Subscribe to our newsletters
Sign Up

The Hacker News — Cyber Security, Hacking, Technology News

Sunday, December 20, 2015 Wang Wei

alienvault-unified-security
As organizations expand their IT infrastructure to match their evolving business models and meet changing regulatory requirements, they often find that their networks have become extremely complex and challenging to manage.

A primary concern for many IT teams is detecting threats in the mountain of event data being generated every day.

Even a relatively small network can generate hundreds or thousands of events per second, with every system, application, and service generating events.

The sheer volume of data makes it virtually impossible to identify manually and link those few events that indicate a successful network breach and system compromise, before the exfiltration of data.

The AlienVault Unified Security Management (USM) platform is a solution to help IT teams with limited resources overcome the challenge of detecting threats in their network.

USM platform accelerates and simplifies your ability to detect, prioritize, and respond to the most critical threats targeting your network.

It enables any IT or security practitioner to see actionable results on day one and begin to improve their security posture immediately.

What can you do with USM?


All of USM’s built-in security controls are pre-integrated and optimized to work together out of the box. This unified approach eliminates the need for IT teams to configure and maintain numerous security point products.

Within minutes of installing USM, the platform begins generating detailed alerts. Additionally, it provides valuable insights into the assets and threats on your network with the following technologies:
  • Asset discovery
  • Vulnerability assessment
  • Intrusion detection
  • Behavioral monitoring
  • Security information and event management (SIEM)
  • Integrated threat intelligence from AlienVault Labs
This insight provides visibility into the software installed on your devices, their configuration, any vulnerabilities, as well as the specific threats targeting them.

Armed with this detailed threat information, you can focus on responding to the threats instead of trying to collect and analyze the information manually.

Integrated Threat Intelligence


The integrated threat intelligence, powered by AlienVault Labs and the Open Threat Exchange™ (OTX), includes continuous updates to the built-in security controls as well as the latest information on emerging threats and bad actors.

The AlienVault Labs threat research team spends countless hours mapping out the different types of cyber attacks, the most recent threats, suspicious behavior, vulnerabilities and exploits they uncover across the entire threat landscape.

The team regularly delivers threat intelligence as a coordinated set of updates to the USM platform, which accelerates and simplifies threat detection and remediation.

OTX is the world’s first truly open threat intelligence community that enables collective defense with actionable, community-powered threat data.

It alerts you whenever an indicator of compromise (IOC) related to a new or emerging threat documented in the OTX database is detected in their network.

OTX enables everyone in the OTX community to collaborate actively and strengthen their defenses while helping others do the same.

Integrate Data from Existing Security Tools


The USM platform’s open architecture also enables you to utilize a much wider range of network and security data if you wish.

You can integrate security events from 3rd party tools, utilizing the extensive plugin library, or create custom plugins for unique applications running on your network.


Simplify Regulatory Compliance Requirements


AlienVault USM automatically identifies significant audit events that warrant immediate action. From file integrity monitoring to IDS to log management, USM makes compliance easier.

Not only does it provide the tools IT teams with limited resources need to be compliant, but USM also gathers the information and generates the reports to give to auditors.

Additionally, USM includes a report library that provides flexible reporting and executive dashboards that make compliance measurement, reporting, and audits less painful.

USM allows you to demonstrate to auditors and management that your incident response program is robust and reliable for a range of regulations and guidelines, including PCI DSS, HIPAA, ISO 27002, SOX, GPG13 and more.

Deployment flexibility


The USM platform is also designed to meet a wide range of deployment requirements.

All of the AlienVault USM products are available in various models and form factors, based on size, scale, and configuration requirements.

You can quickly deploy AlienVault USM – as a dedicated hardware appliance, a virtual appliance, or as a cloud appliance within the Amazon AWS environment.
  • For one location, you can deploy a single USM All-in-One tool. The All-in-One appliance consolidates all USM functions into a single hardware or virtual appliance for reduced complexity and rapid deployment.
  • All event logs are forwarded to a single USM All-in-One appliance for collection, aggregation, analysis, correlation and reporting.
  • For larger networks, multiple locations, or locations with a high volume of events and/or performance requirements, you will want to deploy separate USM Standard or Enterprise components, either hardware or virtual appliances, to benefit from the improved performance.
    • Server – Aggregates and correlates information gathered by the Sensors, and provides single-pane-of-glass management, reporting, and administration.
    • Logger – Securely archives raw event log data for forensic investigations and compliance mandates.
    • Sensor – Deploys throughout the network to collect logs to provide the five essential security capabilities you need for complete visibility.
  • There is also a version of AlienVault USM or AWS that is built for the Amazon “shared responsibility” security model.
The AWS-native USM for AWS maximizes visibility into potential threats and misconfigurations and makes it easy to use built-in AWS security features like CloudTrail and Security Groups.

