AlienVault USM Anywhere provides five essential security capabilities in a single SaaS platform, giving you everything you need to detect and respond to threats and manage compliance. As a cloud The use of many computers connected over a network to run multiple programs or applications at the same time, instead of running them on a local device or network.-based security solution, you can scale your threat detection and response capabilities as your hybrid environment changes.
The USM Anywhere cloud security management platform receives continuous updates from the AT&T Alien Labs™ Security Research Team. This team analyzes the different types of attacks, emerging threats, suspicious behavior, vulnerabilities, and exploits Piece of software, data, or a sequence of commands that takes advantage of a flaw or vulnerability to cause unintended or unanticipated behavior to occur in software or hardware, that result in gaining increased privileges and access privileged data. that they uncover across the entire threat landscape.
USM Anywhere supplements the Security Research Team with data from AT&T Alien Labs™ Open Threat Exchange® (OTX™ The world’s first truly open threat intelligence community that enables collaborative defense with actionable, community-powered threat data. This repository provides a continuous view of real time malicious activity.). OTX is the largest and most authoritative crowd-sourced threat intelligence Evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice about an existing or emerging hazard to assets that can be used to inform decisions regarding the subject's response to that hazard. exchange in the world.
Here is a brief description of the essential functions that USM Anywhere provides:
- Asset Discovery is an essential security capability of USM Anywhere, which discovers assets An IP-addressable host, including but not limited to network devices, virtual servers, and physical servers. in your environment, detects changes in assets, and discovers malicious assets in the network.
- Vulnerability Assessment, which is done in authenticated state, identifies vulnerabilities or compliance by comparing the installed software on assets with a database of known vulnerabilities. Vulnerability A known issue or weakness in a system, procedure, internal control, software package, or hardware that could be used to compromise security. scans can be performed manually or scheduled to be performed periodically.
- Intrusion Detection Security system capability that attempts to detect actions that may compromise the confidentiality, integrity, or availability of a resource. monitors network traffic for malicious activity Activity in a system that exceeds or misuses that access in a manner that negatively affects the confidentiality, integrity, or availability of the organization's information systems., monitors system log messages, and monitors user activity. Intrusion detection for USM Anywhere consists of network-based intrusion detection (NIDS Network-based intrusion detection system (NIDS) monitors network traffic and events for suspicious or malicious activity using the sensors that provide management and network monitoring interfaces to networks and network devices.) components.
- Behavioral Monitoring identifies suspicious behavior and potentially compromised systems. USM Anywhere provides continuous monitoring of services run by particular systems. Data used for behavioral monitoring Process of collecting all device status and event information and processing normalized events for evidence of vulnerabilities, possible attacks, and other malicious activity. and analysis is collected from network devices and user behavior. USM Anywhere has access to logs in the cloud (Azure Microsoft Azure is a cloud computing platform and infrastructure created by Microsoft for building, deploying, and managing applications and services through a global network of Microsoft-managed data centers.: Monitor, AWS Suite of cloud computing services from Amazon that make up an on-demand computing platform.: CloudTrail AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you., S3, ELB Elastic Load Balancing automatically distributes incoming application traffic across multiple Amazon EC2 instances in the cloud.) and VMware logs.
- SIEM Security Information and Event Management (SIEM) systems employ a variety of separate tools to monitor host and network resources for threat activity and compliance status. and Log Management correlates and analyzes security event Information collected and displayed that describes a single system or user level activity that took place. data and respond. USM Anywhere SIEM draws intelligence from different sources including the Alien Labs Threat Intelligence Subscription The AT&T Alien Labs™ Threat Intelligence Subscription provides subscribers with the ability to detect the latest threats with continually updated correlation rules, IDS signatures, vulnerability audits, asset discovery signatures, IP reputation data, collection and integrations, and report templates. and OTX. Correlation rules A correlation rule correlates incoming events based on previously defined relationships defined in the correlation directive, associating multiple events, of the same or different event types, from the same data source., created by the Security Research Team, are used to identify patterns associated with malicious activity. OTX threat data provides IP reputation Threat ranking of IP addresses that have been submitted by the OTX community as being malicious or at least suspicious. information and OTX pulses OTX pulses provide information on the reliability of threat data, who reported a threat, and other details of threat investigations., which consist of Indicators of Compromise (IOCs) An artifact observed with some degree of confidence to be an indication of a threat or intrusion. that identify a specific threat.
HIDS can be used to spot problems on host Reference to a computer on a network. endpoints, and can include file integrity monitoring A mechanism for validating the integrity of operating system and application software files using a verification method between the current file state and a known, good baseline. It is one of the most powerful techniques used to secure IT infrastructures and business data against a wide variety of both known and unknown threats., rootkit Collection of tools (programs) used to mask intrusion and obtain access to all commands and files of a computer or computer network. and registry checks. NIDS passive sniffing interfaces can analyze network payload data to monitor for potentially malicious activity.
All of USM Anywhere's various security operation features and functionality are accessible from the USM Anywhere web UI.