Threat Detection and Response, Simplified | AlienVault

Accelerate Threat Detection and Incident Response

AlienVault Unified Security Management (USM) delivers powerful threat detection software with integrated threat intelligence from AlienVault Labs, so you can start detecting the latest threats on Day One.

Watch a 90-Second Demo

Advanced Threat Detection Has Never Been Easier

Your organization’s security depends on your ability to detect emerging threats in your cloud and on-premises environments and to respond to them quickly. Yet, hackers are constantly evolving their attack methods, making threat detection an always-moving target.

Organizations with limited security resources simply can’t afford to extensively research the global threat landscape for the latest attack vectors, nor can they spend time analyzing every alarm generated by their SIEMs.

AlienVault® Unified Security Management™ (USM™) is built with these organizations in mind. USM performs advanced threat detection across your cloud, hybrid cloud, and on-premises network environments. It combines five essential security capabilities in one unified console, giving you everything you need to quickly identify, analyze, and respond to emerging threats–in a cost-effective and easy-to-use solution.

In addition, the AlienVault Labs Security Research Team works on your behalf to research the latest global threats and vulnerabilities and delivers threat intelligence updates continuously to your USM environment. That way, you get the assurance of an always-up-to-date security monitoring solution, even without a dedicated in-house security team.

AlienVault Labs leverages threat intelligence from the Open Threat Exchange™ (OTX™)—the world’s largest open threat intelligence community of over 50,000 security experts, researchers, and IT professionals who provide global insight into the latest attack trends and bad actors.

Focus on the Threats That Matter Right Now

  • Use the Kill Chain Taxonomy to quickly assess and prioritize your threat response
  • Make informed decisions with contextual data about attack intent and severity

Get Compete Threat Visibility with All-in-One Security Essentials

  • Achieve multi-layered intrusion detection for the cloud and the data center
  • Easily search and analyze threats with a consolidated view of your assets, vulnerabilities, and malicious activities in your environment
  • Eliminate your security blind spots with hybrid cloud security monitoring

Stay Vigilant with Continuous Threat Intelligence Delivered

  • Receive continuous threat intelligence updates from AlienVault Labs Security Research Team
  • Leverage the world’s largest open threat intelligence community—Open Threat Exchange

Look Inside AlienVault Labs’ Threat Detection Techniques

  • Learn how AlienVault Labs Security Research Team analyzes security artifacts, attacker profiles, and global honeypots
Reviews of AlienVault Unified Security Management™ on  Software Reviews on TrustRadius

Focus on the Threats that Matter Right Now

Use the Kill Chain Taxonomy in USM to Prioritize Your Threat Response

With the constantly evolving nature of the threat landscape, it can be difficult, if not impossible, to address every incident and alert that occurs in your environment. Instead, you must be able to cut through the clutter of low-risk alerts and false positives to effectively prioritize your threat detection and response activities.

AlienVault USM helps you to quickly assess and prioritize the most severe threats facing your environment. USM uses the Kill Chain Taxonomy to categorize threats by severity in a highly visual and instantly recognizable way, so that you can immediately know which threats to focus on first. USM also provides you with contextual information to help you understand attack intent and threat severity, based on how the threats are interacting with your environment.

  • System Compromise – Behavior indicating a compromised system. This is the most severe threat level.
  • Exploitation & Installation – Behavior indicating a successful exploit of a vulnerability or backdoor/RAT being installed on a system.
  • Delivery & Attack – Behavior indicating an attempted delivery of an exploit.
  • Reconnaissance & Probing – Behavior indicating a bad actor attempting to discover information about your network.
  • Environmental Awareness – Behavior indicating policy violations, vulnerable software, or suspicious communications.

Get Compete Threat Visibility with All-in-One Security Essentials

Discover the Five Essential Security Capabilities Delivered in AlienVault USM

AlienVault USM provides five essential security capabilities in a single console, giving you everything you need to manage network threat detection and incident response as well as compliance requirements in a single pane of glass. With all security-related data about your assets, vulnerabilities, and intrusions centralized and easily searchable, you can investigate faster and respond sooner to emerging threats.

Asset Discovery

  • Cloud asset discovery
  • Network asset discovery
  • Software & services discovery

Vulnerability Assessment

  • Network vulnerability scanning
  • Cloud vulnerability scanning
  • Cloud infrastructure assessment

Intrusion Detection

  • Cloud IDS
  • Network IDS
  • Host IDS

AlienVault USM delivers multi-layered IDS for your cloud, hybrid cloud, and on-premises environments threat detection needs. Built-in network intrusion detection (NIDS), host intrusion detection (HIDS), and native cloud intrusion detection capabilities work in concert, giving you comprehensive intrusion detection across your entire IT landscape and eliminating your security blind spots.

Behavioral Monitoring

  • Cloud access logs (Azure: Monitor, AWS: CloudTrail, S3, ELB)
  • AWS VPC Flow monitoring
  • Asset access logs
  • VMware access logs

SIEM & Log Management

  • Event correlation
  • Incidence response
  • Integrated AlienVault Open Threat Exchange™ (OTX™) Data
  • 12-month raw log retention

Stay Vigilant with Continuous Threat Intelligence Delivered from AlienVault Labs

When you deploy USM, you receive continuous threat intelligence updates that are thoroughly researched by the AlienVault Labs Security Research Team. This dedicated team spends countless hours analyzing the different types of attacks, emerging threats, suspicious behavior, vulnerabilities, and exploits they uncover across the global threat landscape. They deliver this intelligence in the form of coordinated rule sets of correlation rules, IDS signatures, vulnerability signatures, asset discovery signatures, indicators of compromise, data source plugins, and report templates. The team also provides up-to-the-minute guidance on emerging threats and context-specific remediation guidance, which accelerates and simplifies threat detection and remediation.

In addition to their own threat detection techniques, AlienVault Labs leverages the community-sourced threat intelligence of the AlienVault Open Threat Exchange (OTX), the world’s first truly open threat intelligence community. With over 50,000 members, including threat researchers and security professionals from over 140 countries, OTX provides global insight into the latest attack trends and bad actors operating in the wild. This rich resource assures USM users of the most up-to-date, actionable threat intelligence in their USM environment.

Look Inside AlienVault Labs’ Threat Detection Techniques

Security Artifact Analysis

Using a wide range of collection techniques, including advanced sandboxing to quarantine malware samples, the AlienVault Labs Security Research Team analyzes over one million unique security artifacts every day. This analysis provides key insights into the latest attacker methods, tools, infrastructure, and techniques.

Attacker Profile Analysis

We’re constantly monitoring hacker forums and underground networks for in-depth profiling of the common traits of cyber criminals. This information gives us unparalleled access for understanding the “attack horizon” and has resulted in major discoveries such as the evolution of Sykipot, Red October, and other malware outbreaks.

Honeypot Deployment and Analysis

Our global honeypots are essentially “virtual Venus fly traps” set up to detect, capture, and analyze the latest attacker techniques and tools. By leveraging honeypots placed in high-traffic networks, we are able to arm USM customers with the latest defensive strategies in the form of updated event correlation rules, IDS and vulnerability signatures, and more.

Open Collaboration with State Agencies, Academia, and Other Security Research Firms

Thanks to the broad reach of our threat intelligence community, we have established strong connections with state agencies around the world, academic researchers, and other security vendors. These relationships enable us access to pre-published vulnerability and malware updates as well as enhanced verification of our own research. By gathering threat intelligence from a diverse install base, spread across many industries and countries, and composed of organizations of all sizes, we’re able to shrink an attacker’s ability to isolate targets by industry or organization size.

Watch a Demo ›