Incident Response with USM Anywhere AlienApps for Palo Alto Networks, Carbon Black & ServiceNow

June 6, 2017  |  Jeff Olen

Only 15% of IT security professionals consider their incident response processes to be mature. That’s according to the 2016 SANS Incident Response Survey. That survey also found that the median time to response (TTR) of detected incidents hovers between 2 to 7 days.

These results, while dismal, may come as little surprise to most IT security professionals, who contend daily with an ever-changing threat landscape. As new threats emerge, IT security teams are tasked with detecting and responding to evidence of those threats in their environments. This typically requires an arsenal of security products—firewalls, endpoint security, intrusion detection systems, and more—that are not typically designed to seamlessly integrate or work together.

Further compounding the complexity of threat detection and incident response, organizations continue to add new products to their IT environment. As new products and IT infrastructure are introduced, IT security teams must ensure that their existing security products continue to give them the security coverage and visibility they need.

In short, it’s a lot to manage, so it’s easy to understand why IT security professionals report a less-than-stellar outlook on the speed and sophistication of their incident response processes.

Introducing AlienVault® AlienApps

With this in mind, AlienVault launched the AlienApps ecosystem, extending the threat detection and incident response capabilities of USM Anywhere to essential third-party IT security and IT operations products.

With AlienApps, IT security teams can centralize their security monitoring and threat detection activities in a single pane of glass and can orchestrate and automate their incident response activities across their IT security environment. In doing so, organizations can drastically reduce their time to threat detection (TTD) and time to response (TTR), while saving time, money, and resources.

Each AlienApp in USM Anywhere is a purpose-built modular extension to USM Anywhere that readily connects to an external product, allowing USM Anywhere to detect threats and to trigger response actions automatically based on the threats detected. AlienApps are delivered out of the box to USM Anywhere, and AlienVault is continuously developing and releasing new AlienApps for USM Anywhere.

At AlienVault, we’ve made it our mission to make security easier, more affordable, and overall better for IT security teams of all shapes and sizes. We pioneered the unified approach to security management by bringing together multiple essential security technologies—asset discovery, vulnerability assessment, intrusion detection, behavioral monitoring, SIEM, and log management—onto a single, easy-to-manage platform.

The development of AlienApps is the next phase in our mission. In addition to unifying core security technologies, USM Anywhere now brings together third-party security tools from leading vendors like Cisco, Palo Alto Networks, and Carbon Black, all while avoiding the traditional costs and complexity associated with integrating and automating incident response activities across multiple products. With AlienApps, IT security professionals can orchestrate a larger portion of their security management activities within a single pane of glass.

Discover the Latest AlienApps in USM Anywhere

In previous blog articles, we featured our new AlienApps for Microsoft Office 365, Google G Suite, and Cisco Umbrella. Today, we announced the expansion of our ecosystem with the release of new AlienApps for Carbon Black, Palo Alto Networks, and ServiceNow.

AlienApp for Palo Alto Networks

Palo Alto Networks is a recognized leader in the enterprise firewall market, with its suite of next-generation firewall solutions. Firewalls are a rich source of data for monitoring threats, and the AlienApp for Palo Alto Networks collects that data for analysis and correlation by USM Anywhere, which summarizes the relevant information in a rich, interactive dashboard.

The app also coordinates incident response actions between USM Anywhere and the firewall.  For example, a security analyst reviewing a USM Anywhere alarm involving a malicious IP address could trigger a response action that automatically sends the IP address to Palo Alto Networks for blocking.

AlienApp for Carbon Black

Like firewalls, endpoint protection is a cornerstone of any security program.  The AlienApp for Carbon Black connects USM Anywhere with a recognized leader in next-generation endpoint security.  The app enhances threat detection by collecting and analyzing log data from Carbon Black's endpoint protection products and provides orchestration actions to streamline incident response activities.  For example, USM Anywhere customers that use Carbon Black’s Cb Response solution can use the app to quickly isolate an infected endpoint without leaving the USM Anywhere interface.

AlienApp for ServiceNow

In most organizations, responding to a security incident or remediating a vulnerability involves some type of ticketing workflow.  In many cases, the ticketing system is managed outside of the security team, forcing the analyst to interact with two different systems to manage and track the response.  The AlienApp for ServiceNow helps to streamline incident response activities by automatically opening ServiceNow incident tickets in response to threats detected by USM Anywhere.  Incident tickets can be opened manually as a response to a specific alarm, or automatically through an orchestration rule.  For example, a rule can be created to automatically open a ServiceNow incident any time a USM Anywhere asset scan identifies a critical vulnerability.

 Take AlienApps for a Spin

AlienApps are included for all USM Anywhere customers at no extra charge.  Start a Free 14-Day Trial of USM Anywhere today to see how AlienApps can help your organization work more efficiently to reduce the time between threat detection and response.



Share this with others

Get price Free trial