What’s New in AlienVault v4.4?

December 17, 2013  |  Sandy Hawke

Over the past ten years or so, I've worked on various computer security product teams. And in my experience prior to AlienVault, it felt like somewhat of an arms race with other vendors. Trying to release the next great big feature before the other guys can. And while that competitive spirit can sometimes produce leaps in technology innovation, as well as a lot of buzz in the market, it can also be a distraction. A distraction from the core needs of the customer.

At AlienVault, our needs are laser focused on the security practitioner and how to make threat detection and incident response more efficient for that practitioner. Over the past few months, we've conducted extensive user experience interviews with our customers... analyzing how they use our product, and identifying key areas where we can improve the user experience.

In general, we've noticed that the key challenges to successful security monitoring for any organization are encountered at initial deployment and installation, and then when it's time to start digging into information about alarms and assets. And the features offered in AlienVault v4.4 address each of those challenges.

Our first priority was to accelerate and simplify the implementation process. We've automated that process with our first time set-up wizard. As you can see in the screenshot below, you can now choose between two easy set-ups. Each option offers guided instructions that build on each step in the process, based on information we gather in the previous step. Thanks to this new set-up wizard, you'll know exactly how to get started and begin viewing alarms and running reports within just a few minutes of initial install.

And, what's more... the alarms that will start triggering once you complete the wizard are much easier to review and respond to, thanks to our new Alarm "Heat Graph" and preview panel. These enhancements build on the new intuitive event taxonomy that we introduced in AlienVault v4.3, with data visualizations to easily spot anomalies and prioritize events. As we all know, prioritization is a critical success factor in incident response, and this feature translates the rich threat intelligence from AlienVault Labs into consumable and actionable events you'll dig into during investigations.

When it comes to doing forensic analysis and investigation, the most logical area of focus is on the assets in the environment. The information within a single alarm will quickly pivot to questions about the assets involved in the incident, as the need to expand beyond that single asset becomes clear. For example, an alarm might surface a configuration issue with one of the assets in the environment, and the next step is to expand that inquiry to understand what other assets might also have that same configuration issue.

We've enhanced our asset search interface to make these answers even easier to find. Our UX design team took their inspiration from the travel aggregator site kayak.com, where you can easily select common search parameters against a data set of airlines, airports, ticket prices, etc. For the security practitioner, these data sets are vulnerabilities, asset value, alarms, timeframes, and events, rather than economy class vs. business class, but the design goal is the same - to make information easier to find. For example, within just a few clicks, you can identify all assets with a vulnerable version of Adobe Acrobat that have recently been targeted by malicious IP addresses. You can also apply those search parameters and results to create groups that share those characteristics.

Just as digging in deeper to assets is a critical success factor for the security practitioner, so is digging deeper into the events themselves. We've addressed that need with an enhanced security event search interface. You can easily discover associations among disparate security events as well as view analytics about those events in the same page.

It's truly refreshing to work for one of the only vendors in this industry who has invested in user experience and prioritized product design, and AlienVault v4.4 is a key reflection of those efforts. The new features and enhancements in AlienVault v4.4 dramatically simplify and streamline the process for identifying and responding to vulnerabilities, threats, network anomalies, compliance violations and more.

We would love to hear your feedback on the latest features, so please post your questions and comments in our Forum. If you're new to AlienVault, and you'd like to see how to put these features at work in your own environment, feel free to download our free trial today.

In the meantime, stay focused on the essentials.

Share this with others

Tags: ossim, alienvault, usm

Featured resources



2024 Futures Report

Get price Free trial