Try it for free


With USM you can achieve true security visibility in minutes, not months - If you'd like to take a closer look at AlienVault USM, you can download a free 30-day trial, or you can schedule an in-depth demo on the AlienVault website.

Monday, October 19, 2015 Wang Wei

apple-ios-malware
Recently, Chinese iOS developers have discovered a new OS X and iOS malware dubbed XcodeGhost that has appeared in malicious versions of Xcode, Apple’s official toolkit for developing iOS and OS X apps.

The hack of Apple’s Xcode involves infecting the compiler with malware and then passing that malware onto the compiled software.

This is a unique approach because the hack does not attempt to inject attack code into a single app, and then try and sneak that past Apple’s automated and human reviewers.

Instead, the malicious code is infected on Xcode itself, which is used by software developers to craft and develop the apps for iOS and OS X operating system.

The primary behavior of XcodeGhost in infected iOS apps is to collect information on devices and upload that data to command and control (C2) servers.

Once the malware has established a foothold on infected devices, it has the ability to phish user credentials via fake warning boxes, open specific URLs in a device’s web browser, and even scrape the clipboard.

The current feature set of XcodeGhost is not necessarily what should alarm security experts. Instead, the primary concern should come from its ability to get past Apple’s review process, which is typically known for its careful inspection of apps allowed to be published to its official app store.

Since XCode is one of the main tools used to produce Apple software for both Apple Mac computers and iPhones, this could potentially impact millions of users.

PaloAlto Networks identified nearly 50 infected applications on the iOS (iPhone) platform alone, which was then increased exponentially with the discovery of more than 4,000 infected apps by FireEye researchers.

The popular instant messaging app WeChat, Chinese Uber-like cab service Didi Kuaidi, photo editor Perfect365, music streaming service NetEase, and card scanning tool CamCard, were found to be infected by the malicious Xcode.

The infected iOS apps receive commands from the attacker via the command and control server to perform the following actions:
  • Prompt a fake alert dialog box to steal user credentials (username and password).
  • Trick user to open specific URLs that could allow for exploitation of bugs in the iOS system or other iOS apps.
  • Read and write data to the user’s clipboard – to read the user’s password if that password is copied from a password management tool.
Apple removed the malicious XcodeGhost apps from its official app store, but some affected apps may remain available for download.


Help is on the way

OTX

AlienVault, the leading provider of Unified Security Management™ solutions and crowd-sourced threat intelligence, can help. Their team of security experts continues to perform cutting-edge research on threats like these, collecting large amounts of data and then creating expert threat intelligence as a result.

The Labs team has already released IDS signatures and a correlation rule to the AlienVault Unified Security Management (USM) platform so customers can identify activity related to this exploit:
  • Exploitation & Installation
  • Trojan infection
  • XCodeGhost
For further investigation into XCodeGhost, visit the Open Threat Exchange (OTX) and see what research members of the community have done.

Learn more about AlienVault USM:

AlienVault-labs
Apple advises that users should update the affected apps to fix the issue. It is also good practice to change your Apple iCloud account and other passwords, in case you have accidentally fallen victim to one of these hacking attempts.

Monday, August 03, 2015 Swati Khandelwal

elise-malware-apt
Advanced Persistent Threat (APT) type attacks continue to emerge on a global scale. What makes these attacks deviate from the norm is often the resources required to develop and implement them: time, money, and the knowledge required to create custom pieces of malware to carry out specific, targeted attacks.

Operation Lotus Blossom is one of the more recent APT attacks that has been discovered and analyzed. It is an advanced adversary campaign against the mostly government and state-sponsored entities in the Philippines, Hong Kong, Vietnam, and Indonesia.

It is thought that this group carried out the attack to gain a geopolitical advantage by stealing specific information from government and military institutions in that area. 

At this point, it is still too early to tell if the reach of the attack will extend to the private sector (a la Stuxnet and Duqu).

