AlienVault Unified Security Management (USM) Overview
Today I’m going to walk you through a quick overview of the Alien Vault Unified Security Management platform, often referred to as: AlienVault USM. The USM platform provides the essential security capabilities that work together for a fast and cost-effective way for organizations to have complete visibility into the security of their environment. Now let’s take a look at each of these capabilities. Understanding your environment is the critical first step to being able to identify security issues in it. Let’s start with asset discovery. Not only does USM go to work immediately, discovering the assets as you turn it on, but we also collect metadata to provide important context to your security events. USM can collect and detect information such as software services, users logged in, the operating system of the asset, and even hardware information like CPU and memory. USM leverages several built-in tools to gather information about the assets in your environment. We know that time is important, especially in security, so we place all of this information in one easy-to-use screen. In addition to all the data collected about an asset, we can also show you all the information generated by that asset. At a quick glance, you can see alarms, events, and even Netflows generated by that asset, all from the same screen.
With the information gathered during asset discovery, USM will correlated that information with known vulnerabilities for continuous vulnerability awareness. In addition, USM contains an active scanner capable of scanning for over 30,000 known vulnerabilities. USM also includes a constantly updated intrusion detection system. Not only does it provide you with alerts from your network traffic, but it also offers network-level context information, including the packets matched. In addition to our network intrusion detection system, we also include a host intrusion detection system with a client available for every major operating system, and the ability to install the agent on Windows systems directly from USM. It’s never been easier to conduct file integrity monitoring, gather operating system logs, and even perform rootkit checking.
To give better visibility into your network, and possibly detect intrusions that don’t follow behavioral patterns, we offer Netflow information, bandwidth monitoring, and traffic capture, all part of our behavioral monitoring capabilities built into USM. All of this is in addition to our log management and analysis capabilities. Integrating event logs from your infrastructure provides critical insight into the day-to-day behaviors of your assets. All of these essential security capabilities are powered by the work of AlienVault labs. Our security researchers work tirelessly to provide the system with the ability to detect the latest threats and deliver that knowledge through the AlienVault threat intelligence, which is delivered to your AlienVault USM deployment automatically. They focus on using the technologies in a coordinated fashion, so that they can detect the behaviors of malware, moving beyond traditional signature-based detection.
The AlienVault threat intelligence allows USM to find threats and generates easy-to-understand alarms, making it simple to focus on the things that matter. The AlienVault alarms panel shows you at a glance all of the alarms, separated by the attacker’s intent, using an intelligence-driven defense project called the cyber kill chain. Looking at the alarm summary, you can tell the difference between network policy, anomalies, and even more dangerous events like malware infections. When investigating an alarm through our incident response screen, we display all of the information and context needed for that investigation. With all of this data in one place, you can make faster and more accurate decisions. If you want to perform further investigation on a host, a simple right click will give you a drill down access to even more options, and more information related to that host.
Gathering network intelligence has never been more important than it is today. Not only can USM help you gather intelligence about your own local network, but our open threat exchange can help alert you to external threats as well. In addition to the work done by AlienVault labs, USM users can also participate in open threat exchange. OTX is a threat-sharing network built into the product, making it possible to learn from others and easily identify known malicious attackers targeting your environment. With updates every thirty minutes, OTX allows you to achieve preventative response by learning how others are targeting and tuning your defenses to avoid becoming a target yourself.
With a single platform, USM provides the security technology required by most compliance regulations. From file integrity monitoring, to IDS, to log management – USM makes compliance easier. Not only do we provide the tools you need to be compliant, but USM also gathers the information you need, and generates the reports as evidence to give to auditors. With all of the essential security controls built-in, AlienVault USM puts complete security visibility within fast and easy reach of security teams who need to do more with less. Spend more time investigating the alarms, and people attacking your systems, and less time setting up and integrating all the other security tools needed for true operational security. USM gives you the security visibility you need to understand who is attacking, what they are targeting, and what your true vulnerabilities are. With USM, you can achieve true security visibility in minutes, not months. If you’ve liked what you’ve seen, you can download a free thirty day trial, or you can schedule and in-depth demo on our website.