We’ve experienced firsthand just how frustrating and challenging security can be – the struggles with failing SIEM implementations; having to settle for inadequate security due to budget constraints; shelving hundreds of thousands of dollars of security software because it is just too hard to use; and, of course, the aftermath of security breaches that could have been prevented.

We founded AlienVault to help organizations of all shapes and sizes achieve world-class security without the headaches and huge expense of other solutions. And we are passionate about our mission.

Why We’re Different

To give our customers the very best threat detection and response, our unified platform – AlienVault Unified Security Management (USM) – combines 5 key security capabilities with expert threat intelligence that is updated every 30 minutes with data from the Open Threat Exchange (OTX) that has been analyzed and classified by our AlienVault Labs team.

Every day, AlienVault Labs analyzes an immense amount of data submitted to OTX by more than 37,000 participants from 140+ countries. We’re proud to say that OTX is the world’s first truly open threat intelligence community that enables collaborative defense with actionable, community-powered threat intelligence.

Managing Cloud Security Has Never Been Easier

AlienVault® USM Anywhere™ is a cloud-based security management platform that accelerates and simplifies threat detection, incident response, and compliance management for your on-premises, cloud, and hybrid cloud environments. USM Anywhere delivers support for Amazon Web Services, Microsoft Azure Cloud, Microsoft Hyper-V, and VMWare ESXi — providing you a comprehensive solution for managing security across your public and private cloud infrastructure.

With USM Anywhere, you can rapidly deploy software sensors natively into all of your virtual and cloud environments while centrally managing data collection, analysis, and detection of threats to your business operations.

  • Get the essential security capabilities in a single SaaS platform, including asset discovery, vulnerability assessment, intrusion detection, behavioral monitoring, security information and event management (SIEM), & log management
  • Eliminate blind spots in your cloud, hybrid cloud, & on-premises environments
  • Detect emerging threats across your infrastructure with real-time, integrated threat intelligence
  • Respond quickly to incidents & conduct thorough investigations
  • Measure, manage, & report on compliance (PCI, HIPAA, ISO, & more)
  • Optimize your existing security investments and reduce risk

USM Anywhere delivers all of the essential capabilities you need for comprehensive cloud security monitoring and management in a single SaaS platform.

Five Essential Cloud Security Capabilities in a Single SaaS Platform

AlienVault USM Anywhere provides five essential security capabilities in a single SaaS platform, giving you everything you need to detect and respond to threats and manage compliance. As a cloud-based security management solution, you can scale your threat detection and response capabilities as your hybrid environment changes, and pay for only exactly what you need, when you need it. Finally, you can focus on identifying cloud security issues and responding to threats, not managing software!

Integrated Threat Intelligence for the Best Protection

Your USM Anywhere cloud security management platform receives continuous updates from the AlienVault Labs Threat Researchteam. This dedicated team spends countless hours analyzing the different types of attacks, emerging threats, suspicious behavior, vulnerabilities, and exploits that they uncover across the entire threat landscape.

We supplement the AlienVault Labs’ research with data from our Open Threat Exchange (OTX). OTX is the largest and most authoritative crowd-sourced threat intelligence exchange in the world, providing security for you that is powered by all.

Every day, more than 47,000 participants from 140+ countries contribute over 4 million threat indicators to OTX. We automatically analyze raw OTX data using a powerful discovery engine to determine the nature of the threat and a similarly powerful validation and machine learning engine that continually curates the database and certifies the validity of those threats.

Deploying USM Anywhere is Fast and Easy

USM Anywhere consists of a modular, scalable, two-tier architecture to manage and monitor every aspect of cloud security. Software sensors collect and normalize data from all of your on-premises and cloud environments, while USM Anywhere provides centralized cloud security management, analysis, correlation, detection, alerting, log management, and reporting.

Purpose-built USM Anywhere software sensors deploy natively into each environment and help you gain visibility into all of your on-premises and cloud environments. These sensors collect and normalize logs, monitor networks, and collect information about the environments and assets deployed in your hybrid environments.

USM Anywhere is fast and easy to deploy to accelerate cloud security management.

Accelerate Threat Detection with
Intrusion Detection Systems

AlienVault® Unified Security Management™ (USM™) delivers built-in intrusion detection systems for your critical IT infrastructure, enabling you to detect threats as they emerge in the cloud and on premises. With AlienVault USM, you can also collect and correlate events from your existing IDS/IPS into a single console for complete security visibility while protecting your investments.

USM provides comprehensive intrusion detection as part of an all-in-one unified security management console. It includes built-in host intrusion detection (HIDS), network intrusion detection (NIDS), as well as AWS IDS and Azure IDS for your public cloud environments.

To ensure that you are always equipped to detect the latest emerging threats, AlienVault Labs Security Research Team delivers continuous threat intelligence updates directly to USM. This threat data is backed by the AlienVault Open Threat Exchange™ (OTX™)—the world’s first open threat intelligence community.

Intrusion Detection Systems for Any Environment

  • Intrusion Detection for AWS & Azure Clouds
  • Network Intrusion Detection System (NIDS)
  • Host Intrusion Detection System (HIDS) and File Integrity Monitoring (FIM)

Quickly View Threats in the Dashboard

  • Use the Kill Chain Taxonomy to quickly assess threat intent and strategy
  • Automatic notifications and noise reduction help you to work more efficiently

Powerful Analytics Uncover Threat and Vulnerability Details – All in One Console

  • Search and analyze events and event details in highly granular, flexible ways
  • Identify assets and vulnerabilities in a consolidated view

Integrated Threat Intelligence from AlienVault Labs

  • Continuous threat intelligence delivered, so you can focus on responding to threats faster
  • Powered by the Open Threat Exchange (OTX)

Intrusion Detection Systems for Any Environment

Intrusion Detection in the Cloud

While traditional IDS software is not optimized for public cloud environments, intrusion detection remains an essential part of your cloud security monitoring. That’s why USM Anywhere provides native intrusion detection system (IDS) capabilities in AWS and Azure cloud environments. Purpose-built cloud sensors in USM Anywhere leverage the control plane management tools in AWS and Azure, giving you full visibility into every operation that happens in your cloud “data center.”

