Effective network security monitoring requires you to collect, analyze, and correlate security data from across your cloud and on-premises environments to identify threats and intrusions. Alone, intrusion detection systems (IDS) are not enough. To fully monitor and protect your network, you need a unified view of:
Traditionally, orchestrating this information within network security monitoring software has been complex, expensive, and out of reach for most organizations. AlienVault® Unified Security Management® (USM) breaks through this complexity and expense by bringing together multiple essential security capabilities on a unified platform that’s cost effective and easy to use.
In addition, continuous threat intelligence updates from the AlienVault Labs Security Research Team are delivered to the USM platform, backed by the AlienVault Open Threat Exchange® (OTX™) — the world’s first truly open threat intelligence community.
AlienVault USM delivers essential network security monitoring tools in a single pane of glass, enabling you to:
For effective network security monitoring, you need to see what devices are connected in your environment and how the vulnerabilities on those assets expose you to threats and intrusions.
Because AlienVault USM uniquely combines asset discovery and inventory, vulnerability assessment, intrusion detection data and threat intelligence all within a single pane of glass, you can know (within in minutes of installation):
Knowing which vulnerabilities are actively being exploited in the wild helps you to better plan and prioritize your remediation activities.
Using active network scanning, AlienVault USM auto-discovers all the IP-enabled devices connected to your environment, how they’re configured, what services are installed and actively listening, any potential vulnerabilities, and any active threats being executed against them.
AlienVault USM performs authenticated vulnerability scanning with the most up-to-date vulnerability signatures from the AlienVault Labs Security Research Team. This identifies the “holes” in your network that expose you to threats and intrusions. The USM platform ranks vulnerabilities by severity to help you prioritize your response. When intrusions do occur, you have a unified view of important asset and vulnerability data, so you can respond faster.
Attacks do not usually happen in one swift blow. Rather, they unfold in multiple steps. The earlier you detect attacks, the better chance you have at intervening to prevent a data breach or other harm.
AlienVault USM enables early intrusion detection and response with built-in cloud intrusion detection (CIDS), network intrusion detection (NIDS), and host intrusion detection (HIDS) systems. These tools monitor your traffic and hosts, along with user and administrator activities, looking for anomalous behaviors and known attack patterns. The built-in SIEM capability in the USM platform automatically correlates IDS data with other security information to give you complete visibility of your security posture.
In addition, AlienVault Labs Security Research Team continuously delivers threat intelligence updates directly to the USM platform, including the latest IDS attack signatures and correlation directives. So, you always have the most up-to-date threat detection intelligence as you monitor your environment for intrusions and other threats.
USM Anywhere provides native intrusion detection system (IDS) capabilities in AWS and Azure cloud environments. Cloud sensors purpose-built for AWS and Azure cloud environments leverage AWS and Azure APIs, so you have full visibility into every operation that happens in your cloud accounts.
The Network Intrusion Detection System (NIDS) capability of the USM platform detects known threats and attack patterns targeting your vulnerable assets. It scans your on-premises network traffic, looking for the signatures of the latest attacks, malware infections, system compromise techniques, policy violations, and other exposures, and it raises alarms in your AlienVault USM dashboard to alert you when threats are identified.
The Host-based Intrusion Detection System (HIDS) capabilities in AlienVault USM employ an agent on each host to analyze the behavior and configuration status of the system. HIDS captures and monitors key events across the operating system and installed applications, and using its File Integrity Monitoring (FIM) capabilities tracks access to and activity on files, including any changes in critical system files, configuration files, system and applications binaries, registry settings, and content files.
The goal of network security monitoring is to detect and respond to threats as early as possible to prevent data loss or disruption to your operations. However, this can be complicated when mountains of security-related events and log data are continuously produced by multiple disparate security tools.
AlienVault USM has powerful SIEM and centralized logging capabilities built in so you can aggregate and make sense of security data generated across your network. Going beyond traditional SIEM products, the USM platform combines multiple essential security capabilities – asset discovery, vulnerability assessment, intrusion detection, behavioral monitoring, SIEM event correlation, and log management so that when an incident happens, you have immediate 360° visibility of the actors, targeted assets and their vulnerabilities, methods of attack, and more.
AlienVault USM deploys with ready-to-use SIEM correlation rules, and with its graph-based machine learning and finite state machine (FSM) correlation engine, you can start detect threats on Day One. As threats evolve, threat intelligence is continuously updated by AlienVault Labs and delivered directly to the USM platform.
For IDS-generated events, which by themselves can be quite noisy, AlienVault USM checks to see what vulnerabilities would be needed for an exploit to be successful. AlienVault USM then checks if the asset is actually vulnerable. This data is correlated and risk is assessed, so you can to focus in on the information that really matters most.
AlienVault USM delivers dynamic incident response guidance to assist you with your intrusion response, including details about: