Information Security Asset Management and Inventory
Accelerate your asset identification, inventory and management for better threat detection with the AlienVault Unified Security Management™ (USM™) platform.
Most IT networks are in a constant state of flux. With devices continually being connected or removed from the network, it’s easy to lose track and leave some assets unmonitored. This creates a serious exposure that attackers can exploit to gain access and conduct malicious activity. To meet this challenge, you need robust information security asset management and inventory tools that make it easy to keep track of all your devices being added or removed from your network.
AlienVault Unified Security Management™ (USM™) delivers information security asset management and inventory capabilities that provide:
- Automatic Asset Discovery
- Host-based Software Inventory
- Asset Prioritization and Remediation
Automatic Asset Discovery
Before you can protect your assets, you first need to know what all your assets are and then be able to determine which systems are the most critical to your business. Not knowing or understanding your assets can create blind spots across your enterprise that malicious actors can exploit and subsequently remain hidden.
AlienVault USM provides built-in information security asset discovery capabilities that begin to discover detailed security asset information to help you visualize your entire network from the moment it’s installed.
It does so using both active and passive network scanning techniques. Active Network Scanning probes machines connected to the network and identifies them based on the responses. Passive Network Monitoring monitors the network traffic, hosts and installed software to identify the protocols and ports used.
The combination of these two techniques allows you to build up an accurate inventory of all the information security assets connected to your network.
Host-based Software Inventory
For your critical systems, you need to know more than what’s happening at the network level. You need to take a deeper look into the host to build an accurate information security asset inventory of all software, processes and system files that reside on it.
AlienVault USM includes the ability to scan for available ports that can provide a detailed and granular level of visibility into the available services on your critical assets.
It enumerates all ports listening on the machine – adding valuable context to your information security asset inventory and allowing you to quickly and easily spot where unwanted software or processes are running.
Asset Prioritization and Remediation
Not all information security assets are equal as some are more critical to the business than others based on the data, application or regulations that may apply.
When prioritizing remediation efforts, simply having an inventory of information security assets alone is not sufficient. You need to factor in which information security assets need to be prioritized.
The unified capabilities of AlienVault USM work in concert
with Information Security Asset Management and Inventory capabilities to help prioritize remediation with multiple technologies such as Host and Network Intrusion Detection Systems (IDS), Vulnerability management and Security Information and Event Management (SIEM).
AlienVault USM eliminates the ambiguity that can occur in managing your information security assets by analyzing and correlating security events and arranging them using the Kill Chain Taxonomy. This allows you to focus on the most pressing events on the most critical information security assets based on how they’re impacting your environment in five categories.
- System Compromise
- Exploitation & Installation
- Delivery & Attack
- Reconnaissance & Probing
- Environmental Awareness