How does the attack work?


It was found that Operation Lotus Blossom involved a novel custom-built malware toolkit that the authors named Elise. This piece of malware was designed with some unique functions, including the ability to:
  • Evade sandbox detection
  • Connect to and control servers
  • Exfiltrate data
  • Deliver 2nd stage malware payloads

As has been seen in the case of many advanced cyber espionage groups, it begins with a spear phishing email. The email contains information that is very authentic and applicable to the government or military targets. For instance, it uses things like military rosters that targets expect to see. Once the victim sees the email and opens the attachment, a decoy document is presented that appears to be legitimate, however, what is actually happening is that a backdoor is being opened and malware is being installed on the victim's machine. This gives the attacker a base of operations to conduct additional network reconnaissance, compromise new systems, as well as deliver second stage malware or exfiltrate data.

Impact on you


  • Any malware installed on your network puts you at risk of compromise, especially one designed to steal data
  • Once installed, Elise can infect other machines and continue to deliver additional malware variants as needed
  • Elise is specially designed to steal data, putting you and your clients’ sensitive information at risk

How AlienVault Help


AlienVault Labs continues to perform cutting edge research on threats like these, collecting large amounts of data and then creating expert threat intelligence as a result.

The Labs team has already released IDS signatures and a correlation rule to the AlienVault USM platform so customers can detect activity from Elise. Learn more about this threat intelligence update and others in our forum.

Unified Security Management (USM) Platform helps you to scan your network to identify assets that could be infected with the Elise malware, making it easy for you to prioritize efforts and quickly identify systems that need to be addressed first.

Not only can it identifies vulnerable systems, but it can also help you detect attempted exploits of the vulnerability.

Learn more about AlienVault USM:

Thursday, May 21, 2015 Wang Wei

amazon-web-services-security-model
Security in the Amazon EC2 environment is a responsibility shared by both the end user and Amazon. This is because within this environment there are specific parts that Amazon has control of and specific parts that are controlled by the end user.

For the end user, they are responsible for securing the operating systems running on their instances, as well as the applications running on those operating systems. On the other hand, physical security and security of the hypervisor is Amazon’s responsibility.

When it comes to the network, security of that layer is a shared responsibility between the user and Amazon.

Implications of the Shared Security Model


Amazon-EC2-security
Huge operational efficiencies can be gained in a shared security model, however this comes at the cost of the flexibility to have total control over an environment.

In the past, significant security issues have occurred as organizations move to the shared model. During this transition, it’s key that organizations understand the implications involved as they move to this new model.

Loss of Traditional Security Controls


The ability to utilize tried and true controls, like IDS and vulnerability scanners, becomes limited when there is a shared responsibility for the network layer. In EC2, Amazon holds the responsibly of network routing and segmentation between customers.

For instance, making sure that all traffic gets to the intended systems and preventing one customer from seeing another’s traffic.

The implementation of this restriction has prevented end users from easily gaining access to all the network traffic in their EC2 environment (traditionally captured by SPAN or TAP).

The implication of this is that the ability to deploy any security monitoring and controls that rely on network traffic becomes severely limited.

This includes network IDS, NetFlow analysis, etc. It’s possible to attempt to replicate this by capturing network traffic locally on hosts running in an environment and then analyzing in a central location, however this approach is error prone and has severe implications on the network load of the environment because all traffic is replicated as it is sent to the centralized location for analysis.

New Features in Amazon AWS


EC2 Security Groups is probably the most misunderstood security feature in Amazon AWS. This powerful feature provides the ability to control port-level network access to any running instance.

Confusion over this feature often arises due to its seemingly familiar nature. It’s very easy for a user to expose services to the public Internet. Traditionally, substantial effort would be required to put a database on the Internet – punching though one or two routers and a firewall.

However, with security groups this process becomes dangerously simple: a single configuration update. A recent analysis conducted by AlienVault found that in the US East region alone, more than 20,000 databases allowed anyone on the Internet to access them.

Dynamic Environment


Amazon EC2 is a very dynamic environment. Some users design their systems to adapt to this in order to elastically scale with demand, while other users find that their systems simply require restart, and redeployment to operate effectively in EC2.

This brings a substantial implication when conducting security monitoring and incident response in the EC2 environment. In traditional environments, identifiers such as IP addresses can be relied upon for forensic analysis and systems are relatively static.

