A primary concern for many IT teams is detecting threats in the mountain of event data being generated every day.
Even a relatively small network can generate hundreds or thousands of events per second, with every system, application, and service generating events.
The sheer volume of data makes it virtually impossible to identify manually and link those few events that indicate a successful network breach and system compromise, before the exfiltration of data.
The AlienVault Unified Security Management (USM) platform is a solution to help IT teams with limited resources overcome the challenge of detecting threats in their network.
USM platform accelerates and simplifies your ability to detect, prioritize, and respond to the most critical threats targeting your network.
It enables any IT or security practitioner to see actionable results on day one and begin to improve their security posture immediately.
What can you do with USM?
All of USM's built-in security controls are pre-integrated and optimized to work together out of the box. This unified approach eliminates the need for IT teams to configure and maintain numerous security point products.
Within minutes of installing USM, the platform begins generating detailed alerts. Additionally, it provides valuable insights into the assets and threats on your network with the following technologies:
- Asset discovery
- Vulnerability assessment
- Intrusion detection
- Behavioral monitoring
- Security information and event management (SIEM)
- Integrated threat intelligence from AlienVault Labs
This insight provides visibility into the software installed on your devices, their configuration, any vulnerabilities, as well as the specific threats targeting them.
Armed with this detailed threat information, you can focus on responding to the threats instead of trying to collect and analyze the information manually.
Integrated Threat Intelligence
The integrated threat intelligence, powered by AlienVault Labs and the Open Threat Exchange™ (OTX), includes continuous updates to the built-in security controls as well as the latest information on emerging threats and bad actors.
The AlienVault Labs threat research team spends countless hours mapping out the different types of cyber attacks, the most recent threats, suspicious behavior, vulnerabilities and exploits they uncover across the entire threat landscape.
The team regularly delivers threat intelligence as a coordinated set of updates to the USM platform, which accelerates and simplifies threat detection and remediation.
OTX is the world's first truly open threat intelligence community that enables collective defense with actionable, community-powered threat data.
It alerts you whenever an indicator of compromise (IOC) related to a new or emerging threat documented in the OTX database is detected in their network.
OTX enables everyone in the OTX community to collaborate actively and strengthen their defenses while helping others do the same.
Integrate Data from Existing Security Tools
The USM platform's open architecture also enables you to utilize a much wider range of network and security data if you wish.
You can integrate security events from 3rd party tools, utilizing the extensive plugin library, or create custom plugins for unique applications running on your network.
Simplify Regulatory Compliance Requirements
AlienVault USM automatically identifies significant audit events that warrant immediate action. From file integrity monitoring to IDS to log management, USM makes compliance easier.
Not only does it provide the tools IT teams with limited resources need to be compliant, but USM also gathers the information and generates the reports to give to auditors.
Additionally, USM includes a report library that provides flexible reporting and executive dashboards that make compliance measurement, reporting, and audits less painful.
USM allows you to demonstrate to auditors and management that your incident response program is robust and reliable for a range of regulations and guidelines, including PCI DSS, HIPAA, ISO 27002, SOX, GPG13 and more.
The USM platform is also designed to meet a wide range of deployment requirements.
All of the AlienVault USM products are available in various models and form factors, based on size, scale, and configuration requirements.
You can quickly deploy AlienVault USM – as a dedicated hardware appliance, a virtual appliance, or as a cloud appliance within the Amazon AWS environment.
- For one location, you can deploy a single USM All-in-One tool. The All-in-One appliance consolidates all USM functions into a single hardware or virtual appliance for reduced complexity and rapid deployment.
- All event logs are forwarded to a single USM All-in-One appliance for collection, aggregation, analysis, correlation and reporting.
- For larger networks, multiple locations, or locations with a high volume of events and/or performance requirements, you will want to deploy separate USM Standard or Enterprise components, either hardware or virtual appliances, to benefit from the improved performance.
- Server – Aggregates and correlates information gathered by the Sensors, and provides single-pane-of-glass management, reporting, and administration.
- Logger – Securely archives raw event log data for forensic investigations and compliance mandates.
- Sensor – Deploys throughout the network to collect logs to provide the five essential security capabilities you need for complete visibility.
- There is also a version of AlienVault USM or AWS that is built for the Amazon "shared responsibility" security model.
The AWS-native USM for AWS maximizes visibility into potential threats and misconfigurations and makes it easy to use built-in AWS security features like CloudTrail and Security Groups.