Advanced Threat Detection Has Never Been Easier
Your organization’s security depends on your ability to detect emerging threats in your cloud, on-premises, and hybrid environments and to respond to them quickly. Yet, attack methods and strategies are constantly evolving, making threat detection an always-moving target.
Organizations with limited security resources simply don’t have the resources or time to extensively research the global threat landscape for the latest attack vectors, nor can they spend time analyzing every indicator that an attack is happening.
AlienVault® Unified Security Management® (USM) is built with these organizations in mind. AlienVault USM performs advanced threat detection across your cloud, on-premises, and hybrid environments. It combines multiple essential security capabilities – asset discovery, vulnerability assessment, intrusion detection, behavioral monitoring, SIEM event correlation, and log management – in one unified console. This gives you everything you need to quickly identify, analyze, and respond to emerging threats–in one cost-effective and easy-to-use solution.
In addition, the AlienVault Labs Security Research Team works on your behalf to research the latest global threats and vulnerabilities, and delivers threat intelligence updates continuously into the USM platform. That way, you get the assurance of an always-up-to-date and optimally performing security monitoring solution, even without a dedicated in-house security team.
AlienVault Labs leverages threat intelligence from the Open Threat Exchange® (OTX™)—the world’s largest open threat intelligence community of security experts, researchers, and IT professionals worldwide who provide global insight into the latest attack trends, bad actors, indicators of compromise, and affected industries.
Focus on the Threats That Matter Right Now
- Use the Kill Chain Taxonomy to quickly assess and prioritize your threat response
- Make informed decisions with contextual data about attacks, including a description of the threat, its method and strategy, and recommendations on response
Get Compete Threat Visibility with All-in-One Security Essentials
- Achieve multi-layered intrusion detection for your on-premises, cloud, and hybrid environments using the USM platform’s built-in host-, network-, and cloud-based intrusion detection systems
- Easily search and analyze threats with a consolidated view of your assets, vulnerabilities, and malicious activities in your environment
- Eliminate your security blind spots by aggregating and correlating events from all your devices, servers, and applications, as well as monitoring user and administrator activities
Stay Vigilant with Continuous Threat Intelligence Delivered
- Receive continuous threat intelligence updates from AlienVault Labs Security Research Team
- Leverage threat data from the world’s largest open threat intelligence community—OTX
Focus on the Threats that Matter Right Now
With the constantly evolving nature of the threat landscape, it can be difficult—especially with limited resources—to address every incident and alert that occurs in and across your on-premises, cloud, and hybrid environments. Instead, you must be able to cut through the clutter of alerts and false positives to effectively prioritize your threat detection and response activities.
AlienVault USM helps you to quickly assess and prioritize the most severe threats facing your environment. The USM platform uses the Kill Chain Taxonomy to categorize threats by severity in a highly visual and instantly recognizable way, so that you can immediately know which threats to focus on first. It also provides you with contextual information to help you understand attack intent and threat severity, based on how the threats are interacting with your environment.
- System Compromise – Behavior indicating a compromised system. This is the most severe threat level.
- Exploitation & Installation – Behavior indicating a successful exploit of a vulnerability or backdoor/RAT being installed on a system.
- Delivery & Attack – Behavior indicating an attempted delivery of an exploit.
- Reconnaissance & Probing – Behavior indicating a bad actor attempting to discover information about your network.
- Environmental Awareness – Behavior indicating policy violations, vulnerable software, or suspicious communications.
Get Compete Threat Visibility with All-in-One Security Essentials
AlienVault USM provides multiple essential security capabilities to help identify, understand, and contain threats—all through a single pane of glass. With all security-related data about your assets, vulnerabilities, and intrusions centralized and easily searchable, and backed by threat intelligence from AlienVault Labs and OTX, you can investigate faster and respond sooner to risks and threats against your critical infrastructure.
- Discovery of assets across on-premises, cloud, and hybrid environments
- Identification of software & services deployed on each asset
- Ability to group assets, supporting simplified monitoring and review
- Scans for vulnerabilities across all your monitored environments
- Prioritization based on the severity of the vulnerability, so you can prioritize response
- Indication of any available patches for identified vulnerabilities
- Cloud IDS (CIDS)
- Network IDS (NIDS)
- Host IDS (HIDS)
AlienVault USM delivers multi-layered IDS for your cloud, hybrid cloud, and on-premises environments threat detection needs. Built-in network intrusion detection (NIDS), host intrusion detection (HIDS), and native cloud intrusion detection (CIDS) capabilities work in concert, giving you comprehensive intrusion detection across your entire IT landscape and eliminating your security blind spots.
- Monitor cloud access and activity logs (Azure: Monitor, AWS: CloudWatch, CloudTrail, S3, ELB, VMware and Hyper-V access logs)
- Monitor user and administrator activities on systems and applications, including Okta, Active Directory, Office 365, and G Suite
- AWS VPC Flow Monitoring
Incident Response Guidance
- Review context on the threat, including details on strategy, method, and actor
- See enriched information on the incident from the Open Threat Exchange (OTX), with links to ‘pulses’ from the OTX community
- Review the affected asset, including details about what software and services are installed, and any other related vulnerabilities and alarms
- Identify the destination IP address or domain to which communications are being passed (e.g. a Command & Control Server)
- Recommended actions to take for further investigation and threat containment
SIEM & Log Management
- Event correlation by graph-based machine learning and finite-state machine (FSM) correlation engines
- Integrated threat intelligence, including updated correlation directives, from AlienVault Labs Security Team, and the AlienVault Open Threat Exchange (OTX)
- Aggregation of logs from all devices, servers, and applications across your on-premises, cloud, and hybrid environments
- Up to 90 days of searchable events stored within fast, Elasticsearch storage
- At least 12-months of raw log retention