Find, Verify, & Remove Vulnerabilities Rapidly

Vulnerability Assessment Software

Watch Vulnerability Assessment Best Practices

AlienVault Unified Security Management™ (USM)

AlienVault USM™ provides built-in vulnerability assessment with the essential capabilities you need for complete security visibility and threat intelligence, all in one easy-to-use console.

This page will help you understand how USM enables you to:

  • Get built-in vulnerability assessment capabilities
  • Scan and monitor for new vulnerabilities continuously
  • Prioritize and remediate vulnerabilities more effectively
  • Gain complete security visibility and threat detection
  • Detect the latest threats with continuous threat intelligence

Download A Free Trial

Get Immediate Results on Day One

  • Deploy quickly:
    Start using in less than one hour
  • Auto-discover asset information:
    Collect device, software, config, vulnerability, and active threat data
  • Get actionable threat intelligence:
    See prioritized threats, detailed context, and remediation guidance

2 Million
records were put at risk in a breach involving keylogging
software. The attack affected at least 93,000 websites –
including brand names like ADP, Facebook, Gmail,
LinkedIn, Twitter, Yahoo, and more.

Vulnerability Assessment Built-In

Find, Prioritize, and Fix Security Risk Fast

Vulnerability assessment starts with Asset Discovery, which helps you target the vulnerability scan. You can granularly define the vulnerability scan to specific network segments and assets of interest. Scans can be either done ad-hoc or scheduled on regular intervals. With the number of vulnerabilities discovered rising, and difficulties in keeping up with patches and security updates, it is important to prioritize your remediation efforts. AlienVault USM can report on scanning results regularly to management to assist in prioritizing remediation. USM includes built-in vulnerability assessment, and filters through the noise of false positives and vulnerabilities that of lesser importance
 and allows you to focus on risks that truly matter to your business.

Understand your network before scanning.

USM provides auto-discovered detailed asset information to help you with this work. Vulnerability scans, at a minimum, should be focused on externally-accessible assets that are of value to your business.

Scanning and reporting can be done on-demand, in response to an incident, or scheduled.

USM allows you to schedule vulnerability scans on a flexible basis, such as hourly, weekly or monthly. In addition, you can scan more important network segments or groups more regularly. USM also provides flexible reporting, which can be done ad-hoc, or on a scheduled basis to be sent to email addresses you specify.

Vulnerabilities scanning needs to provide you actionable information.

Finding, verifying, and fixing vulnerabilities is a constant battle for IT. AlienVault USM helps by providing not only vulnerability scanning and assessment, but also details about the vulnerabilities. Having the view to external threat information, such as information on known malicious IPs provided with Open Threat Exchange™ is helpful in prioritizing remediation. In addition, AlienVault's USM integrated Host and Network IDS and SIEM provide rich contextual information to help with incident response.

Vulnerability information adds context for security incident response.

As a security incident unfolds, you will be able to run vulnerability scans on-the-fly to help determine if you are vulnerable for exploits occurring. You will also be able to see the last scan results across your assets, to assist in incident response. You can see vulnerability and asset information conveniently display in a single console with USM.

Continuous Vulnerability Monitoring
and Assessment

AlienVault's USM built-in functionality provides a continuous means for identifying insecure configurations, unpatched and unsupported software. USM provides various options to implement vulnerability assessment. You can mix and match these methods as well. For example, you may wish to run authenticated scans on compliance-related assets and throttle back to passive vulnerability assessment on low risk assets where reducing network traffic matters more than validating stringent security configurations.

In addition to flexibility in implementing vulnerability assessment, USM software also encourages a continuous process of vulnerability management by providing scheduled scans at frequent intervals, such as daily or weekly. In this way, you can keep on top of the changing threat landscape.

Traditional active network scanning

USM supports this approach commonly taken by vulnerability assessment tools, where it actively probes hosts using carefully crafted network traffic to illicit a response. This can be viewed as "probing" for suspected vulnerabilities in IT assets.

