USM Anywhere has a modular and scalable two-tier architecture.
Tier 1 — USM Anywhere Sensors and Agents
USM Anywhere SensorsSensors are deployed into an on-premises, cloud, or multi-cloud environment to collect logs and other security-related data. This data is normalized and then securely forwarded to USM Anywhere for analysis and correlation. deploy natively into each environment and help you gain visibility into all of your on-premises and cloudThe use of many computers connected over a network to run multiple programs or applications at the same time, instead of running them on a local device or network. environments. Sensors collect and normalize logs, monitor networks and collect information about the environments and assets deployed in your hybrid environments.
Sensors are a key component of the USM Anywhere solution. They operate either on-premises or in the cloud, performing the following tasks:
- Discovering your assetsAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers..
- Scanning assets for vulnerabilitiesA known issue or weakness in a system, procedure, internal control, software package, or hardware that could be used to compromise security..
- MonitoringProcess of collecting all device status and event information and processing normalized events for evidence of vulnerabilities, possible attacks, and other malicious activity. packets on your networks and collecting data.
- Collecting log data and normalizingNormalization describes the translation of log file entries received from disparate types of monitored assets into the standardized framework of Event types and sub-types. it before securely sending it to USM Anywhere.
USM Anywhere Agents deploy on your network host and provide the following:
- Endpoint detection and response
- Network asset monitoring
- File integrity monitoring (FIM)
- Log collection
Cloud Connectors provide operational visibility into the security of your environment and perform the following task of log collection.
Tier 2 — USM Anywhere Cloud
The USM Anywhere cloud instance is deployed in one of the Amazon Web Services (AWS) endpoint regions based on your location. The following table lists the available AWS regions:
|ap-northeast-1||Asia Pacific (Tokyo)|
|ap-south-1||Asia Pacific (Mumbai)|
|ap-southeast-2||Asia Pacific (Sydney)|
|sa-east-1||South America (São Paulo)|
|us-east-1||US East (N. Virginia)|
|us-west-2||US West (Oregon)|
|us-gov-west-1||AWS GovCloud (US-West)|
USM Anywhere receives data from USM Anywhere Sensors and uses it to provide essential security capabilities in a single SaaS platform:
- Centralized system security management
- Log data analysis and correlationCorrelation identifies potential security threats by identifying relationships between multiple types of events occurring in two or more assets.
- Log management
USM Anywhere also retains raw logs long-term for forensic investigations and compliance mandates.