Rapid Threat Detection and Response
Deploy in as little as 30 minutes for powerful integrated security technologies and emerging threat intelligence from AlienVault Labs.
Over the years, hacking techniques have become more sophisticated and they continue to evolve every day--making them very difficult to detect and respond to. To combat this trend and make security a possibility for organizations with limited resources, AlienVault Unified Security Management (USM) delivers real-time threat intelligence and threat prioritization by leveraging the kill chain taxonomy. This makes it easier to spot attackers, their victims, their methods and their intents.
We research global threats & vulnerabilities every day so that you don’t have to
Your USM platform receives updated threat intelligence every 30 minutes under the direction of the AlienVault Labs threat research team. This dedicated team spends countless hours analyzing the different types of attacks, emerging threats, suspicious behavior, vulnerabilities and exploits they uncover across the entire threat landscape. They also leverage the power of the AlienVault Open Threat Exchange™ (OTX), the world’s first truly open threat intelligence community that enables collaborative defense with actionable, community-powered threat intelligence. With over 37,000 participants from over 140 countries providing global insight into the latest attack trends and bad actors, USM users are assured they’ve got the most up-to-date, comprehensive threat intelligence in their USM deployment, on day one.
Global Threat Intelligence, Localized for You
Utilize Global Threat Intelligence Automatically
Attacks morph over time and new exploits are discovered every day. AlienVault Labs does the heavy lifting for you, with a variety of collection and analysis techniques, continually updating your USM installation with new signatures, rules, reports, and plug ins.
Advanced Threat Detection for an Ever-evolving Landscape
Security Artifact Analysis
Using a wide range of collection techniques, including advanced sandboxing to quarantine malware samples, the AlienVault Threat Research team analyzes over 1 million unique security artifacts every day. This analysis provides key insights into the latest attacker tools and techniques.
Attacker Profile Analysis
We’re constantly monitoring hacker forums and underground networks for in-depth profiling of the common traits of cyber criminals. This information gives us unparalleled access for understanding the “attack horizon” and has resulted in major discoveries such as the evolution of Sykipot, Red October, and other malware outbreaks.
Honeypot Deployment and Analysis
Our global honeypots are essentially “virtual venus fly traps” set up to detect, capture, and analyze the latest attacker techniques and tools. Leveraging honeypots placed in high traffic networks, our USM platform customers are armed with the latest defensive strategies in the form of updated event correlation rules, IDS and vulnerability signatures, and more.
Open Collaboration with State Agencies, Academia, and Other Security Research Firms
Thanks to the broad reach of our threat intelligence sharing community, we’ve been able to establish strong connections with state agencies around the world, academic researchers and other security vendors. These relationships enable us access to pre-published vulnerability and malware updates as well as enhanced verification of our own research. By gathering threat intelligence from a diverse install base, spread across many industries and countries, and composed of organizations of all sizes, we’re able to shrink an attacker’s ability to isolate targets by industry or organization size.
Intelligent Threat Detection and Response with Kill Chain Taxonomy
With the constantly evolving nature of most threats, it can be difficult to address every incident and alert that occurs in your environment. Cutting through the clutter and removing false positives requires successful threat detection and prioritization. However, standard methods of prioritization are very time consuming and flawed.
With AlienVault USM’s Kill Chain Taxonomy, we’ve made threat detection and prioritization easy. Kill Chain Taxonomy allows you to focus your attention on the most important threats. Attacks are classified into five categories and provide you with contextual information to help you understand attack intent and threat severity, based on how they're interacting with your network.
- System Compromise – Behavior indicating a compromised system.
- Exploitation & Installation – Behavior indicating a successful exploit of a vulnerability or backdoor/RAT being installed on a system.
- Delivery & Attack – Behavior indicating an attempted delivery of an exploit.
- Reconnaissance & Probing – Behavior indicating a bad actor attempting to discover information about your network.
- Environmental Awareness – Behavior indicating policy violations, vulnerable software, or suspicious communications.
The Unified Security Management™ Difference
5 Essential Security Capabilities in a Single Console
The AlienVault Unified Security Management™ (USM) platform provides five essential security capabilities in a single console, giving you everything you need to manage both compliance and threats. Understanding the sensitive nature of IT environments, we include active, passive and host-based technologies so that you can match the requirements of your particular environment.