SIEM Event Correlation
Accelerate Threat Detection and Response
Simplify SIEM event correlation and accelerate your incident response time. AlienVault Unified Security Management™ (USM) brings together related asset, vulnerability, intrusion, malicious actor intent, and remediation info for every alarm. The result?
Everything you need in a single pane of glass to assess threats accurately and expedite response, with none of the integration headaches.
Automate Event Correlation
When an incident happens you need immediate visibility into who, what, when, where, and how of the attack. Event log data doesn’t provide enough context to make effective decisions. IT teams without deep security expertise must conduct research into each alarm to understand the context—its significance and what to do about it.
The USM platform’s integrated threat intelligence from AlienVault Labs eliminates the need for IT teams to spend precious time conducting their own research as it automatically correlates events into actionable intelligence. USM identifies the most significant threats targeting your network with timely, relevant threat intelligence that provides every detail you need in the alarm: what’s being attacked, who is the attacker, what is their objective, and how to respond.
AlienVault Labs deliver regular updates to this threat intelligence in the form of a coordinated set of advanced correlation rules and product updates, including up-to-the-minute guidance on emerging threats and context-specific remediation guidance, which accelerates and simplifies threat detection and remediation.
You also receive notification when a known bad actor is targeting your network. The AlienVault Open Threat Exchange (OTX) alerts you to Indicators of compromise (malicious IP address, domains, MD5 hashes of malware, etc.) are detected in your log files. OTX is the world’s first truly open threat intelligence community that enables collaborative defense with actionable, community-powered threat data.
More Than 2,000 Correlation Directives and Growing
Detect the most common types of attacks today and stay ahead of attackers with weekly updates from AlienVault Labs
- Web service attacks (e.g. SQL injections, cross site scripting, etc.)
- Bruteforce authentication attacks (e.g. SSH, LDAP, NetBIOS, etc.
- Distributed denial of service attacks (DDoS)
- Malware detection (e.g. ransomware, trojans, bots and more)
- Common network attacks (e.g. IP spoofing, hijacking attempts, etc.)
- Policy violations (e.g. anonymous proxy use, BitTorrent, P2P, etc.)
- Other suspicious behavior (e.g. login from Tor network)
Have specific needs for log sources or in-house applications? You can create and apply custom rules easily. Rather than start from scratch you could simply edit one of the built-in security event correlation directives. It’s free to try and quick to see how you can get the full picture for security visibility.
More Than Just a SIEM
Traditional SIEM solutions promise to provide what you need – but the path to get there is one most of us can’t afford. Traditional SIEM solutions integrate and analyze the data produced by other security technologies that are already deployed, but unfortunately most mid-market organizations don’t have those other technologies deployed yet! AlienVault USM provides a different path. In addition to all the functionality of a traditional SIEM, AlienVault USM also builds the essential security capabilities into a single platform with no additional feature charges. And AlienVault’s focus on ease of use and deployment makes it the perfect fit for mid-market enterprises and organizations with limited budget and few in-house resources.
|Trouble Ticketing||Built-In||$$ (3rd-party)|
|Security Monitoring Technologies:|
|Asset Discovery||Built-In||$$ (3rd-party)|
|Network IDS||Built-In||$$ (3rd-party)|
|Host IDS||Built-In||$$ (3rd-party)|
|Full Packet Capture||Built-In||$$ (3rd-party)|
|File Integrity Monitoring||Built-In||$$ (3rd-party)|
|Vulnerability Assessment||Built-In||$$ (3rd-party)|
|Continuous Threat Intelligence||Built-In||$$ (3rd-party)|
|Unified Management Console||Built-In||$$ (3rd-party)|