This means that an incident that started weeks ago will likely have evidence resident on systems still operating. These assumptions are not valid in a dynamic environment. To follow security monitoring best practices, it’s important to provide a concrete relationship between captured security data and the instances running in the environment. Also, it’s key to dynamically collect data for use in incident response.

API


The final implication of security monitoring in AWS is a major one: the Amazon API controls all actions taken in the environment. While this provides much needed automation, it also means that a malicious user of this API could quickly cause substantial damage.

This was addressed in traditional environments by restricting physical access to machines and when using things like IPMI, access was (hopefully) restricted to a dedicated management network.

It’s best practice to use the same level of dedication to protect, monitor and control access to the Amazon API.

Summary


It’s important to understand the implications listed above for effective threat detection and incident response in environments such as AWS.

AlienVault has taken all of these implications and created an entirely new security monitoring offering that is native to AWS – Unified Security Management (USM) for AWS. USM for AWS provides deep integration with the Amazon API to address shortcomings of more traditional technology ported from brick and mortar data-centers.

Additionally, it provides a completely new AWS Infrastructure Assessment engine for detecting insecure configurations and helps users audit their environments. This provides a major step forward for those who need to gain visibility and detect malicious activity in these environments.
USM-Amazon-Web-Services

With USM for Amazon Web Services, you can answer questions like:


  • What users are accessing the API?
  • Where are they signing in from?
  • Who terminated the machine I was working on last night?
  • Did anyone mess with my security groups?
  • Did a developer open up a port to debug my production machines?
  • Has anyone compromised my API credentials?
  • Are my windows servers communicating with known command and control servers?
  • Are hackers scanning my infrastructure?
  • Do any of my machines have known vulnerabilities?

Learn more about AlienVault USM for AWS:

Wednesday, February 11, 2015 Swati Khandelwal

Detecting-GHOST-Buffer-Overflow-Vulnerability
The GHOST vulnerability is a buffer overflow condition that can be easily exploited locally and remotely, which makes it extremely dangerous. This vulnerability is named after the GetHOSTbyname function involved in the exploit.

Attackers utilize buffer overflow vulnerabilities like this one by sending specific packets of data to a vulnerable system. The attack allows the attacker to execute arbitrary code and take control of the victim’s vulnerable machine.

Unfortunately, the vulnerability exists in the GNU C Library (glibc), a code library originally released in 2000, meaning it has been widely distributed. Many derivative programs utilize the glibc to carry out common tasks. Although an update released by Linux in 2013 mitigated this vulnerability, most systems and products have not installed the patch.

What Can I Do About GHOST Vulnerability?
Like with any vulnerability, the best way to mitigate GHOST vulnerability is to identify vulnerable systems, prioritize the remediation process based on asset criticality, and deploy patches. You should keep a current inventory of devices, operating systems, and applications in your network so that you can answer the question ‘am I vulnerable?” before some bad actor answers it for you.

AlienVault Unified Security Management (USM) can also help. USM provides asset discovery, vulnerability assessment, threat detection (IDS), behavioral monitoring and SIEM in a single console, plus weekly threat intelligence updates developed by the AlienVault Labs security research team.

USM can scan your network to identify assets with the GHOST vulnerability, making it easy for you to identify systems that need to be patched and prioritize remediation.
Detecting-GHOST-Buffer-Overflow-Vulnerability
Not only can USM identify vulnerable systems, it can also help you detect attempted exploits of the vulnerability. Within hours of the discovery of the GHOST vulnerability, the AlienVault Labs team pushed updated correlation directives to the USM platform, enabling users to detect attackers attempting to exploit it.

USM also checks the IP information against the Open Threat Exchange (OTX), the largest crowd-sourced threat intelligence exchange. In the example below, you can see details from OTX on the reputation of an IP, including any malicious activities associated with it.
Detecting-GHOST-Buffer-Overflow-Vulnerability
Learn more about AlienVault USM:

Friday, September 19, 2014 Swati Khandelwal

How to Detect SQL Injection Attacks
SQL Injection (SQLi) attacks have been around for over a decade. You might wonder why they are still so prevalent. The main reason is that they still work on quite a few web application targets. In fact, according to Veracode’s 2014 State of Security Software Report , SQL injection vulnerabilities still plague 32% of all web applications. One of the big reasons is the attractiveness of the target – the database typically contains the interesting and valuable data for the web application.

