Threat analysis is far from a trivial exercise, especially when you’re forced to use multiple tools. We know how frustrating it can be to attempt to detect and analyze threats amidst the dozens, hundreds, or thousands of routine-looking events that your log files are collecting every second.
It’s time you discovered a new way (to detect and analyze threats) with AlienVault. The AlienVault Unified Security Management™ (USM) platform delivers essential security capabilities managed from a single console, giving you everything you need to for a complete view of your security posture.
AlienVault USM accelerates and simplifies your ability to detect and analyze threats:
Networks are constantly changing, making it difficult and time consuming to locate, inventory, and monitor all of the devices connected to your network.
As soon as you install AlienVault USM™, its advanced threat analysis begins. The USM platform puts up-to-the-minute security and threat information about systems, data, and users at your fingertips, giving you complete security visibility and providing you with a unified threat detection and compliance management solution that is both easy-to-use and affordable. Most customers begin to see policy violations and receive alerts on threats within just a few minutes after completing the installation.
Automated Asset Discovery
Conduct active or passive network scans of your environment and use host-based software inventory to find all connected assets and collect device data including OS, installed software, configuration, and more.
Continuous Vulnerability Monitoring
Schedule and conduct unlimited authenticated or unauthenticated scans of your assets so you’re always on top of vulnerabilities, misconfigurations, default passwords, and more.
Easy Asset and Network Grouping
Define segments of networks and assets that you need to keep a closer eye on. You can even assign values to better prioritize the criticality of threats targeting those assets.
IT teams of all sizes suffer from too much data and not enough information, as security tools generate a steady stream of alerts about important (and not so important) activity. IT teams without deep security expertise are then required to conduct research into each alarm to understand the significance of each alarm and what to do about it.
USM’s integrated threat intelligence from AlienVault Labs eliminates the need for IT teams to spend precious time conducting their own research. The AlienVault Labs threat research team spends countless hours mapping out the different types of attacks, the latest threats, suspicious behavior, vulnerabilities and exploits they uncover across the entire threat landscape. They also leverage the power of OTX, the world’s largest crowd-sourced repository of threat data to provide global insight into attack trends and bad actors.
Unlike single-purpose updates focused on only one security control, AlienVault Labs Threat Intelligence service delivers regular TI updates to the USM platform which accelerates and simplifies threat detection and remediation.
These updates include:
AlienVault’s USM platform automated event correlation gives you the information you need to analyze threats targeting your systems and users.
Utilizing the Kill Chain Taxonomy, the USM platform makes it easy to see what threats you need to focus on first. It provides every detail you need in the alarm: what’s being attacked, who is the attacker, what is their objective, and how to respond.
Kill Chain Taxonomy classifies threats into five categories and provides you with contextual information to help you understand attack intent and threat severity, based on interaction with your network.
Accelerate your response work by analyzing related threat details in one place.
See the directive event, the individual event(s) that triggered the directive event, and the correlation
level of the directive rule.
You can click on any event to examine details such as:
Get to the bottom of who and what’s targeting your assets and what systems are vulnerable.
Search SIEM Events
You have the flexibility to conduct your own analysis. For example, you may want to search the SIEM database for events that came from the same host as the offending traffic triggering an alarm.
Check Assets and Vulnerabilities
Search the built-in asset inventory for assets involved with an alarm. Integrated vulnerability assessment scans indicate whether an attack is relevant by identifying vulnerable operating systems, applications and services and more – all consolidated into a single view.
Inspect Packet Captures
Use integrated packet capture functionality to capture interesting traffic for offline analysis. Packets can be viewed in the integrated Tshark tool, or you can download the capture as a PCAP file.
Examine Raw Logs
Search for any raw logs that are related to activity reported by an alarm. For example, look for logs that are related to the source IP address that was reported in the alarm.