AlienVault Launches New Offering for Threat Detection and Incident Response in AWS

April 7, 2015 | Russ Spitler

Note: The product mentioned in this blog, AlienVault USM for AWS, is no longer being sold. Learn more here.

Today we are launching USM for AWS, our newest offering focused on providing threat detection and incident response for AWS. We have had the ability to monitor AWS environments in our core USM product line for almost two years now, however when we started really digging into what we needed to do to provide good security visibility in AWS we started this new project. All environments are not made the same, and AWS is certainly not like traditional data-centers. When we make the transition to the cloud we are no longer managing our security alone, we share that responsibility with our cloud provider. There are many implications to this security model discussed at length in a blog post coming soon, but the most important take-away is the technology we have used is not the best solution for cloud-environments. In our new offering we have built a completely cloud-native solution that:

  • Monitors the AWS CloudTrail API Audit log for indicators of malicious activity and abnormal usage of the AWS API
  • Assesses your AWS infrastructure to identify insecure configurations and usage of AWS security features
  • Performs fully automated, authenticated vulnerability scans of all of your machines
  • Automates the Asset discovery of instances in your environment leveraging the AWS API
  • Provides automatic analysis of your Load Balancer and S3 access logs
  • Provides deep windows event monitoring for advanced threat detection

We are really excited about this new offering and our initial customers have had experienced a time from installation to results in under 10 minutes. Using our CloudFormation template users can automatically provision USM for AWS, configure the appropriate access control, and set up encrypted data storage in a few simple clicks. Anyone who has an AWS environment can get this up and running and start answering questions like:

  • What users are accessing the API?
  • Where are they signing in from?
  • Who terminated the machine I was working on last night?
  • Did anyone mess with my security groups?
  • Did a developer open up a port to debug my production machines?
  • Has anyone compromised my API credentials?
  • Are my windows servers communicating with known command and control servers?
  • Are hackers scanning my infrastructure?
  • Do any of my machines have known vulnerabilities?

Here is a sneak peek of the USM for AWS product from AlienVault:

We look forward to working with you all with this new offering - if you would like to start a 15 day trial, the offering is on the AWS Marketplace. If you would like to learn more about the product check out our new product page and solution brief.

Here's the press release.

Russ Spitler

About the Author: Russ Spitler

Russell Spitler brings over a decade of experience building products and startup companies that secure companies across the globe. Russ currently serves as the AVP of Products at AT&T Cybersecurity where he is responsible for cybersecurity product strategy and the execution of the cybersecurity product roadmap that has resulted in the acquisition of over 7,000 commercial customers and over 20,000 open source users during his tenure. Russ was also one of the founders and a driving force behind AlienVault's Open Threat Exchange- a crowd-sourced threat intelligence community with over 100,000 active users from more than 140 countries. His leadership and focus on practical and effective threat detection has helped establish AlienVault's open-source and commercial products as an undisputed industry leader. Prior to AT&T, Russell served in engineering and product management roles at Fortify Software. Russ was instrumental in developing and maturing the Fortify product suite that dominated the application security testing market earning the leadership position in the Gartner MQ for 11 straight years. Fortify's 750+ customers included all 10 of the world's 10 largest banks and all the major branches and agencies within the US DoD. Russell frequently contributes articles and quotes for major news outlets and regularly presents at industry conferences such as RSA, and BlackHat.

Read more posts from Russ Spitler ›


Get price Free trial