A SQLi attack involves inserting a malformed SQL query into an application via client-side input. The attack perverts the intentions of web programmers who write queries and provide input methods that can be exploited. There is a reason they’re on the OWASP Top 10. Termed “injection flaws”, they can strike not only SQL, but operating systems and LDAP can fall prey to SQLi. They involve sending untrusted data to the interpreter as a part of the query. The attack tricks the interpreter into executing commands or accessing data. Attackers use this exploit to modify entries in your database, execute commands on the database (delete databases, change permission and so on) and read and exfiltrate data from your databases.

Examples of SQLi attacks can be found on the OWASP wiki.  The underlying flaws enabling SQLi attacks are introduced when developers create dynamic database queries that include user input.  

Remediating SQLi attacks involves fixing coding defects that allow user-supplied input that can contain malicious SQL from modifying the logic of the query.  The OWASP wiki details some suggested defenses that application developers use to avoid introducing SQLi-enabling flaws.

The first step in dealing with SQLi exploits is detecting and investigating them.  When under attack, the following questions are critical:
  • When was I attacked?
  • Where was I attacked?
  • How widespread was the attack?
  • Were any files or tables overwritten?
  • Who is attacking me, and are others being attacked as well?
Using AlienVault USM to Detect SQL Injection Attacks
AlienVault Unified Security Management (USM) can help you detect these attacks and answer the questions above with several integrated security technologies including host-based IDS, network IDS and real-time threat intelligence.

Network IDS spotting SQLi
The Network Intrusion Detection (NIDS) built-in to AlienVault USM gives you the ability to monitor all connection requests coming to your web server, plus it includes built-in correlation directives to spot activity indicative of a SQLi. Since the threat landscape is always changing, the Network IDS signatures are updated weekly based on threat research conducted by the AlienVault Lab research team, so you can stay current on new attacks.

Host IDS detecting SQLi by watching file activity
USM also includes a Host-based Intrusion Detection System (HIDS) so you can monitor activity locally on a server. In this case, the HIDS agent would be installed on the web server itself, parsing the logs on your Apache or IIS server. Again, the built-in correlation rules in AlienVault USM make it possible to detect activity consistent with SQLi attacks and alert you immediately.  The AlienVault HIDS also monitors changes to files so you have visibility into which files and tables in your database were affected by the attack.

Here’s an example of the USM console displaying SQLi and the associated threat details:

HIDS Dashboard
How to Detect SQL Injection Attacks
List of Recent SQLi Events
How to Detect SQL Injection Attacks
Details about the Threat
How to Detect SQL Injection Attacks
Real-time Threat Intelligence from the AlienVault Open Threat Exchange
In addition, AlienVault USM uses real-time threat intelligence from the AlienVault Open Threat Exchange (OTX) to spot connections with known bad actors. These are known malicious hosts or attackers whose IPs have shown up in OTX because they attacked other OTX contributors, have been identified by other threat sharing services we use, or have been identified via independent research conducted by our AlienVault Labs team.

OTX data provides context to the IDS information and can increase your confidence that a threat detected is malicious, since the activity you are observing is from a known malicious host. In addition, USM combines and correlates input from HIDS, NIDS and OTX via its built-in Security Information and Event Management (SIEM) capabilities, giving you the full picture of threats in your environment.

AlienVAult USM provides a single console with the information you need to do fast and effective incident response. Learn more:

Friday, March 14, 2014 Swati Khandelwal

IT Infrastructure of organizations is growing ever more distributed, complex and difficult to manage. To manage such networks, a log management solution is not enough.

The AlienVault Unified Security Management™ (USM) platform is the perfect solution to help manage the flood of information and analyze it in real time, to find evidence of security incidents. So, in this article we will introduce you to a security monitoring solution that provides real-time threat detection and speeds incident response.

