Threat Detection & Response | AlienVault

Accelerate and Automate Threat Detection

A single platform for better threat detection, faster response, and easier compliance management

Career Builder
IPG Mediabrands
Dole Foods
Pappas Restaurants
U.S. Air Force
Indiana State University
Save Mart Supermarkets
High Plains Bank
Epsilon Systems Solutions
Pepco Holdings Inc
Lifespan Bioscience
Arcos Dorados Holdings
Bluegrass Cellular
Bank of Ireland
Hays Medical Center
National Film Board of Canada
Richland Washington School District
Delta Sonic
Shake Shack
Miami Parking Authority
Brookfield Zoo
Southwest Bank
Hawaiian Telcom
City of Fargo
Rainforest Alliance
Crawford Insurance
Pittsburgh Technical College
Crosskey Bank
Horizon Health Services
BAE Systems
Food Services
Cambridge University

Explore the Total Economic Impact™ of AlienVault USM

Commissioned Study Conducted by

Get the Full Study ›

Advanced Threat Detection Has Never Been Easier

Your organization’s security depends on your ability to detect emerging threats in your cloud, on-premises, and hybrid environments and to respond to them quickly. Yet, attack methods and strategies are constantly evolving, making threat detection an always-moving target.

Organizations with limited security resources simply don’t have the resources or time to extensively research the global threat landscape for the latest attack vectors, nor can they spend time analyzing every indicator that an attack is happening.

AlienVault® Unified Security Management® (USM) is built with these organizations in mind. AlienVault USM performs advanced threat detection across your cloud, on-premises, and hybrid environments. It combines multiple essential security capabilities – asset discovery, vulnerability assessment, intrusion detection, behavioral monitoring, SIEM event correlation, and log management – in one unified console. This gives you everything you need to quickly identify, analyze, and respond to emerging threats–in one cost-effective and easy-to-use solution.

In addition, the AlienVault Labs Security Research Team works on your behalf to research the latest global threats and vulnerabilities, and delivers threat intelligence updates continuously into the USM platform. That way, you get the assurance of an always-up-to-date and optimally performing security monitoring solution, even without a dedicated in-house security team.

AlienVault Labs leverages threat intelligence from the Open Threat Exchange® (OTX™)—the world’s largest open threat intelligence community of security experts, researchers, and IT professionals worldwide who provide global insight into the latest attack trends, bad actors, indicators of compromise, and affected industries.

Focus on the Threats That Matter Right Now

  • Use the Kill Chain Taxonomy to quickly assess and prioritize your threat response
  • Make informed decisions with contextual data about attacks, including a description of the threat, its method and strategy, and recommendations on response

Get Compete Threat Visibility with All-in-One Security Essentials

  • Achieve multi-layered intrusion detection for your on-premises, cloud, and hybrid environments using the USM platform’s built-in host-, network-, and cloud-based intrusion detection systems
  • Easily search and analyze threats with a consolidated view of your assets, vulnerabilities, and malicious activities in your environment
  • Eliminate your security blind spots by aggregating and correlating events from all your devices, servers, and applications, as well as monitoring user and administrator activities

Stay Vigilant with Continuous Threat Intelligence Delivered

  • Receive continuous threat intelligence updates from AlienVault Labs Security Research Team
  • Leverage threat data from the world’s largest open threat intelligence community—OTX

Focus on the Threats that Matter Right Now

With the constantly evolving nature of the threat landscape, it can be difficult—especially with limited resources—to address every incident and alert that occurs in and across your on-premises, cloud, and hybrid environments. Instead, you must be able to cut through the clutter of alerts and false positives to effectively prioritize your threat detection and response activities.

AlienVault USM helps you to quickly assess and prioritize the most severe threats facing your environment. The USM platform uses the Kill Chain Taxonomy to categorize threats by severity in a highly visual and instantly recognizable way, so that you can immediately know which threats to focus on first. It also provides you with contextual information to help you understand attack intent and threat severity, based on how the threats are interacting with your environment.

