PCI DSS

Vulnerability Management

AlienVault® Unified Security Management™ (USM™) supports the entire vulnerability management lifecycle with all-in-one essential security capabilities and continuous threat intelligence updates from AlienVault Labs.

Watch a 90-Second Demo

Trusted by thousands of customers.

Bumble Bee TunaCareer BuilderDole FoodsHyattPappas RestaurantsSubaruAmy'sU.S. Air ForceOklahoma UniversityTHSBZioskSave Mart SupermarketsHigh Plains BankEpsilon Systems SolutionsPeet's Coffee and TeaPepco Holdings IncLifespan BioscienceThe New York TimesArcos Dorados HoldingsBluegrass CellularBank of IrelandHays Medical CenterTaylor-MorrisonPolitie Dutch National PoliceNational Film Board of CanadaRichland Washington School DistrictInternational Currency ExchangeDelta SonicShake ShackParking PandaJobReadyIn-n-Out BurgersSubaruBrookfield ZooSouthwest BankCintraCity of FargoRainforest AllianceHSB

Vulnerability Management is Never "Done"

Vulnerability management is an ongoing process of identifying the vulnerabilities or “holes” in your network and fixing them before attackers can exploit them to cause damage or to steal your organization’s data.

New vulnerabilities emerge as your IT landscape evolves, often introduced by system flaws, configuration errors, unauthorized software installs, insecure endpoint devices, delayed software or OS updates, and much more. Thousands of vulnerabilities are discovered every year, requiring never-ending security updates, patches, and other fixes across network servers and devices.

Like most essential network security work, running your organization’s vulnerability management program can quickly become a full-time job. Yet, most IT teams don’t have dedicated resources who can constantly scan and monitor their environments for vulnerabilities, correlate those vulnerabilities with threat intelligence and real-world attacks, and prioritize and manage remediation as part of a larger IT security program.

But, that’s okay.

AlienVault USM is designed to help IT and security teams efficiently run their threat and vulnerability management programs with an all-in-one unified security platform. USM combines five essential security capabilities, including asset discovery and inventory, vulnerability assessment, intrusion detection, behavioral monitoring, and SIEM and log management, all on a single, easy-to-use platform. With it, you can manage the entire vulnerability lifecycle with ease.

With integrated threat intelligence delivered from AlienVault Labs and the AlienVault Open Threat Exchange (OTX), you can view your vulnerability landscape through the lens of real-world attacks and exploits against vulnerabilities on your critical assets. This allows you to make threat-based decisions about how to respond.

Boost your vulnerability management capabilities with all-in-one security essentials

  • Identify assets on your network with built-in asset discovery and inventory tools
  • Schedule scans and monitor your assets for new vulnerabilities and weaknesses
  • Know which vulnerabilities are actually being exploited with built-in intrusion detection

Align your response with real-world threat intelligence from AlienVault Labs and OTX

  • Know which of your vulnerabilities are being exploited in real-world attacks and how
  • Get the assurance of vulnerability signature updates delivered continually as new vulnerabilities are identified

Manage every step of the vulnerability lifecycle from a single pane of glass

  • Establish a baseline of your environment with regularly scheduled, automated scans
  • Prioritize your response plan to deal with the most critical assets and the biggest threats first
  • Validate resolution with a continuous cycle of scanning and remediation verification

Boost Your Vulnerability Management Capabilities
with All-in-One Security Essentials

AlienVault USM goes beyond traditional security tools to give you the most complete and accurate view of your vulnerability landscape. It combines five essential security capabilities on a unified platform, so you have all of the information you need in one location to manage vulnerabilities and prioritize your response.

Discover what’s connected to your network
Vulnerability management begins with asset discovery and inventory, one of the five essential security capabilities in USM. Before you can identify the vulnerabilities on your network, you have to look at what’s connected to your network at any given moment. USM uses multiple advanced technologies to identify your connected devices, as well as the operating systems and services installed on them. Because assets may periodically connect and disconnect from a network, USM continuously scans for assets, giving you a complete and accurate view of your asset inventory at all times.

Your asset inventory creates a foundation for your vulnerability management processes and ensures that you are able to run vulnerability scans on all of the discoverable assets on your network, including network devices, virtualized assets, and even rogue assets that you are not aware of.