The AlienVault Unified Security Management™ (USM) platform provides all of the essential security controls required for complete security visibility, and is designed to enable any IT or security practitioner to benefit from results on day one. Powered by the latest AlienVault Labs Threat Intelligence and the Open Threat Exchange™ (OTX)—the world’s largest crowd-sourced threat intelligence exchange—AlienVault USM delivers a unified, simple and affordable solution for threat detection and compliance management. Understanding the sensitive nature of IT environments, USM includes active, passive and host-based technologies so that you can match the requirements of your particular environment.
What can you do with USM?
All of AlienVault’s built-in security controls are pre-integrated and optimized to work together out of the box. Within minutes of installing the USM product, AlienVault’s asset discovery features – active network scanning, passive network monitoring, asset inventory, host-based software inventory – will provide visibility into the assets on your network, what software is installed on them, how they’re configured, any potential vulnerabilities and active threats being executed on them. By building in the essential security capabilities, AlienVault USM significantly reduces complexity and reduces deployment time.
Complete Security Visibility in One Day
With all of the essential security controls built-in, AlienVault USM puts complete security visibility within fast and easy reach of security teams who need to do more with less. With USM you can spend more time investigating the alarms and people attacking your systems and less time setting up and integrating all the other security tools needed for true operational security. USM gives you the security visibility you need to understand who is attacking you, what they are targeting and what your true vulnerabilities are. Within the first day of installation, you’ll be able to:
  • Prioritize risk through correlation of reputation, threat severity and asset vulnerability
  • Run risk assessment and vulnerability reports of affected assets
  • Detect threats through correlation of firewall logs and Windows events
  • Get a forensic view into stored logs
  • Deploy the technology needed to comply with requirements for PCI DSS, HIPAA, ISO 27002, SOX, GPG 13 and more
Consolidated threat management
With the AlienVault Unified Security Management (USM) platform, you can quickly:
  • Identify, isolate and investigate indicators of exposure (IOEs) and indicators of compromise (IOCs) including C&C traffic, malware infections, abnormal network flows and more
  • Correlate asset information with built-in vulnerability scan data and AlienVault Labs Threat Intelligence to better prioritize response efforts
  • Respond to emerging threats with detailed, customized “how to” guidance for each alert
  • Demonstrate to auditors and management that your incident response program is robust and reliable

Simplify Regulatory Compliance Requirements
With a single platform, AlienVault USM automatically identifies important audit events in real-time, reports them and alerts on events that warrant immediate action. From file integrity monitoring to IDS to log management - USM makes compliance easier. Not only do we provide the tools you need to be compliant, USM gathers the information you need and generates the reports to give to auditors.
How does USM work?
Our most popular option, the AlienVault USM All-in-One appliance—ideal for single sites and more centralized networks—combines the following capabilities for simpler security management:
  • Asset discovery and inventory – passive and active discovery techniques
  • Vulnerability assessment – accurate and automated network scanning
  • Threat detection – network-based, host-based, and wireless IDS
  • Behavioral monitoring – netflow analysis, log management, file integrity monitoring and service availability tracking
  • Security intelligence – automated event correlation, advanced incident response and data forensics
For distributed networks, AlienVault’s All-in-One Extended appliance provides local detection with global reporting and response.
  • Deploy up to five sensors and provide local asset discovery, vulnerability assessment, behavioral monitoring, and threat detection.
  • Correlate local events with global threat intelligence.
  • Apply business logic to security events to prioritize investigation efforts.
  • Measure, manage and report on compliance status.

Additionally, AlienVault USM Standard and Enterprise products are ideal for larger, distributed enterprises that require centralized SOC (Security Operations Center) management and visibility. The USM Standard and Enterprise products provide the ultimate deployment flexibility and scalability by separating each of the USM components – Sensor, Logger, Server – into dedicated physical, virtual, or cloud appliances.

Security for you, powered by all
AlienVault OTX is an open information sharing and analysis network that provides access to real-time, detailed information about incidents that may impact you, allowing you to learn from, and work with, others who have already experienced them. OTX was developed for IT practitioners responsible for security who don’t want to continually deal with the same security problems as their peers without the benefit of lessons learned. Unlike closed, invitation-only information sharing and analysis networks (e.g., FS-ISAC, Infragard, ISAC), OTX provides real-time, actionable information that is open to anyone who chooses to participate. This allows IT practitioners to achieve preventative response by learning about how others are targeted, and then employ the right defenses to avoid becoming victims themselves.

Try it for free!
With USM you can achieve true security visibility in minutes, not months - If you've liked what you've seen, you can download a free 30 day trial or you can schedule an in depth demo on the AlienVault website.

Newsletter Subscription

Subscribe to our newsletter and get all latest hacking news, free eBooks delivered to your inbox.

Join Over 450,000 Subscribers!