  • System Compromise – Behavior indicating a compromised system. This is the most severe threat level.
  • Exploitation & Installation – Behavior indicating a successful exploit of a vulnerability or backdoor/RAT being installed on a system.
  • Delivery & Attack – Behavior indicating an attempted delivery of an exploit.
  • Reconnaissance & Probing – Behavior indicating a bad actor attempting to discover information about your network.
  • Environmental Awareness – Behavior indicating policy violations, vulnerable software, or suspicious communications.

Get Compete Threat Visibility with All-in-One Security Essentials

AlienVault USM provides multiple essential security capabilities to help identify, understand, and contain threats—all through a single pane of glass. With all security-related data about your assets, vulnerabilities, and intrusions centralized and easily searchable, and backed by threat intelligence from AlienVault Labs and OTX, you can investigate faster and respond sooner to risks and threats against your critical infrastructure.

Asset Discovery

  • Discovery of assets across on-premises, cloud, and hybrid environments
  • Identification of software & services deployed on each asset
  • Ability to group assets, supporting simplified monitoring and review

Vulnerability Assessment

  • Scans for vulnerabilities across all your monitored environments
  • Prioritization based on the severity of the vulnerability, so you can prioritize response
  • Indication of any available patches for identified vulnerabilities

Intrusion Detection

  • Cloud IDS (CIDS)
  • Network IDS (NIDS)
  • Host IDS (HIDS)

AlienVault USM delivers multi-layered IDS for your cloud, hybrid cloud, and on-premises environments threat detection needs. Built-in network intrusion detection (NIDS), host intrusion detection (HIDS), and native cloud intrusion detection (CIDS) capabilities work in concert, giving you comprehensive intrusion detection across your entire IT landscape and eliminating your security blind spots.

Behavioral Monitoring

  • Monitor cloud access and activity logs (Azure: Monitor, AWS: CloudWatch, CloudTrail, S3, ELB, VMware and Hyper-V access logs)
  • Monitor user and administrator activities on systems and applications, including Okta, Active Directory, Office 365, and G Suite
  • AWS VPC Flow Monitoring

Incident Response Guidance

  • Review context on the threat, including details on strategy, method, and actor
  • See enriched information on the incident from the Open Threat Exchange (OTX), with links to ‘pulses’ from the OTX community
  • Review the affected asset, including details about what software and services are installed, and any other related vulnerabilities and alarms
  • Identify the destination IP address or domain to which communications are being passed (e.g. a Command & Control Server)
  • Recommended actions to take for further investigation and threat containment

SIEM & Log Management

  • Event correlation by graph-based machine learning and finite-state machine (FSM) correlation engines
  • Integrated threat intelligence, including updated correlation directives, from AlienVault Labs Security Team, and the AlienVault Open Threat Exchange (OTX)
  • Aggregation of logs from all devices, servers, and applications across your on-premises, cloud, and hybrid environments
  • Up to 90 days of searchable events stored within fast, Elasticsearch storage
  • At least 12-months of raw log retention
alienvault labs

Actionable Threat Intelligence Delivered Directly to You

Most teams don’t have unlimited resources to research the latest threats in the wild. That’s why the AlienVault Labs Security Research Team works on your behalf to scour the global threat landscape for emerging latest attack methods, bad actors, and vulnerabilities that could impact your security. This team analyzes hundreds of thousands of threat indicators daily and delivers continuous threat intelligence updates automatically to your USM environment, in the form of actionable IDS signatures, correlation rules, remediation guidance, and more. With this integrated threat intelligence subscription, you always have the most up-to-date threat intelligence as you monitor your environment for emerging threat.

To provide deeper and wider insight into attack trends and bad actors, the AlienVault Labs Security Research Team leverages the power of the Open Threat Exchange® (OTX™)—the world’s first truly open threat intelligence community. This community of security researchers and IT professionals collaborate and share millions of threat artifacts as they emerge “in the wild,” so you get global insight into attack trends and bad actors that could impact your operations.

Learn More About Threat Intelligence ›

Watch a Demo ›