Today, I’m excited to share that we have released AlienApp for Box, a new security integration between AT&T Cybersecurity and Box, a leader in cloud content management. This new feature within USM Anywhere takes advantage of Box's granular logging capabilities and powerful APIs to add an additional layer of security for Box Enterprise customers that enables you to monitor your Box environments for potential threats and malicious activities. With the AlienApp for Box, you can enhance the detection of threats to data stored in Box and respond quickly with incident response orchestration between AlienVault USM Anywhere and Box. In addition to delivering AlienApp for Box, we have joined the Box Technology Partner Program to provide our joint customers security insights specific to Box Enterprise accounts.
“Box is committed to bringing secure, centralized cloud content management solutions to its customers,” said Niall Wall, SVP, Partners at Box. “We are excited to deepen our relationship with AT&T, who is already a reseller of Box, through this new AlienApp integration. Together, Box and AT&T Cybersecurity will provide a deeper level of threat detection controls to protect an enterprise's most valuable information.”
Let’s take a closer look at how the AlienApp for Box in AlienVault USM Anywhere enhances how you detect and respond to threats against your Box Enterprise environments.
Monitor Box Along with Other Critical Assets in Your Cloud and On-Premises Environments
With the AlienApp for Box, you can monitor your Box Enterprise environments within the same pane of glass as the rest of your critical IT assets in the cloud and on premises. AlienVault USM Anywhere centralizes security monitoring across SaaS apps, public cloud and on-premises environments, and remote locations. This can reduce the number of security dashboards you need to monitor, helping to streamline security and compliance.
After you configure the AlienApp for Box, AlienVault USM Anywhere begins to automatically collect and analyze data from your Box environment, including authentication events, user profile updates, user state changes, application and group assignment, and other changes to your Box Enterprise account. AlienVault USM Anywhere presents this information as security events and provides a dashboard of Box events.
Automatically Detect Threats Against Your Data Stored in Box
AlienVault USM Anywhere works to automatically detect threats and suspicious activities against your Box Enterprise environment using integrated threat intelligence from AT&T Alien Labs. Expert security researchers on the AT&T Alien Labs team deliver continuous threat intelligence updates to AlienVault USM Anywhere, enabling resilient threat detection even as your infrastructure evolves and attackers change their approaches.
As part of the threat intelligence subscription in AlienVault USM Anywhere, AT&T Alien Labs provides Box-specific correlation rules to help you automatically detect threats against your Box Enterprise environments, for example:
- Password spraying against Box
- Successful brute force authentication attacks
- Ransomware and other malware infections
- Data exfiltration or sharing with a known malicious host
- Anomalous user activities that could indicate an attack
By utilizing the threat intelligence from AT&T Alien Labs for automated threat detection, you can focus your security resources on responding to actual threats.
Respond to Threats Quickly with Automation and Orchestration
When AlienVault USM Anywhere alerts you to a potential threat against your Box Enterprise environments, you can respond by creating an automated or manual response action that sends a command to Box. Response actions in AlienVault USM Anywhere help you to:
- Streamline investigation activities by creating new tasks within Box
- Mitigate the scope of an attack by deactivating a Box account
- Reduce manual work by automating low-level response tasks
Incident response orchestration in AlienVault USM Anywhere helps you respond to threats quickly and effectively, without having to work across multiple applications.