Don't Be A Victim

Advanced Threat and Malware Detection

View 3-minute demo video of malware threat detection software

AlienVault Unified Security Management™ (USM) provides you complete security visibility by delivering three types of intrusion detection system (IDS) software, combined with all of the essential security tools built in and continuous threat intelligence updates from AlienVault Labs. Learn More

Download a Free Trial

  • Combines asset discovery, vulnerability assessment, IDS, SIEM, and netflow analysis in one console
  • Utilizes real-time insights from OTX™ based on crowd-sourced info on known malicious hosts
  • Stays current with continuous updates including new rule sets, signatures, reports, and more
  • Offers full threat context and step-by-step response guidance for attacks
  • Deploys and provides insights in less than an hour

Advanced Threat & Malware Detection Tools Built In

Catch Threats Anywhere Within Your Network

Attackers can be amazingly resourceful and persistent, changing tactics often to bypass IT security countermeasures. They have a clear advantage: they choose when to attack, how to attack, and are capable of surprising any prevention technology deployed. As a result, constant monitoring is required to detect and remediate malware.

With AlienVault Unified Security Management (USM) and Threat Intelligence with Open Threat Exchange (OTX), you have a fighting chance against attackers. USM provides a single console where you have visibility to assets and vulnerabilities, alarms on potential incidents, visibility to known external threats and forensics to investigate incidents after-the-fact.

Known and Unknown Malware Detection

AlienVault's built-in security tools and network monitoring capabilities provide visibility to exploits that unintegrated security tools won't catch. Whereas static "signature-based" anti-malware software used to be effective, this is not the case with polymorphic malware. Polymorphic malware is destructive software, such as a Trojan, virus, work or spyware that constantly changes. In addition, Zero-day malware is often only detected by noticing strange behavior on the network - making USM's built in network and behavioral analysis critical.

Web-Based Attack Detection

USM is particularly effective with Web-based attacks, such as SQL Injection and Cross-site scripting. SQL Injection exploits are used to extract sensitive information from websites. Dynamic web applications with SQL backends are likely to be vulnerable to this attack. Cross-site scripting allows attackers to manipulate web sites that they do not own. The purpose of the exploit is to compromise the user's local system to install malware or get information (such as hijacked cookies) so they can impersonate the user on another web site. USM continuously monitors for SQL Injection and Cross-Site scripting exploits.

The threat is not just to large organizations and enterprises

Small and medium businesses are very attractive targets, typically lacking security-proficient IT staff and typically not having budget for purchasing IT security countermeasures from traditional security vendors. According to Gartner, in 2012 50% of all targeted attacks were aimed at businesses with fewer than 2,500 employees. In fact, the largest growth area for targeted attacks in 2013 was businesses with fewer than 250 employees; 31% of all attacks targeted them. USM is an optimal product from small and medium businesses, since it's affordable and includes all the security tools needed, built-in and integrated.

AlienVault's Open Threat Exchange (OTX) provides crowd-sourced threat intelligence on the latest exploits worldwide.

OTX is tightly integrated with AlienVault’s USM to provide the full picture of activity on your network threat intelligence from outside of you network. USM uses this information to help you prioritize risk and focus your resources better, by correlating known malicious IPs with activities on network components such as firewalls, proxies, web servers, anti-virus systems, and intrusion detection systems. Malware can also be detected in transit over the network (as it is downloaded and installed onto a compromised host), or when it communicates back to its command and control servers. OTX integration is very helpful in identifying known malicious hosts acting as command and control servers.

of network intrusions exploit
weak or stolen credentials
of data breaches used some
form of hacking

Disparate Tools to Prevent Malware are Expensive and Ineffective

Vendors continue to offer you new types of prevention products, but they fail to deliver results against modern malware. Every emerging threat results in vendors jumping to provide products to plug the new hole. Vendors sell their prevention wares, only to have threats morph, and for the prevention products to fail.

Anti-virus and anti-malware products on the endpoint can only be called a "total fail".

Product offerings are spotty in their coverage, and even the best fails to protect against known exploits consistently. Add to that the issue that new threats are being delivered on an accelerating pace. The attacker has a clear advantage: they choose when to attack, how to attack, and are capable of surprising any prevention technology deployed. USM provides the needed constant monitoring to detect and remediate malware.

Scanning for known vulnerabilities in IT assets alone doesn't work.

There are a great many vulnerabilities to be dealt with, and limited resources to remediate known problems. Add to this zero day exploits, which are new exploits for which there is no known remediation. In addition, it is incredibly hard to assure all required updates are on all of your IT assets. Every patch, every update impacts your production network and user productivity. At the same time, operating systems and third party software providers require more and more patching to stay current. USM provides integrated vulnerability scanning and helps prioritize your remediation efforts.

Intrusion Detection Systems (IDS) generate a lot of false alarms and miss exploits.

Vendors have developed not only signature-based technologies, but also technologies that look for anomalous behavior rather than signatures. However, standalone IDS systems are notorious for false positives. The IDS can generate so many alarms that security practitioners to learn to ignore the noise. Even well-tuned, IDS products alone fail to produce adequate actionable information for IT security personnel to use. USM's integrated IDS is far more effective in identifying malware.

Security Information and Event Management (SIEM) can be difficult to deploy and integrate.

The SIEM attempts to provide the "single pane of glass" to view log information from network equipment, including firewalls, IDS findings, OS logs, database and application logs and log information from every IT asset. SIEMs are well known for requiring a large dedicated team of security professionals to deploy, configure, monitor and tune. While this might work passably well for the very largest financial institutions, the model does not work for small and medium businesses. USM's integrated SIEM comes pre-packaged with over 2,000 correlation directives and is grooved to the other integrated security tools, such as IDS.