Network Intrusion Detection System (NIDS)

On premises, use the built-in network intrusion detection system (NIDS) to catch threats targeting your vulnerable systems with signature-based anomaly detection and protocol analysis technologies. NIDS sensors collect data from multiple on-premises applications, systems, and devices to identify the latest attacks, malware infections, system compromise techniques, policy violations, and other exposures.

Host-based Intrusion Detection System (HIDS) and File Integrity Monitoring (FIM)

Host Intrusion Detection Systems (HIDS) enable you to analyze system behavior and configuration status to track user access and activity. With built-in HIDS in USM, you can detect potential security exposures such as system compromise and changes to critical configuration files (e.g. registry settings, /etc/passwd), common rootkits, and rogue processes.

Benefits of Host Intrusion Detection include:

  • Simple installation of HIDS sensors
  • The ability to log verbose application activity, providing security visibility at the application layer
  • The ability to run file and Windows registry integrity scans to spot any tampering with sensitive and essential files
  • Rootkit detection and other malware installation detection on your servers and workstations

Quickly View Threats in the Dashboard

USM uses the Kill Chain Taxonomy to highlight the most important threats facing your environment and the anomalies you should investigate. You can easily see the types of threats directed against your critical infrastructure and when known bad actors have triggered an alarm.

Attack Intent & Strategy

The Kill Chain Taxonomy breaks out threats into five categories, allowing you to understand the intent of the attacks and how they’re interacting with your cloud environment, on-premises network, and assets:

  • System Compromise – Behavior indicating a compromised system.
  • Exploitation & Installation – Behavior indicating a successful exploit of a vulnerability or backdoor/RAT being installed on a system.
  • Delivery & Attack – Behavior indicating an attempted delivery of an exploit.
  • Reconnaissance & Probing – Behavior indicating an actor attempt to discover information about your network.
  • Environmental Awareness – Behavior indicating policy violations, vulnerable software, or suspicious communications.

Complete Threat Evidence

See attack methods, related events, source and destination IP addresses, as well as remediation recommendations in a unified view, so you can investigate and respond to threats faster.

Reduced Noise

Correlating IDS/IPS data with multiple built-in security tools reduces false positives and increases accuracy of alarms.

Automatic Notifications

Set up email notifications to proactively inform you of critical alarms that may indicate a system compromise or attack.

Workflow Management

With USM Appliance™, you can easily create tickets from any alarm, delegate to users, or integrate with an external ticketing system to manage your response and remediation activities.

Powerful Analytics Uncover Threat and Vulnerability Details – All in One Console

Get to the bottom of who and what’s targeting your assets and what systems are vulnerable.

Search and Analyze Events

You have the flexibility to conduct your own analysis. For example, you may want to search for events that came from the same host as the offending traffic triggering an alarm.

  • Search events to identify activity and trends
  • Filters help you find more granular data
  • Sort by event name, IP address, and more
  • Examine raw log data related to alarm activity
  • Raw logs are digitally signed for evidentiary purposes

Check Assets and Vulnerabilities

Search the built-in asset inventory for assets involved with an alarm. Integrated vulnerability assessment scans indicate whether an attack is relevant by identifying vulnerable operating systems, applications and services and more – all consolidated into a single view.

  • See all reported alarms and events by asset
  • Modify your mitigation / remediation strategy based on presence of threats targeting vulnerable systems
  • Correlate reported vulnerabilities with malicious traffic

Examine Event Details

See the alarm, the individual event(s) that triggered the alarm, and the priority of the alarm.

You can click on any event to examine details such as:

  • Normalized event
  • SIEM information
  • Reputation of source and destination IP addresses
  • Knowledge base about the event
  • Forensics data about what triggered the event

Inspect Packet Captures

Use integrated packet capture functionality to capture interesting on-premises traffic for offline analysis. In USM Appliance, packets can be viewed in the web user interface, or you can download the capture as a PCAP file.

  • Set capture timeout
  • Select number of packets to capture
  • Choose source and destination IP addresses to capture

Integrated Threat Intelligence from AlienVault Labs Security Research Team

The AlienVault Labs Security Research Team constantly scours the global threat landscape to identify the latest attack methods, bad actors, and vulnerabilities that could impact your security. The team curates this data and delivers continuous threat intelligence updates directly to your USM environment, so you always have the most up-to-date threat intelligence as you monitor your environment for emerging threats.

Every day, AlienVault Labs collects millions of threat indicators, including data from the Open Threat Exchange (OTX), the world’s first truly open threat intelligence community. This community of security researchers and IT professionals share threat data as it emerges “in the wild,” so you get global insight into attack trends and bad actors that could impact your operations.

Continuous Threat Intelligence Delivered

In USM, security intelligence is continuously delivered in the form of coordinated rulesets. These include:

  • Network IDS signatures
  • Host-based IDS signatures
  • Asset discovery signatures
  • Vulnerability assessment signatures
  • Correlation rules
  • Reporting modules
  • Dynamic incident response templates
  • Newly supported & updated data source plug‐ins