Continuous vulnerability monitoring

USM supports this approach as well. It is also known as passive vulnerability detection. USM correlates the data gathered by its asset discovery scans with known vulnerability information for improved accuracy. This provides valuable vulnerability information while minimizing network noise and system impact.

Unauthenticated scanning

USM is able to conduct scanning without requiring host credentials. This scan probes hosts with targeted traffic and analyzes the subsequent response to determine the configuration of the remote system and any vulnerabilities in installed OS and application software

Authenticated scanning

USM is able to conduct scanning on an authenticated basis. This entails access to the target host’s file system, to be able to perform more accurate and comprehensive vulnerability detection by inspecting the installed software and its configuration. For example, with Windows servers you can access registry keys and files, looking for traces of infiltration.

Prioritize and Remediate

Do It More Effectively With USM

IT risk cannot be prevented 100% - it can only be mitigated. The old fashioned "check list" approach of simply finding huge numbers of vulnerabilities and presenting a report of them is only part of the task. With the complexity of IT and the rapidly changing threat landscape, it is also critically important to prioritize remediation.

To complicate matters further, all vulnerabilities are not equal - some are of higher impact in terms of their destructive capabilities. Similarly, all assets are not equal - some are more business critical. All of this needs to be factored in to prioritize your remediation efforts. For example, you may have a high impact vulnerability on a low risk system (perhaps disconnected from the internet) that may be less important to remediate than a medium impact vulnerability on a high risk system (perhaps in the DMZ.)

Remediating vulnerabilities almost always has an impact on IT Operations and your users.

Remediation is typically done with OS and application patching, downloading security updates and providing workarounds to avoid the vulnerability. These remediation actions can be inconvenient to your users at the least, and may impact your business.

The unified and coordinated capabilities of USM work in concert with vulnerability assessment.

USM helps prioritize remediation with multiple technologies beyond simple vulnerability assessment: Host and Network Intrusion Detection Systems (IDS), Asset Discovery, netflow and Security Information and Event Management (SIEM.) Vulnerabilities must be exposed to threats in order to be exploited. With USM, you are aware when a vulnerable asset is actually exposed to threats.

USM provides remediation advice for vulnerabilities that are found.

It includes dynamic incident response templates and 3rd party references to help you figure out how to remediate vulnerabilities that a scan may find. This advice saves you time looking up each vulnerability and tracking down this information yourself. In addition, the advice is vetted by AlienVault Labs and kept up-to-date.

"False positives" or "false alarms"

are another problem that USM software addresses. There are certain vulnerabilities that IT is well aware of, and they have been deemed to not be an issue. USM allows these known vulnerabilities to be suppressed from correlation and reporting, saving management time.

AlienVault USM can send email to people, open a ticket in the built-in ticketing system, or send an email to an external help desk / ticketing system.

It can also be configured to execute a script to take automated actions, which is appropriate in some situations. AlienVault's built-in software ticketing system creates trouble tickets from vulnerability scans and alarms. These tickets specify who owns the remediation, the status and descriptive information. The tickets also provide a historical record of issues handled, as well as the capability to transfer tickets, assign them to others and push work to other groups.

With USM you can view

updated vulnerability reports, kick off new vulnerability scans, generate tickets, and conduct false positive analysis – all through a single console. This console provides the prioritized actionable information to allow you manage risk to your IT assets most effectively.

AlienVault Unified Security Management

Vulnerability Assessment Plus Other Essential Security Tools

Single-purpose vulnerability scanning tools are valuable, but USM provides the overall security visibility they lack.

Faster Deployment Time

Go from install to insights in less than an hour with USM. All of the built-in security controls are pre-integrated and optimized to work together out of the box.

Low Administrative Overhead

Deploy and manage your IDS, HIDS, WIDS, SIEM, and more from the same console.

