RestaurantsSubaruAmy'sU.S. Air ForceOklahoma UniversityTHSBZioskSave Mart SupermarketsHigh Plains BankEpsilon Systems SolutionsPeet's Coffee and TeaPepco Holdings IncLifespan BioscienceThe New York TimesArcos Dorados HoldingsBluegrass CellularBank of IrelandHays Medical CenterTaylor-MorrisonPolitie Dutch National PoliceNational Film Board of CanadaRichland Washington School DistrictInternational Currency ExchangeDelta SonicShake ShackParking PandaJobReadyIn-n-Out BurgersSubaruBrookfield ZooSouthwest BankCintraCity of FargoRainforest AllianceHSB

Complete Network Security Monitoring
in a Single Pane of Glass

Effective network security monitoring requires you to collect, analyze, and correlate security data from across your network to identify threats and intrusions. Alone, intrusion detection systems (IDS) are not enough. To fully monitor and protect your network, you need a unified view of—

  • What’s connected to your network at all times
  • Vulnerable systems that could be exploited
  • Threats and activity with known malicious hosts
  • Baseline of network behavior and any deviations
  • Security incidents with correlated event data
  • Regular threat intelligence updates

Traditionally, orchestrating this information within network security monitoring software has been complex, expensive, and out of reach for most organizations. AlienVault® Unified Security Management™ (USM™) breaks through this complexity and expense by bringing together five essential security capabilities on an all-in-one platform that’s cost effective and easy to use.

In addition, continuous threat intelligence updates from AlienVault Labs are delivered to USM, backed by the AlienVault Open Threat Exchange™ (OTX™) — the world’s first open threat intelligence community.

AlienVault USM delivers essential network security monitoring tools in a single pane of glass, enabling you to—

Know Your Assets & Vulnerabilities

  • Asset Discovery & Inventory
  • Vulnerability Assessment & Remediation

Detect Threats & Intrusions Faster

  • Network Intrusion Detection (NIDS)
  • Host-Based Intrusion Detection (HIDS)

Monitor Network Behavior for Suspicious Activity

  • Network Flow Analysis
  • Service and Infrastructure Monitoring
  • Network Protocol Analysis / Packet Capture

Analyze Security Incidents with SIEM

  • Cross-Correlation Directives
  • Incident Response Guidance

Leverage AlienVault Labs™ Threat Intelligence

  • Intelligence Updates Delivered Continuously
  • Integrated Community-driven OTX Pulse Subscriptions

Know Your Assets & Vulnerabilities

For effective network security monitoring, you need to see what devices are connected to your network and how the vulnerabilities on those assets expose you to threats and intrusions.

Because USM uniquely combines asset discovery and inventory, vulnerability assessment, intrusion detection data and threat intelligence all within a single pane of glass, you can know (within in minutes of installation)–

  • What assets are connected to your network
  • What vulnerabilities exist on those assets
  • What threats or intrusions are being executed against your vulnerable assets
  • Which vulnerabilities are actively being exploited in the wild and how

Knowing which vulnerabilities are actively being exploited in the wild helps you to better plan and prioritize your remediation activities.

Asset Discovery & Inventory
With USM, you can auto-discover all the IP-enabled devices on your network, how they’re configured, what services are installed and actively listening, any potential vulnerabilities, and any active threats being executed against them. USM uses passive network monitoring and active network scanning to discover assets.

Vulnerability Assessment
With vulnerability assessment in USM, you can find and fix the “holes” in your network that expose you to threats and intrusions. And, when intrusions do occur, you have a unified view of important asset and vulnerability data so you can respond faster.
USM performs authenticated and unauthenticated vulnerability scanning as well as continuous passive monitoring with the most up-to-date vulnerability signatures from AlienVault Labs.

Detect Threats & Intrusions Faster

Attacks do not usually happen in one swift blow. Rather, they unfold in multiple steps. The earlier you detect attacks, the better chance you have at intervening to prevent a data breach or other harm.

USM enables early intrusion detection and response with built-in NIDS and HIDS. These tools monitor your traffic and hosts, looking for anomalous behaviors and known attack patterns. The built-in SIEM capability in USM automatically correlates IDS data with other security information to give you complete visibility of your security posture.

In addition, AlienVault Labs delivers the latest IDS attack signatures and correlation directives directly to your USM environment, so that you always have the most up-to-date threat intelligence as you monitor your environment for intrusions and other threats.

Network Intrusion Detection System (NIDS)
NIDS detects known threats and attack patterns targeting your vulnerable assets. It scans your network traffic, looking for the signatures of the latest attacks, malware infections, system compromise techniques, policy violations, and other exposures, and it raises alarms in your USM dashboard to alert you when threats are identified.

