Threat analysis solutions
AlienVault’s comprehensive threat analysis is delivered as seamlessly integrated threat intelligence in an all-in-one security management platform—saving you countless hours of threat research to detect the latest threats.
Secure Your Infrastructure with Streamlined Threat Detection and Analysis
Threat analysis is a demanding, time-consuming exercise for security practitioners. It requires you to stay current with the latest threats, techniques, and vulnerabilities. To do so you need a massive threat data collection process that is global in scale, advanced analytical capabilities to process the data, and time. Done properly, the output of threat analysis is threat intelligence: information about malicious actors, their tools, infrastructure and methods.
To avoid spending countless hours that your IT team doesn’t have in attempting to develop actionable threat intelligence, you need a security solution that conducts threat analysis for you.
The AlienVault® Unified Security Management™ (USM™) platform delivers five essential security capabilities in one platform, as well as built-in threat intelligence from the AlienVault Labs Security Research Team. This provides you with everything you need to detect threats, prioritize response, and manage compliance.
AlienVault USM accelerates and simplifies your ability to detect and analyze threats by receiving relevant, timely, and actionable threat intelligence from the AlienVault Labs Security Research Team.
- Locate all the assets in your cloud and on-premises environments
- Identify the vulnerable assets and systems and prioritize remediation
- Detect malicious activity targeting your cloud and on-premises infrastructure
- See a prioritized view of the most significant threats targeting your cloud and on-premises infrastructure
- Drill down and investigate risks for additional context and remediation guidance
Actionable Threat Intelligence Requires Effective Threat Analysis
Effective threat analysis is a demanding yet essential process for generating quality threat intelligence. It requires you to collect a large volume of diverse threat data in real-time, and analyze the behavior to understand the intent of the malicious activity.
You need multiple security tools and data sources to amass the threat data, and then you need to build processes and systems on top of those tools to effectively analyze that data to generate actionable information. Additionally, you need to build your systems to conduct automated analysis, as there is simply too much data to process manually.
To detect patterns of behavior, you need to curate the threat data and combine it with supplemental information about the evolving threat landscape, effectively tuning your security program to detect and respond to threats.
And once your systems and tools have surfaced the relevant data and information, you also need human expertise to interpret the data. Armed with this detailed understanding of malicious actors’ tools, infrastructure, and methods, you can tune your security tools to incorporate the relevant information and detect the latest threats.
Global Visibility from Diverse Data Sources
AlienVault collects tens of millions of threat indicators daily via the Open Threat Exchange® (OTX™), the world’s largest crowd-sourced repository of threat data, and other external sources. We curate the data and combine it with additional information about attackers' tools, infrastructure, and methods to detect malicious behaviors — true threat intelligence.
AlienVault follows a multi-phased threat analysis process to generate AlienVault’s threat intelligence. The first phase is data collection.
We collect over 10 million threat indicators every day, including malicious IP addresses and URLs, domain names, malware samples, and suspicious files. We aggregate this data in OTX from a wide range of sources, including:
- External threat vendors
- Open sources
- High-interaction honeypots that we set up to capture the latest attacker techniques and tools
- Community-contributed threat data in the form of OTX "pulses"
- USM and OSSIM users voluntarily contributing anonymized data
Smaller Needles, Bigger Haystacks
After collecting mountains of threat data, the next phase of the threat analysis process is to employ Systems and Processes we set up to assess the validity and severity of each of these threat indicators collected in OTX. These include a Contribution System for malware, a URL System for suspicious URLs, and an IP Reputation System for suspicious IP addresses.
We then use Threat Evaluation tools developed by the AlienVault Labs team to test and validate specific threat indicators before publishing any data.
These evaluation tools include a Malware Analyzer, a DNS Analyzer, a Web Analyzer, and a BotNet Monitor. As an example, we verify that a domain is distributing malware using our Web Analyzer. We connect to the suspicious URL, analyze and then execute the file, and if the file is malicious, we mark the server as malicious.
The Outputs, or raw analyzed threat data, are delivered to the AlienVault Labs team. The raw threat data is also shared with OTX community via the OTX portal.