AlienVault Unified Security Management™ (USM) delivers a built-in network vulnerability scanner to continuously scan your critical assets for vulnerabilities and provides an incisive reporting interface to simplify your triage and remediation process.
The dynamic nature of most environments requires persistent monitoring in order to defend against the evolving threat landscape. Constant changes to networks, systems, and applications can leave you susceptible to an attack, even if you are keeping your security controls up to date.
Stay on Schedule
AlienVault USM addresses this pain point by providing a simple, manageable platform that includes both asset discovery and network vulnerability scanning tools, as well as an easy to use interface for scheduling both types of scans. This allows you to ensure continuous vulnerability assessment without having to manage the process manually.
AlienVault USM™ allows you to stay ahead of attackers with these advanced features:
Simple configuration and scheduling of network vulnerability scans
Intuitive dashboard and reporting interface
Regular updates to vulnerability related threat intelligence
Traditional approaches to network vulnerability scanning and analysis rarely focus on usability and can seem unapproachable by those in IT wearing multiple hats. This leads to frustration, infrequent and inconsistent analysis and, too often, total project abandonment. Unfortunately, threat actors are all too familiar with this behavior and use it to their advantage by exploiting flaws in new additions to the victim’s environment.
When time and simplicity are of the essence, you need a security solution that accelerates your network vulnerability scanning and threat detection process. AlienVault USM provides this functionality by bolstering a comprehensive vulnerability scanning engine with asset discovery, a streamlined UI, and uncomplicated scheduling. Scheduling scans in advance allows you to easily manage your network vulnerability scanning program as well as minimize disruption of critical services during peak time.
You can also easily specify the methods used during the scans as well as how intensely your assets are probed. You can use the predefined scanning profiles, modify them to meet your explicit needs, or create your own from scratch. Since an attacker’s privileges (or lack thereof) can influence the feasibility of exploiting certain vulnerabilities, you also have the ability to perform these scans in both authenticated and unauthenticated modes.
Once you’ve scanned your assets for vulnerabilities, you need to develop a response plan that describes the vulnerabilities and their potential impact to your environment, and then decide which issues to remediate first. Doing this efficiently requires expert knowledge of not only the exploit methods but the affected systems as well.
AlienVault USM gives you an interface that provides a graphical display of vulnerabilities discovered by severity as well as affected services, systems, and networks. You also have a dashboard detailing the status of scheduled, in progress, and past scans. From here, you also have the ability to re-run scans, change scan job ownership, modify scanning schedules, or even delete jobs.
Reports produced contain rich, actionable intelligence including detailed descriptions of vulnerability, insight into root cause, and available workarounds. In most cases, links to references are provided for continued research. Exporting this data is easy, with links to download in PDF or CSV formats.
One of the most significant challenges to securing your environment is having the knowledge required to identify network vulnerabilities, prioritize which are the biggest threats to your environment, and then remediate any issues found. While many tools provide an initial set of vulnerability signatures, keeping them up to date and developing new ones is often up to the user. Especially when securing the network isn’t your only responsibility, you have little time to research new threats and develop vulnerability intel.
That’s where the Threat Intelligence produced by AlienVault Labs steps in to assist. Think of it as an extension to your IT team – they are constantly performing advanced research on current threats and developing updates to AlienVault USM’s threat intelligence. In addition to the vulnerability signatures, you receive updates to SIEM correlation rules, IDS signatures, knowledgebase articles, and more.
Updating the AlienVault USM platform is extremely easy, designed to minimize downtime, and just requires a couple of mouse clicks. This ensures that AlienVault USM is continuously conducting network vulnerability scans for the latest threats without requiring in-house research or development of vulnerability data. This allows you to allocate your time and resources to other responsibilities and, do more with a smaller team.