Threat Analysis Software | AlienVault

Threat Analysis

AlienVault’s comprehensive threat analysis is delivered as seamlessly integrated threat intelligence in an all-in-one security management platform—saving you countless hours of threat research to detect the latest threats.

Watch a 90-Second Demo

Secure Your Infrastructure with Streamlined Threat Detection and Analysis

Threat analysis is a demanding, time-consuming exercise for security practitioners. It requires you to stay current with the latest threats, techniques, and vulnerabilities. To do so you need a massive threat data collection process that is global in scale, advanced analytical capabilities to process the data, and time. Done properly, the output of threat analysis is threat intelligence: information about malicious actors, their tools, infrastructure and methods.

To avoid spending countless hours that your IT team doesn’t have in attempting to develop actionable threat intelligence, you need a security solution that conducts threat analysis for you.

The AlienVault® Unified Security Management™ (USM™) platform delivers five essential security capabilities in one platform, as well as built-in threat intelligence from the AlienVault Labs Security Research Team. This provides you with everything you need to detect threats, prioritize response, and manage compliance.

AlienVault USM accelerates and simplifies your ability to detect and analyze threats by receiving relevant, timely, and actionable threat intelligence from the AlienVault Labs Security Research Team.

  • Locate all the assets in your cloud and on-premises environments
  • Identify the vulnerable assets and systems and prioritize remediation
  • Detect malicious activity targeting your cloud and on-premises infrastructure
  • See a prioritized view of the most significant threats targeting your cloud and on-premises infrastructure
  • Drill down and investigate risks for additional context and remediation guidance
Reviews of AlienVault Unified Security Management™ on  Software Reviews on TrustRadius

Actionable Threat Intelligence Requires Effective Threat Analysis

Effective threat analysis is a demanding yet essential process for generating quality threat intelligence. It requires you to collect a large volume of diverse threat data in real-time, and analyze the behavior to understand the intent of the malicious activity.

You need multiple security tools and data sources to amass the threat data, and then you need to build processes and systems on top of those tools to effectively analyze that data to generate actionable information. Additionally, you need to build your systems to conduct automated analysis, as there is simply too much data to process manually.

To detect patterns of behavior, you need to curate the threat data and combine it with supplemental information about the evolving threat landscape, effectively tuning your security program to detect and respond to threats.

And once your systems and tools have surfaced the relevant data and information, you also need human expertise to interpret the data. Armed with this detailed understanding of malicious actors’ tools, infrastructure, and methods, you can tune your security tools to incorporate the relevant information and detect the latest threats.

Global Visibility from Diverse Data Sources

AlienVault collects tens of millions of threat indicators daily via the Open Threat Exchange® (OTX™), the world’s largest crowd-sourced repository of threat data, and other external sources. We curate the data and combine it with additional information about attackers' tools, infrastructure, and methods to detect malicious behaviors — true threat intelligence.

AlienVault follows a multi-phased threat analysis process to generate AlienVault’s threat intelligence. The first phase is data collection.

We collect over 10 million threat indicators every day, including malicious IP addresses and URLs, domain names, malware samples, and suspicious files. We aggregate this data in OTX from a wide range of sources, including:

  • External threat vendors
  • Open sources
  • High-interaction honeypots that we set up to capture the latest attacker techniques and tools
  • Community-contributed threat data in the form of OTX "pulses"
  • USM and OSSIM users voluntarily contributing anonymized data

Smaller Needles, Bigger Haystacks

After collecting mountains of threat data, the next phase of the threat analysis process is to employ Systems and Processes we set up to assess the validity and severity of each of these threat indicators collected in OTX. These include a Contribution System for malware, a URL System for suspicious URLs, and an IP Reputation System for suspicious IP addresses.

We then use Threat Evaluation tools developed by the AlienVault Labs team to test and validate specific threat indicators before publishing any data.

These evaluation tools include a Malware Analyzer, a DNS Analyzer, a Web Analyzer, and a BotNet Monitor. As an example, we verify that a domain is distributing malware using our Web Analyzer. We connect to the suspicious URL, analyze and then execute the file, and if the file is malicious, we mark the server as malicious.

The Outputs, or raw analyzed threat data, are delivered to the AlienVault Labs team. The raw threat data is also shared with OTX community via the OTX portal.

Applying a Human Touch

The final phase of the threat analysis process is to engage the AlienVault Labs Security Research Team to conduct deeper qualitative and quantitative analysis on the threats. For example, they will reverse-engineer a malware sample, or conduct extensive research on particular threat actors and their infrastructure, to detect patterns of behavior and methods.

The Security Research Team delivers all relevant information about the threats and the attack infrastructure to the USM platform via the Threat Intelligence subscription. They regularly update 8 coordinated rule sets, which eliminate the need for you to tune your systems on your own.

These rule sets include:

  • Correlation directives – USM ships with a comprehensive library of pre-defined rules that translate raw events into specific, actionable threat information
  • Network IDS signatures – detect the latest threats in your network
  • Host IDS signatures – detect the latest threats targeting your critical systems
  • Asset discovery signatures – identify the latest operating systems, applications, and devices
  • Vulnerability assessment signatures – find the latest vulnerabilities on your systems
  • Reporting modules – provide new ways of viewing data about your environment and satisfying auditor and management requests
  • Dynamic incident response templates – utilize customized guidance on how to respond to each alert
  • Newly supported data source plugins – expand your monitoring footprint by incorporating data from third party tools

USM’s integrated threat intelligence from the Security Research Team eliminates the need for you to spend precious time conducting your own research. Unlike single-purpose updates focused on only one security control, the AlienVault Labs Threat Intelligence Subscription delivers regular updates to the USM platform, which accelerates and simplifies threat detection and response.

Watch a Demo ›