Extending Threat Detection to the Endpoint with New EDR Capabilities in USM Anywhere

July 31, 2018  |  Danielle Russell

Back in April, we began to invite USM Anywhere customers to try out our new endpoint agent, the AlienVault Agent, in an Early Access program. The overwhelming interest in the program alone was telling; over 37% of USM Anywhere customers (60% of our MSSP partners) raised their hands to participate. Our conversations with customers during the program were even more telling; Our customers want deeper security visibility of their endpoints without having to manually deploy and administer third-party endpoint agents.  What’s more, they want advanced threat detection capabilities for the endpoint that pick up where their traditional antivirus tools fall short.

What we heard from our customers echoes the current conversation in the larger cybersecurity community regarding endpoint security. That is that, today, malicious actors are increasingly targeting the endpoint with attacks designed to evade traditional endpoint prevention and protection tools. Organizations are struggling to keep up, as the enterprise EDR solutions that offer advanced endpoint threat detection are often too complex or expensive for most organizations.

USM Anywhere is uniquely positioned to solve for this challenge, as the platform is built to evolve as the threat landscape changes. Its extensible architecture allows us to seamlessly and automatically introduce new security capabilities, integrations, and threat intelligence to the platform, giving our customers comprehensive threat coverage without having to layer on more point security solutions to contend with the latest attacks. Since we first launched USM Anywhere, we’ve been steadily extending its reach to detect modern threats wherever they appear. The endpoint is no exception.

Today, I’m pleased to announce the launch of new endpoint detection and response (EDR) capabilities in USM Anywhere. You can read the full press release here.

With EDR capabilities delivered as part of the unified platform, USM Anywhere users can centralize security monitoring of their endpoint and network activities across their cloud and on-premises environments, without having to deploy or integrate a separate EDR solution. This not only streamlines security operations, but it also allows users to correlate network and endpoint security data for better threat prioritization and faster incident investigation and response. These capabilities work through the AlienVault Agent, a lightweight, adaptable endpoint agent based on osquery that easily deploys to Windows and Linux endpoints and is easy to manage in USM Anywhere.

The feedback we’ve received from USM Anywhere customers in the Early Access program has been positive and has helped to drive the product development leading up to today’s launch and beyond. We asked customers which features or use cases were the most exciting or useful to them. Top responses included:

  • Continuous endpoint monitoring / automated detection of advanced endpoint threats

  • File integrity monitoring (FIM) to help with PCI DSS or other compliance requirements

  • Remote and bulk deployment and management, which is simple and straightforward

  • Off-network endpoint monitoring (remote sites and employees)

  • Proactive endpoint querying for forensics info as part of an incident investigation

We are excited to make these new capabilities available to all USM Anywhere customers today, without requiring them to purchase any add-on products or modules or upgrade their subscriptions to access them. It’s part of our mission to provide phenomenal security to organizations of all sizes.

To learn more about why we think EDR is an essential part of any robust security program, watch this two-minute video from AlienVault’s own Javvad Malik:

For more information about the new EDR capabilities in USM Anywhere, you can:

Share this with others

Featured resources



2024 Futures Report

Get price Free trial