Tuned Event Correlation

With the core data sources are already built-in, our 1600 event correlation rules are already "fine tuned" and optimized, right out of the box.

Full Packet Capture

Any packet that triggers an IDS signature is automatically captured and displayed with the IDS event. Session monitoring and full packet capture can then be invoked for more extensive forensic investigation.

Reduced False Positives

IDS are notorious for "false positives" where events seem to indicate an intrusion, but are actually harmless. AlienVault USM identifies false positives by cross-correlating multiple security tools, including asset inventory, IDS, vulnerability scanning, behavioral analysis and visibility to netflow data.

Full Threat Context

All you need to know about an incident is captured in each alarm, including asset information (such as OS, software, identity), vulnerability data, visibility to netflow data, raw log data, and more.

Actionable Alarms

Each alarm provides step-by-step guidance on interpreting the threat, and how to contain it and respond.

Continually Updated Signatures and Rules

Continuous and coordinated updates to catch the latest threats.

Global Threat Intelligence, Localized for You

Utilize Global Threat Intelligence Automatically

Attacks morph over time and new exploits are discovered every day. AlienVault Labs
does the heavy lifting for you, with a variety of collection and analysis techniques,
continually updating your USM installation continually with new signatures, rules,
reports, and plug ins.

Daily Malware Analysis

Using advanced sandboxing techniques to quarantine malware 
samples while we conduct static and dynamic analysis, we analyze over 500,000 unique malware samples every day. This analysis provides key insights into the latest attacker tools and techniques.

Honeypot Deployment and Analysis

Our global honeypots are essentially “virtual venus fly traps” set up to detect, capture, and analyze the latest attacker techniques and tools. Leveraging honeypots placed in high traffic networks, our threat intelligence subscribers are armed with the latest defensive strategies in the form of updated event correlation rules, IDS and vulnerability signatures, and more.

Attacker Profile Analysis

We’re constantly monitoring hacker forums and underground networks for in-depth profiling of the common traits of cyber criminals. This information gives us unparalleled access for understanding the “attack horizon” and has resulted in major discoveries such as the evolution of Sykipot, Red October, and other malware outbreaks.

Threat Intelligence Collaboration

We’ve been able to establish strong connections with state agencies around the world, academic researchers and other security vendors. These relationships enable us access to pre-published vulnerability and malware updates as well as enhanced verification of our own research.

8,000+ Collection points in more than 140 countries
500,000 Unique malware samples analyzed
every day

Attack Alarms and Investigation

Investigate Root Cause Faster Than Ever

Instantly know the who, what, where, when and how of attacks – no matter where they originate.

Actionable Alarms

AlienVault USM includes several different security monitoring technologies to gather information on a variety of threat vectors and because we have access to everything you need to know about an asset you can get to root cause faster than ever.

Risk Prioritization

AlienVault Labs Threat Intelligence applies more than 1600 event correlation rules against the raw event log data we collect, as well as the events triggered by our built-in intrusion detection software. This enables rapid, accurate, and actionable guidance that interprets the severity of the exposure based on the full threat context.

Attack Categorization

Each alarm is categorized by the intent of the attacker for effective prioritization, so you know which events to focus on for deeper investigation and analysis.


In terms of remediation, AlienVault USM can notify people via email, open a ticket in the built-in ticketing system, or integration with an external help desk / ticketing system. It can also be configured to execute a script to take automated and custom actions, based on your environment. USM's built-in software ticketing system creates trouble tickets from vulnerability scans and alarms. These tickets specify who owns the remediation, the status and descriptive information. The tickets also provide a historical record of issues handled, as well as the capability to transfer tickets, assign them to others and push work to other groups.

Step-by-Step Investigation Instructions

AlienVault Labs provides specific, contextual guidance on what to do when an alarm is triggered, so you can contain and investigate the incident quickly.

Free Trial Demo Get Price ChatNeed help?