Security log analysis & management

One of the most overlooked and underutilized tools that you can use to secure your cloud, hybrid cloud, and on-premises is security log analysis. You can almost always find evidence of an attack in the logs of your devices, systems, and applications. However, if you are not performing regular log monitoring and security analysis, many threats may go unnoticed.

One of the core capabilities of AlienVault® USM™ is its ability to automatically aggregate and manage event log data from its built-in detection capabilities as well as collect logs produced by other devices in your environment. USM monitors the data and automatically executes advanced analysis, producing normalized events and correlating them to produce actionable intelligence, and alerts you to any threats facing your environment.

USM collects log data from across your cloud, hybrid cloud, and on-premises environments, such as:

• Azure cloud access logs: Insights
• AWS cloud access logs: CloudTrail, S3, ELB
• AWS VPC Flow monitoring
• Asset access logs
• Audit logs
• VMware & Hyper-V access logs
• System logs on Windows, Linux, and Unix servers Network device logs

With AlienVault USM, you get all the features and functionality you expect from security log analysis and management including:

Event Correlation with Regularly Updated Threat Intelligence

• Integrated SIEM functionality automatically correlates log data from different data sources
• Regular updates to threat intelligence automatically spots the latest threats

Security Log Analysis Simplified with Intuitive UI and Extensible Architecture

• Advanced search and analytics enable fast, accurate forensic threat assessment
• Hundreds of plugins included to parse logs from the most common data sources

Multifunctional Security Log Management and Storage

• Granular visibility into raw logs with query-based search functionality; simplifies forensic analysis compliance audits
• Tamper-proof raw log storage ensures integrity and meets compliance requirements

Different use cases require different approaches to security log analysis and management. For instance, historical analysis of compliance calls for an easy-to-use interface and the ability to filter down to a granular level (e.g., all authentication events involving assets storing cardholder data transpiring during the last three months). Doing this quickly allows for faster analysis and, in turn, the ability to swiftly develop new policies and procedures to address the offending behavior.

One potential challenge that can arise when instrumenting a security log management solution is when parsing and normalizing incoming logs using plugins. While most devices output log data in a standardized format, some logs are structured differently, contain extra pieces of information, or fail to adhere to any known format. Some SIEM security platforms come with a limited set of plugins and do not continually build new plugins as new data sources arise.

By contrast, AlienVault USM ships with hundreds of plugins that are ready to parse log data from today’s most commonly used data sources, meaning you’re able to start monitoring your environment immediately after deployment. These out-of-the-box plugins are compatible with most major devices and applications, including network gear (firewalls, UTM, routers, wireless access points), as well as endpoint protection, web servers, and external detection methods.

The AlienVault USM Plugin library provides source-optimized data collection for a complete range of technologies, making it easy for you to get complete visibility into your entire environment. In addition, AlienVault will build a plugin for most commercially available products upon request at no additional charge.

In USM Anywhere™, AlienApps extend the platform’s core capabilities by integrating with popular third-party security tools, including Cisco Umbrella and McAfee ePO to provide specialized data collection, visualization, and action response orchestration.