Phenomenal Security with AlienVault®


Discover the power of the unified security platform approach to security at AlienVault® in this brief 10-minute introduction video.

Video Transcript

AlienVault® is the leader in unified security management, making threat detection and incident response available for every organization. At AlienVault, we deliver phenomenal security.

If you think your security program is less than phenomenal today, well, you are not alone. In fact, when surveyed 750 security practitioners, only 24% felt that they could detect and respond to all types of security issues early enough to mitigate impact.

This shouldn’t be much of a surprise when you consider that the number of reported security breaches is rising every year. At this pace, it's really hard for security teams to detect and respond to threats fast enough to prevent a breach. In fact, threats dwell in an environment undetected for over three months on average. And even with all the money that's being spent on security today, almost $90 billion just this year, we're still not catching all the threats fast enough. Why is that?

If we look at how most security teams approach threat detection, we see that they take a bunch of disparate security products, each with a narrow view of their environment, and then aggregate the data from those tools into a SIEM or Big Data Analytics platform, where they begin to search for threats.

The problem with this approach is that each of these products is expensive to procure, integrate, and maintain, and it takes multiple point products to get complete security visibility. And, as new threats emerge and evolve, organizations must purchase new products to address those threats. Even then, there’s little guarantee that you'll be able to look through all of the data to actually detect and respond to threats effectively. To do that, you need lots of highly skilled people to manage the security stack. This includes security engineers, and threat researchers, security analysts, and incident responders. Unfortunately, these highly skilled workers are scarce and difficult to attract and retain into today’s market.

We believe there’s a better approach - one that's not as expensive, that doesn't require a huge security team, and that can evolve as the threat landscape changes, enabling faster detection and response. An approach that enables phenomenal security. That’s AlienVault.

With AlienVault’s Unified Security Management® (USM)platform, USM Anywhere™, you can detect and respond to the threats 80% faster and improve the productivity of your security operations by over 75%. A unified cloud-based solution delivered as a Software as a Service, USM Anywhere deploys in minutes, not weeks or months. In fact, 46% of users generate their first security alert on Day One.

How do we do this? Let's take a look.

AlienVault USM Anywhere combines multiple essential security capabilities in a single platform, alleviating all of the engineering and integration work it takes just to get started detecting threats. Capabilities include automated asset delivery, endpoint detection and response, vulnerability assessment, intrusion detection, SIEM event correlation, log management, and many more.

As the threat landscape evolves, we introduce new security capabilities to this highly extensible platform, without requiring users to upgrade their deployments or their subscriptions.

USM Anywhere uses lightweight sensors and agents to automatically collect and analyze security data from across your environment, including your AWS and Azure public cloud infrastructure, productivity apps like Office 365 and G Suite, your critical on-premises networks and endpoints, and even remote endpoints, giving you centralized security visibility across your IT environment from a single pane of glass, helping you to mitigate security blind spots and shadow IT.

Let’s take a look at this in action. This dashboard is the first thing you’ll see when you log into the USM Anywhere Web console.

First, you’ll notice the alarms generated. These indicate threats or areas of risk to your organization. You can see alarm trends, as well as the top alarms by method, helping you to understand what types of threats or risks are most prevalent in your organization.

Below that, you’ll find a summary of event information, including the data sources of the events as well as trends in event traffic and sensor activity, helping you assess what’s normal, and where anomalies may exist.

Our automated asset discovery capabilities continuously learns your environments to identify the devices, software, and services are running across your environment at any time, even in dynamic cloud environments. When you deploy an agent to any asset, USM Anywhere associates that asset with that agent, giving you richer information and response capabilities.

Below that, you’ll see a summary of results from your vulnerability scans. In AlienVault USM, vulnerabilities are automatically ranked by severity to help you prioritize which vulnerabilities to address first.

As we scroll back up to the top, you will see that AlienVault USM Anywhere automatically prioritizes alarms, with the the most severe alarms, representing a system compromise, on the top, helping you to quickly prioritize which alarms you should focus on first. On each alarm, you can drill down further to gain detailed information on the threat, everything you need to start your investigation in a single pane of glass.

But that’s only half the story. To generate alarms, AlienVault USM leverages integrated  threat intelligence from the AlienVault Labs team.

The threat intelligence built into in USM Anywhere works to automate threat detection, so that you can focus your efforts on investigating and responding to incidents quickly and efficiently. While you might be used to getting a feed of raw IOCs from a third-party threat intelligence service or doing your own research and writing of correlation rules, at AlienVault, we do it for you.

The AlienVault Labs Security Research team researches, writes, and delivers continuous threat intelligence directly to USM Anywhere, keeping your defenses up to date as threats emerge and evolve in the wild. AlienVault Labs delivers automatic threat intelligence that includes correlation rules, endpoint queries, and even step-by-step response guidance. This threat intelligence is built to detect high-level tools, tactics, and procedures, so even as malicious actors change their low-level indicators like IP addresses and hashes, you can still detect the attack.

AlienVault Labs uses threat data from the Open Threat Exchange® (OTX™), the world's largest threat intelligence community of over 100,000 security researchers and practitioners. The OTX community collaborates, shares, and consumes emerging threat data – up to nearly 20 million threat artifacts every single day, many within minutes of attacks initially being discovered in the wild.

In addition, USM Anywhere directly integrates with OTX, so you benefit not only from the rich analysis of the AlienVault Labs team but also the entire global threat intelligence sharing community.

All of the alarms in USM Anywhere are a result of the threat intelligence from the AlienVault Labs and OTX. The threat intelligence goes to work to normalize the security log data collected from across your environment to make it easy to understand and search on, enrich it with additional threat context, and correlate it to generate meaningful, prioritized alarms.

Every alarm contains all of the threat information you need to respond quickly. This includes links back to OTX, so you can learn more about the threat, in this example, the malware family detected in this alarm.

We also pull out helpful context like source and destination IP. For example, here you can click through to OTX to learn more, instead of having to start your research in google or twitter.

As part of our threat intelligence subscription, our team writes step-by-step response guidance to help you know how to respond.

From each alarm, you can also trigger response actions, again saving precious time in having to toggle between applications. For example, if I want to isolate this endpoint using my Carbon Black endpoint protection tool, I can quickly select that action. You can create automated actions to accelerate your investigation and response activities. For example, if I want to notify my team over Slack or create a Jira or Service Now ticket, I can do all of that without having to leave the platform.

AlienVault USM Anywhere integrates with hundreds of data sources, including IT productivity and security tools for monitoring, orchestrating and responding. We continually add to this list, delivering new integrations seamlessly, so that you don’t have to worry about building your own.

Finally, AlienVault USM Anywhere accelerates and simplifies your IT security compliance efforts for industry and regulatory standards PCI DSS, HIPAA, and SOC 2. In fact, compliance management is one of the top reasons why our customers choose USM Anywhere.

You get a library of pre-built reporting templates that map directly to compliance requirements, including templates for PCI DSS, HIPAA, IS0 27001 and NIST CSF. These reports give you the visibility and documentation needed for compliance in less time.

And, because USM Anywhere automates many of the tasks required to demonstrate compliance, you can more easily maintain continuous compliance between your audits.

AlienVault helps organizations of all sizes to achieve phenomenal security, with 80% faster threat detection and response, improved SOC productivity, and with a 3 month ROI.

This is why over 7000 companies trust AlienVault.

You can get started with USM Anywhere by exploring our online demo experience, starting a free 14-day trial, or contacting us directly to speak with a rep.

Get price Free trial