AlienVault Unified Security Management (USM) gives you complete network security monitoring for your cloud, hybrid cloud, and on-premises infrastructure, all in a single pane of glass.
Effective network security monitoring requires you to collect, analyze, and correlate security data from across your cloud and on-premises environments to identify threats and intrusions. Alone, intrusion detection systems (IDS) are not enough. To fully monitor and protect your network, you need a unified view of—
Traditionally, orchestrating this information within network security monitoring software has been complex, expensive, and out of reach for most organizations. AlienVault® Unified Security Management™ (USM™) breaks through this complexity and expense by bringing together five essential security capabilities on an all-in-one platform that’s cost effective and easy to use.
In addition, continuous threat intelligence updates from AlienVault Labs are delivered to USM, backed by the AlienVault Open Threat Exchange™ (OTX™) — the world’s first open threat intelligence community.
AlienVault USM delivers essential network security monitoring tools in a single pane of glass, enabling you to—
Know Your Assets & Vulnerabilities
Detect Threats & Intrusions Faster
Monitor Network Behavior for Suspicious Activity
Analyze Security Incidents with SIEM
Leverage AlienVault Labs Threat Intelligence
For effective network security monitoring, you need to see what devices are connected in your environment and how the vulnerabilities on those assets expose you to threats and intrusions.
Because USM uniquely combines asset discovery and inventory, vulnerability assessment, intrusion detection data and threat intelligence all within a single pane of glass, you can know (within in minutes of installation)–
Knowing which vulnerabilities are actively being exploited in the wild helps you to better plan and prioritize your remediation activities.
Asset Discovery & Inventory
USM performs authenticated vulnerability scanning with the most up-to-date vulnerability signatures from the AlienVault Labs Security Research Team.
Attacks do not usually happen in one swift blow. Rather, they unfold in multiple steps. The earlier you detect attacks, the better chance you have at intervening to prevent a data breach or other harm.
USM enables early intrusion detection and response with built-in cloud intrusion detection (CIDS), network intrusion detection (NIDS), and host intrusion detection (HIDS) systems. These tools monitor your traffic and hosts, looking for anomalous behaviors and known attack patterns. The built-in SIEM capability in USM automatically correlates IDS data with other security information to give you complete visibility of your security posture.
In addition, AlienVault Labs Security Research Team delivers the latest IDS attack signatures and correlation directives directly to your USM environment, so that you always have the most up-to-date threat intelligence as you monitor your environment for intrusions and other threats.
Cloud Intrusion Detection System (CIDS)
Network Intrusion Detection System (NIDS)
Host-based Intrusion Detection System (HIDS)
To catch the latest threats, you must be able to keep a pulse on the activities happening in your environment to identify any anomalies and other unknown patterns of behavior. Behavioral monitoring enables you to spot and investigate suspicious activities that fall outside of your baseline or "normal" operations.
AlienVault USM provides built-in behavioral monitoring capabilities to:
With AlienVault USM, you can use multi-layered behavioral monitoring techniques to detect anomalous and suspicious activity that could signal an emerging threat or intrusion in your cloud or on-premises environment.
Inspect Packet Capture
Monitoring Cloud Activity in USM Anywhere
Network Flow Analysis in USM Appliance
The goal of network security monitoring is to detect and respond to threats as early as possible to prevent data loss or disruption to your operations. However, this can be complicated when mountains of security-related events and log data are continuously produced by multiple disparate security tools.
USM has powerful SIEM and centralized logging capabilities built in so you can aggregate and make sense of security data generated across your network. Going beyond traditional SIEM products, USM natively combines five essential security capabilities so that when an incident happens, you have immediate 360° visibility of the actors, targeted assets and their vulnerabilities, methods of attack, and more.
USM ships with ready-to-use SIEM correlation rules so that you can launch faster and start detecting threats on Day One. As threats evolve, threat intelligence is continuously updated by AlienVault Labs and delivered directly to USM.
Incident Response Guidance
To successfully monitor your cloud and on-premises environments for security threats and intrusions, you need always-up-to-date security intelligence. Without a dedicated in-house team of security analysts, this can be a challenge.
That's why the AlienVault Labs Security Research Team spends countless hours analyzing the current threat landscape and mapping out the different types of attacks, the latest threats, suspicious behavior, vulnerabilities and exploits they uncover.
The AlienVault Labs Security Research Team continuously publishes intelligence updates to USM in the form of correlation directives, IDS signatures, vulnerability audits, asset discovery signatures, IP reputation data, report templates, data source plugins, and more.
The AlienVault Labs Security Research Team leverages security intelligence from OTX, the world’s largest crowd-sourced repository of threat data, so you get global insight into attack trends and bad actors that may impact your network.
Correlation Directive Updates Delivered
AlienVault researches, writes, and continuously delivers the latest correlation rules to USM, saving you significant time and effort, so you can focus on responding to incidents and protecting your data.
OTX Community-Driven Threat Intelligence