In today’s dynamic and evolving threat environment, busy IT security teams don’t have the time or resources to do threat analysis of emerging threats on their own. Instead, they turn to AlienVault Labs Security Research Team to do the research for them with continuous Threat Intelligence updates that are fully integrated into the AlienVault® Unified Security Management® (USM) platform for threat assessment, detection, and response.
Your AlienVault USM platform receives updates every 30 minutes from the AlienVault Labs. This dedicated team spends countless hours analyzing the different types of attacks, emerging threats, suspicious behavior, vulnerabilities and exploits they uncover across the entire threat landscape.
Ownership of both the built-in data sources and the management platform that make up the USM platform gives AlienVault a unique advantage over other security point products. Providing predictable data sources enables our threat research team to have a comprehensive understanding of the interactions between the different data types being collected, correlated and analyzed. This in-depth knowledge enables us to engineer the USM platform to provide effective security controls and seamlessly integrated threat intelligence for any environment.
AlienVault Labs Threat Intelligence drives the USM platform’s threat assessment capabilities by identifying the latest threats, resulting in the broadest view of threat vectors, attacker techniques and effective defenses. Unlike single-purpose updates focused on only one security control, AlienVault Labs regularly delivers eight coordinated rule set updates to the USM platform. These updates eliminate the need for you to spend precious time conducting your own research on emerging threats, or on alarms triggered by your security tools. These rule sets maximize the efficiency of your security monitoring program by delivering the following updates directly to your AlienVault USM™ installation:
IT teams of all sizes suffer from having too much security event data and not enough actionable threat intelligence. Many security tools generate a steady stream of alerts about important (and not so important) activity, causing IT teams to sacrifice their valuable time by trying to manually correlate disparate activity in their log files. They dig through thousands of seemingly innocuous events, hoping to find those few indicators that can signify system compromise or data breach. At the same time, attack techniques have become more sophisticated, making breaches harder to detect.
Logs carry important information such as what your users are doing, what data they are accessing, the performance of your systems and overall network health. They will also contain evidence of system compromise and data exfiltration, if you know where to look. However, reading raw logs isn’t easy, for several reasons, including:
AlienVault USM solves these problems with its powerful correlation engine. Our extensive and growing library of pre-built correlation directives continuously analyze event data to identify potential security threats in your network. USM automatically detects and links behavior patterns found in disparate yet related events generated across different types of assets, telling you what are the most significant threats facing your network right now.
With this easily consumable threat intelligence fueling your USM platform, you’ll be able to detect the latest threats and prioritize your response efforts. Specifically, you’ll extend your security program with:
Identifies infection, compromise, and misuse of corporate assets
Prevents leakage of sensitive and proprietary data
Identifies compromised systems communicating with malicious actors
Prioritizes response efforts by identifying known bad actors and infected sites
Detects targeted attacks often missed by other defenses
Provides customized instructions on how to respond and investigate each alert
Using a wide range of collection techniques, including advanced sandboxing to quarantine malware samples, the AlienVault Threat Research team analyzes over 10 million unique security artifacts every day. This analysis provides key insights into the latest attacker tools and techniques.
Our global honeypots are essentially “virtual venus fly traps” set up to detect, capture, and analyze the latest attacker techniques and tools. Leveraging the insight gained by honeypots placed in high traffic networks, our AlienVault Labs team arms our USM customers with the latest defensive strategies in the form of updated event correlation rules, IDS and vulnerability signatures, and more.
We’re constantly monitoring hacker forums and underground networks for in-depth profiling of the common traits of cyber criminals. This information gives us unparalleled access for understanding the “attack horizon” and has resulted in major discoveries such as the evolution of Sykipot, Red October, and other malware outbreaks.
Thanks to the broad reach of our threat intelligence sharing community, we’ve been able to establish strong connections with state agencies around the world, academic researchers and other security vendors. These relationships enable us to get access to pre-published vulnerability and malware updates as well as enhanced verification of our own research. By gathering community-powered threat intelligence from a diverse installed base that is spread across many industries and countries and composed of organizations of all sizes, we’re able to shrink an attacker’s ability to isolate targets by industry or organization size.