AlienVault SIEM

A Complete SIEM, And So Much More

Single-purpose SIEM software or log management tools provide valuable information, but often require expensive integration efforts to bring in log files from disparate sources such as asset management, vulnerability assessment, and IDS products. With the AlienVault USM platform, SIEM is built-in with other essential security tools for complete security visibility that simplifies and accelerates threat detection, incident response, and compliance management.

Fully Integrated SIEM Capabilities on Day 1

Drastically simplify SIEM deployment and gain valuable insight into your environment with an all-in-one platform that includes all the essential security capabilities you need, managed from a single pane of glass, working together to provide the most complete view of your security posture.

  • SIEM / event correlation
  • Asset discovery and inventory
  • Vulnerability assessment
  • Intrusion detection
  • NetFlow monitoring
  • Actionable, relevant threat intelligence from AlienVault Labs threat research team
  • Integrated global real-time view of emerging threats and bad actors from OTX, the world’s first truly open threat intelligence community that enables collaborative defense with actionable, community-powered threat intelligence
  • 2,000+ Correlation Directives: Ships with over 2,000 pre-defined correlation directives so you don’t have to spend hours creating your own.
  • Always Vigilant: Continuous updates from AlienVault Labs include new correlation directives, threat signatures, remediation guidance, and more.

More Than Just a SIEM

Traditional SIEM solutions promise to provide what you need – but the path to get there is one most of us can’t afford. Traditional SIEM solutions integrate and analyze the data produced by other security technologies that are already deployed, but unfortunately most mid-market organizations don’t have those other technologies deployed yet! AlienVault USM provides a different path. In addition to all the functionality of a traditional SIEM, AlienVault USM also builds the essential security capabilities into a single platform with no additional feature charges. And AlienVault’s focus on ease of use and deployment makes it the perfect fit for mid-market enterprises and organizations with limited budget and few in-house resources.

Features

AlienVault USM

Traditional SIEM

Management:    
     Log Management
     Event Management
     Event Correlation
     Reporting
     Trouble Ticketing Built-In $$ (3rd-party)
Security Monitoring Technologies:    
     Asset Discovery Built-In $$ (3rd-party)
     Network IDS Built-In $$ (3rd-party)
     Host IDS Built-In $$ (3rd-party)
     Netflow Built-In $$ (3rd-party)
     Full Packet Capture Built-In $$ (3rd-party)
     File Integrity Monitoring Built-In $$ (3rd-party)
     Vulnerability Assessment Built-In $$ (3rd-party)
Additional Capabilities:    
     Continuous Threat Intelligence Built-In $$ (3rd-party)
     Unified Management Console Built-In $$ (3rd-party)

Centralized Threat Alerts

Prioritize with Kill Chain Taxonomy

The promise of SIEM software is particularly powerful—collecting data from disparate technologies, normalizing it, centralizing alerts, and correlating events to tell you exactly what to focus on. Unfortunately, achieving and maintaining the promise of SIEM is time-consuming, costly, and complex.

AlienVault USM builds in all the security capabilities you need plus a centralized alarm dashboard that utilizes the Kill Chain Taxonomy to focus your attention on the most important threats. It breaks attacks out into five threat categories that help you understand attack intent and threat severity, based on how they're interacting with your network.

  • System Compromise – Behavior indicating a compromised system.
  • Exploitation & Installation – Behavior indicating a successful exploit of a vulnerability or backdoor/RAT being installed on a system.
  • Delivery & Attack – Behavior indicating an attempted delivery of an exploit.
  • Reconnaissance & Probing – Behavior indicating a bad actor attempting to discover information about your network.
  • Environmental Awareness – Behavior indicating policy violations, vulnerable software, or suspicious communications.

Drill Down and Analyze Consolidated Threat Details in One Console

Accelerate your response work by analyzing related threat details on one console. See the directive event, the individual event(s) that triggered the directive event, and the correlation level of the directive rule.

You can click on any event to examine details such as:

  • Normalized event
  • SIEM information
  • Reputation of source and destination IP addresses
  • Knowledge base about the event
  • Payload of the packet triggering the event

Detect the Latest Threats with Weekly Threat Intelligence Updates

Researching threats and maintaining your SIEM software, IDS, and vulnerability assessment tools for the latest threat detection isn’t trivial. Let us do the heavy lifting for you.

AlienVault Labs threat research team fuels your USM platform with the latest threat intelligence, so you can focus on detecting and responding to the most critical issues in your network.

AlienVault Labs threat research team spends countless hours mapping out the different types of attacks, the latest threats, suspicious behavior, vulnerabilities, and exploits they uncover across the entire threat landscape. They leverage the power of OTX, the world’s largest crowd-sourced repository of threat data to provide global insight into attack trends and bad actors.

AlienVault Labs delivers eight coordinated rulesets:

  • Network IDS signatures
  • Host-based IDS signatures
  • Asset discovery signatures
  • Vulnerability assessment signatures
  • Correlation rules
  • Reporting modules
  • Dynamic incident response templates
  • Newly supported data source plug‐ins

AlienVault Product Tour

  • Real-time threat intelligence utilizes kill-chain taxonomy to identify attackers, their victims, their methods and their intents.
  • Each alarm provides detailed and customized instructions on how to investigate and respond to malicious activity.
  • Customizable executive dashboards provide overviews and click-through details about your security and compliance posture.
  • All you need to know about an asset for incident investigation and response – in one window.
  • Automated asset discovery provides granular details on all devices in your network.
  • Targeted guidance eliminates the guesswork associated with integrating data sources and provides precise suggestions for improving visibility.
  • Built-in network flow analysis provides all the data you need for in-depth investigations – including packet capture.
  • Secure storage of raw event data satisfies regulatory compliance requirements while an easy-to-use interface allows for quick searches.
  • Identify malicious actors attempting to interact with your network using our dynamic IP reputation data.
  • Centralized, integrated "how to" documentation for all you need to know about USM.
  • Built-in network IDS and host IDS results in more accurate threat detection and event correlation, faster deployment and simpler management.
  • Built-in vulnerability assessment simplifies security monitoring and speeds remediation.