Host-based Intrusion Detection System (HIDS)
HIDS employs an agent on each host to analyze the behavior and configuration status of the system. HIDS tracks user access and activity, including any changes in critical system files, configuration files, registry settings, and content files, making it an effective file integrity monitoring (FIM) tool.

Monitor Network Behavior to
Spot Suspicious Activity

To catch the latest threats, you must be able to keep a pulse on your network traffic to identify any anomalies and other unknown patterns of behavior. Behavioral monitoring enables you to spot and investigate suspicious network traffic and activities that fall outside of your baseline or “normal” operations.

AlienVault USM provides built-in behavioral monitoring capabilities to:

  • Identify protocols and baseline “normal behavior”
  • Spot anomalies, policy violations, and suspicious activity
  • Monitor system services and detect unexpected outages
  • Conduct full protocol analysis on network traffic

With AlienVault USM, you can use multi-layered behavioral monitoring techniques to detect anomalous and suspicious activity that could signal an emerging threat or intrusion in your network environment.

Network Flow Analysis
Network flow analysis provides high-level trends related to your “normal” network traffic behavior, including protocols, hosts, and bandwidth usage, without needing the storage capacity required for full packet capture. Having network flow data side-by-side with asset inventory and alarm data in USM makes incident response faster and easier.

Service and Infrastructure Monitoring
You can continuously monitor critical devices to ensure that services are running and available. This lightweight monitoring function detects unexpected service outages across your critical infrastructure.

Network Protocol Analysis / Packet Capture
Security analysts can perform full protocol analysis on network traffic, enabling a full replay of the events that occurred during a potential breach. This level of network monitoring can help to pinpoint the exploit method used or to determine what data was stolen.

Analyze Security Incidents with SIEM

The goal of network security monitoring is to detect and respond to threats as early as possible to prevent data loss or disruption to your operations. However, this can be complicated when mountains of security-related events and log data are continuously produced by multiple disparate security tools.

USM has powerful SIEM and centralized logging capabilities built in so you can aggregate and make sense of security data generated across your network. Going beyond traditional SIEM products, USM natively combines five essential security capabilities so that when an incident happens, you have immediate 360° visibility of the actors, targeted assets and their vulnerabilities, methods of attack, and more.

USM ships with over 3,000 pre-defined SIEM correlation rules. As threats evolve, threat intelligence is continuously updated by AlienVault Labs and delivered directly to USM, so you can launch faster and start detecting threats in your environment on day one.

Cross-Correlation Directives
For IDS-generated events, which by themselves can be quite noisy, USM checks to see what vulnerabilities would be needed for an exploit to be successful. USM then checks if the asset is actually vulnerable. This data is correlated and risk is assessed, so you can to focus in on the information that really matters most.

Incident Response Guidance
USM delivers dynamic incident response guidance to assist you with your intrusion response, including details about:

  • The internal host, such as owner, network segment, and services that are installed
  • Network protocols in use and associated risks
  • The external host and known past exploits
  • The importance of identifying C&C traffic
  • Specific actions to take for further investigation and threat containment

Leverage Threat Intelligence
from AlienVault Labs and OTX

To successfully monitor your network environment for security threats and intrusions, you need always-up-to-date security intelligence. Without a dedicated in-house team of security analysts, this can be a challenge.

That’s why AlienVault Labs spends countless hours analyzing the current threat landscape and mapping out the different types of attacks, the latest threats, suspicious behavior, vulnerabilities and exploits they uncover.

AlienVault Labs continuously publishes intelligence updates to USM in the form of correlation directives, IDS signatures, vulnerability audits, asset discovery signatures, IP reputation data, report templates, data source plugins, and more.

The AlienVault Labs team leverages security intelligence from OTX, the world’s largest crowd-sourced repository of threat data, so you get global insight into attack trends and bad actors that may impact your network.

Correlation Directive Updates Delivered
Correlation directives are policy rules that link together specific events and sequences of events indicative of a threat or intrusion. They are used to correlate events generated by the built-in USM essential capabilities and by other network data sources to raise alarms that alert you as security incidents escalate.

AlienVault researches, writes, and continuously delivers the latest correlation directives to USM, saving you significant time and effort, so you can focus on responding to incidents and protecting your data.

Integrated Community-Driven OTX Pulse Subscriptions
OTX is a community for security and IT professionals to share threat data as it emerges. In addition to receiving all AlienVault Labs OTX pulses by default, you can also subscribe to other community-created OTX pulses to receive threat intelligence from security researchers, AlienVault Partners, and other members.

Additional Resources

Browse all Resources

Get Price Free Trial Chat