Continuously scan and monitor your assets for vulnerabilities
AlienVault USM continuously scans and monitors your assets to look for misconfigured or unpatched systems and software, policy violations, malware, and other security issues that can leave your network vulnerable to attacks. With USM, you can easily customize your vulnerability scans in a point-and-click way, selecting the scan frequency, network segments or locations, asset groups, scanning methods, depth of probe, and more. You can schedule scans to run automatically as well as on demand, for example, to validate a recent fix or patch.

Know which vulnerabilities are being exploited with intrusion detection tools
AlienVault USM leverages a built-in network intrusion detection system (NIDS) and a host intrusion detection system (HIDS) that identify malicious traffic and patterns of behavior in your network environment. On their own, NIDs and HIDs tools work effectively to get your attention when something suspicious or anomalous occurs. But, when used as part of a unified security solution like USM, these tools give you critical information about the vulnerabilities on your network that are actually under attack. With it, you can take swift action to mitigate the threat and prevent further exploitation of highly targeted vulnerabilities on your critical systems.

Align Your Response with Real-World Threat
Intelligence from AlienVault Labs and the
Open Threat Exchange

Let’s be honest – you have more vulnerabilities on your network than you can possibly patch. Also, it is not always feasible to bring your information systems down to resolve less important vulnerabilities. Without the time or resources to fix every security gap in your network environment, you have to decide which vulnerabilities require immediate action and which ones can be left exposed. How do you make this decision?

Today, it’s no longer sufficient to prioritize remediation and mitigation activities on a simple high-to-low basis. You need real-world threat intelligence to make informed decisions.

Threat intelligence from AlienVault Labs and the AlienVault Open Threat Exchange is delivered directly to your USM environment continuously as vulnerabilities are discovered in the wild, so you always have the latest threat data at your fingertips while evaluating vulnerabilities as well as the vulnerable assets on your network.

Backed by the power of AlienVault Labs and OTX, USM gives you the assurance of an always-up-to-date security solution. We continuously deliver updated vulnerability signatures, so you can work efficiently to reduce your attack surface and prevent threats against your network even as new vulnerabilities continue to emerge.

Manage Every Step of the Vulnerability Lifecycle
from a Single Pane of Glass

Attackers look for the easiest way possible to enter your network environment. Most often, that entrance is through a known vulnerability that was never properly patched or fixed, effectively leaving the door wide open to intruders.

When a threat occurs, IT and security professionals must look at every step in the vulnerability lifecycle to understand where and why the process failed. There are many reasons why smart organizations fail to fix a vulnerability before it’s exploited –

  • The vulnerability emerged between quarterly scans and wasn’t discovered until after it was exploited.
  • They did not consider the significance of the vulnerable asset and did not prioritize its remediation accordingly.
  • The lag time between the discovery of the vulnerability and the remediation action was too great, allowing an attacker to infiltrate.
  • They did not have a way to verify that the patch was completed by a different team responsible for it.
  • They did not have a way to validate that the patch correctly resolved the vulnerability.

With AlienVault USM, you can address these challenges and manage every step of the vulnerability lifecycle from a single pane of glass.

USM takes an asset-oriented approach to vulnerability lifecycle management. The all-in-one platform constantly scans your network environment to identify new assets, so you always have the most complete and accurate asset inventory available for your vulnerability scans. You can run vulnerability scans on specific asset groups, for example, business-critical assets or all assets in your home office. Because USM combines all asset and vulnerability information as well as threat intelligence from AlienVault Labs, you can prioritize your vulnerability response activities according to the significance of the vulnerable assets and any real-world exploits, rather than relying solely on a static high-to-low vulnerability scoring system.

For many reasons, it’s not always a best practice to respond immediately to your known vulnerabilities. For example, systems with high availability or low latency requirements cannot readily be taken offline to install a patch. Instead, mitigation becomes the best practice. With USM’s asset-oriented security, you gain the assurance of having complete visibility of the vulnerable asset, so you can monitor it closely from all angles to mitigate exploits until a resolution is available.

Finally, USM’s continuous vulnerability scanning and reporting capabilities enable you to verify and validate your vulnerability remediation activities in a simple and productive way.

Additional Resources

Browse all Resources

Get Price Free Trial Chat