Information Security Continuous Monitoring

Continuous monitoring capabilities in AlienVault USM™ allow you to detect and respond to threats no matter when they occur.

As threats continue to evolve and increase in volume and frequency, you can no longer rely on static information security monitoring. Rather, you need continuous security monitoring that provides a comprehensive view of your IT environment.

Continuous Information Security Monitoring can assist in:

  • Knowing who and what is connected to your network at all times
  • Identifying vulnerabilities rapidly
  • Reducing overall IT security risk
  • Meeting compliance demands

However, many enterprises lack the ability to leverage their existing IT security investments into a seamless process to obtain truly integrated continuous security monitoring.

AlienVault Unified Security Management™ (USM™) comes fully integrated with a suite of continuous information security monitoring capabilities:

Service & Infrastructure Monitoring

  • Asset discovery
  • IP and hardware MAC address pairing for inventory and to detect MAC spoofing
  • Host-based software inventory
  • Continuous monitoring of services

Continuous Vulnerability Monitoring

  • Scheduling and customization
  • Extensive and dynamic vulnerability database
  • Continuous vulnerability monitoring
  • Active and passive network scanning

Always on Network Monitoring

  • Detect threats and activity with known malicious hosts
  • Baseline network behavior and spot suspicious activity
  • Know what’s connected to your network

Service & Infrastructure Monitoring

Continuous monitoring for security doesn’t necessarily mean that you need to monitor all things at all times. Rather, it means that you need to know the status of key services across your infrastructure to determine the health of critical systems.

Before you can do this though, you first need to determine which systems are the most important to the business. Once you determine that, you need to establish what information security-related services or protocols you need to monitor on a continuous basis.

AlienVault USM provides built-in asset discovery to determine what’s on your network at any given time as well as built-in continuous monitoring of services run by critical systems. You can use active or passive network scanning to determine what is on your network. On a periodic basis, or on-demand, AlienVault USM probes the device to confirm that the service is still running and available.

Continuous Vulnerability Monitoring

Vulnerability management is an ongoing process, therefore by its very nature an essential part of any information security continuous monitoring initiative.

However, frequent vulnerability scanning can impact your production systems. Additionally, the output from the scans can generate extensive lists of vulnerabilities that you need to triage and prioritize.

AlienVault USM can address both of these concerns. Continuous vulnerability monitoring, also known as passive vulnerability detection, means AlienVault USM correlates the data gathered by its asset discovery scans with known vulnerability information. This provides continual vulnerability information without the overhead of network noise and system impact.

AlienVault USM also helps prioritize remediation with multiple technologies to complement vulnerability scanning such as Host and Network IDS (Intrusion Detection Systems), NetFlow and SIEM (Security Information and Event Management). This gives you visibility where a vulnerable asset is actually exposed to threats – allowing you to focus on the most important issues first.

  • Scan and monitor for new vulnerabilities continuously
  • Detect the latest threats with continuous threat intelligence
  • Gain complete security visibility and threat detection
  • Authenticated and unauthenticated scanning

Always on Network Monitoring

The IT landscape of today is very different from what it was several years ago. Traditional perimeter and endpoint monitoring alone is no longer sufficient, which is why it is important to continuously monitor the network in order to better understand what activity is occurring and uncovering threats before they materialize.

AlienVault USM’s Network Flow Analysis provides the high level trends related to what protocols are used, which hosts use the protocol and the bandwidth usage. This allows for continuous monitoring and gives you a picture of what is happening across your network at any given time.

In addition to this, Network Protocol Analysis and Packet Capture allows you to undertake detailed analysis of activities that transpired and fully replay events that led up to an incident. Always on – always monitoring.