“With AlienVault USM, we have one easy-to-view dashboard for all security threats and a single point to go to check system logs.”

Network Administrator,
Medium Enterprise Retail Company

“AlienVault USM allows us to see and respond to things we could not see before.”

Senior IT Manager,
Small Business Financial Services Company

“My all-in-one appliance has helped detect dozens of PC’s on my network that have viruses. It has also helped me to identify users who are using unauthorized software, like Dropbox.”

Security Officer,
Large Enterprise Transportation Services Company

“A single [view] of information is critical for our ability to discover, respond and resolve an issue as quickly as possible. AlienVault’s ability to collect information from every resource—even data we could not view previously—has changed the way we support our community.”

Greg Bartholomew,
Director of Networking/Systems Operations, University of New Haven

AlienVault Unified Security Management

Providing the vigilance you need against modern malware

In order to address today's rapidly changing threat landscape, you need unified and integrated security management. AlienVault USM delivers a complete view into the security of your environment by combining SIEM and intrusion detection software with automated asset discovery, vulnerability information, netflow analysis, log management and visibility to known malicious hosts. These integrated security tools help reduce the "noise" that you can experience with your security tools by correlating information from diverse sources, determining which threats are legitimate and providing actionable information to remediate threats.

Faster Deployment Time

Go from install to insights in less than an hour with USM. All of the built-in security controls are pre-integrated and optimized to work together out of the box.

Low Administrative Overhead

Deploy and manage your IDS, HIDS, WIDS, SIEM, and more from the same console.

Tuned Event Correlation

With the core data sources are already built-in, our 1600 event correlation rules are already "fine tuned" and optimized, right out of the box.

Packet Capture

Any packet that triggers an IDS signature is automatically captured and displayed with the IDS event. Session monitoring and full packet capture can then be invoked for more extensive forensic investigation.

Reduced False Positives

IDS are notorious for "false positives" where events seem to indicate an intrusion, but are actually harmless. AlienVault USM identifies false positives by cross-correlating multiple security tools, including asset inventory, IDS, vulnerability scanning, behavioral analysis and visibility to netflow data.

Full Threat Context

All you need to know about an incident is captured in each alarm, including asset information (such as OS, software, identity), vulnerability data, visibility to netflow data, raw log data, and more.

Actionable Alarms

Each alarm provides step-by-step guidance on interpreting the threat, and how to contain it and respond.

Continually Updated Signatures and Rules

Continuous and coordinated updates to catch the latest threats.

Global Threat Intelligence, Localized for You

Utilize Global Threat Intelligence Automatically

Attacks morph over time and new exploits are discovered every day. AlienVault Labs
does the heavy lifting for you, with a variety of collection and analysis techniques,
continually updating your USM installation continually with new signatures, rules,
reports, and plug ins.

Daily Malware Analysis

Using advanced sandboxing techniques to quarantine malware 
samples while we conduct static and dynamic analysis, we receive over 1,000,000 unique threat indicators every day. This analysis provides key insights into the latest attacker tools and techniques.

Honeypot Deployment and Analysis

Our global honeypots are essentially “virtual venus fly traps” set up to detect, capture, and analyze the latest attacker techniques and tools. Leveraging honeypots placed in high traffic networks, our threat intelligence subscribers are armed with the latest defensive strategies in the form of updated event correlation rules, IDS and vulnerability signatures, and more.

Attacker Profile Analysis

We’re constantly monitoring hacker forums and underground networks for in-depth profiling of the common traits of cyber criminals. This information gives us unparalleled access for understanding the “attack horizon” and has resulted in major discoveries such as the evolution of Sykipot, Red October, and other malware outbreaks.

Threat Intelligence Collaboration

We’ve been able to establish strong connections with state agencies around the world, academic researchers and other security vendors. These relationships enable us access to pre-published vulnerability and malware updates as well as enhanced verification of our own research.

26,000+ Participants in more than 140 countries
1,000,000+ Threat indicators submitted every day

Attack Alarms and Investigation

Investigate Root Cause Faster Than Ever

Instantly know the who, what, where, when and how of attacks – no matter where they originate.

Actionable Alarms

AlienVault USM includes several different security monitoring technologies to gather information on a variety of threat vectors and because we have access to everything you need to know about an asset you can get to root cause faster than ever.

Risk Prioritization

AlienVault Labs Threat Intelligence applies more than 2,000 event correlation rules against the raw event log data we collect, as well as the events triggered by our built-in intrusion detection software. This enables rapid, accurate, and actionable guidance that interprets the severity of the exposure based on the full threat context.

Attack Categorization

Each alarm is categorized by the intent of the attacker for effective prioritization, so you know which events to focus on for deeper investigation and analysis.


In terms of remediation, AlienVault USM can notify people via email, open a ticket in the built-in ticketing system, or integration with an external help desk / ticketing system. It can also be configured to execute a script to take automated and custom actions, based on your environment. USM's built-in software ticketing system creates trouble tickets from vulnerability scans and alarms. These tickets specify who owns the remediation, the status and descriptive information. The tickets also provide a historical record of issues handled, as well as the capability to transfer tickets, assign them to others and push work to other groups.

Step-by-Step Investigation Instructions

AlienVault Labs provides specific, contextual guidance on what to do when an alarm is triggered, so you can contain and investigate the incident quickly.

Free Trial Demo Get Price ChatNeed help?