Your SlideShare is downloading. ×
0
Integrated Tools in AlienVault Unified Security Management Platform
Integrated Tools in AlienVault Unified Security Management Platform
Integrated Tools in AlienVault Unified Security Management Platform
Integrated Tools in AlienVault Unified Security Management Platform
Integrated Tools in AlienVault Unified Security Management Platform
Integrated Tools in AlienVault Unified Security Management Platform
Integrated Tools in AlienVault Unified Security Management Platform
Integrated Tools in AlienVault Unified Security Management Platform
Integrated Tools in AlienVault Unified Security Management Platform
Integrated Tools in AlienVault Unified Security Management Platform
Integrated Tools in AlienVault Unified Security Management Platform
Integrated Tools in AlienVault Unified Security Management Platform
Integrated Tools in AlienVault Unified Security Management Platform
Integrated Tools in AlienVault Unified Security Management Platform
Integrated Tools in AlienVault Unified Security Management Platform
Integrated Tools in AlienVault Unified Security Management Platform
Integrated Tools in AlienVault Unified Security Management Platform
Integrated Tools in AlienVault Unified Security Management Platform
Integrated Tools in AlienVault Unified Security Management Platform
Integrated Tools in AlienVault Unified Security Management Platform
Integrated Tools in AlienVault Unified Security Management Platform
Integrated Tools in AlienVault Unified Security Management Platform
Integrated Tools in AlienVault Unified Security Management Platform
Integrated Tools in AlienVault Unified Security Management Platform
Integrated Tools in AlienVault Unified Security Management Platform
Integrated Tools in AlienVault Unified Security Management Platform
Integrated Tools in AlienVault Unified Security Management Platform
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Integrated Tools in AlienVault Unified Security Management Platform

23,612

Published on

Today more than 30 open-source security tools are built into this framework, making AlienVault the fastest way to start and the easiest way to manage a comprehensive security program.

Today more than 30 open-source security tools are built into this framework, making AlienVault the fastest way to start and the easiest way to manage a comprehensive security program.

Published in: Technology
0 Comments
9 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
23,612
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
105
Comments
0
Likes
9
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Transcript

    • 1. TAKE YOUR OPEN SOURCE SECURITY STRATEGY TO THE NEXT LEVEL The power of open source from a single, unified console WWW.ALIENVAULT.COM/
    • 2. The World’s Most Widely Used SIEM MEET OSSIM OSSIM is trusted by 195,000+ security professionals in 175 countries…and counting Established and launched by security engineers out of necessity Users enjoy all of the features of a traditional SIEM – and more
    • 3. EXAMPLE OF HOW THE TOOLS WORK TOGETHER
    • 4. Tools Classification HOW IT WORKS TOOLS integrated with AlienVault OSSIM are classified by behavior of the tool with the network Active: they generate traffic in network being monitored Passive: they analyze network traffic without generating any traffic Passive tools require port mirroring (SPAN) configured in network equipment or virtual machines to analyze traffic
    • 5. ASSET DISCOVERY
    • 6. Detecting Network Assets in AlienVault OSSIM PRADS What is it? Signature-based detection engine used to passively detect network assets OSSIM allows for distributed PrADS monitoring, to help simplify: Inventory management Version changes on services Policy violations Inventory correlation Passive Tool Passive.sourceforge.net
    • 7. Identifying Network Hosts & Services in AlienVault OSSIM NMAP (NETWORK MAPPER) What is it? Security scanner to discover hosts & services on network Product includes interface for scheduling NMAP scans & inventory system to manage results The OSSIM user interface makes it easy to schedule NMAP scans and manage results. Quickly find: network assets, open ports, service versions, operating systems and product versions Active Tool nmap.org
    • 8. Inventorying IT Assets in AlienVault OSSIM OCS INVENTORY NG What is it? Lightweight agent; provides full enumeration on installed software Collects information about hardware running OCS agent OSSIM simplifies OCS inventory installation and management of: Hardware and software inventory Vulnerabilities Information on policy violations Active Tool ocsinventory.ng.org
    • 9. VULNERABILITY ASSESSMENT
    • 10. Vulnerability Assessment in AlienVault OSSIM OPENVAS What is it? Provides both authenticated and unauthenticated vulnerability detection Actively scans network for known vulnerabilities per your specifications Daily feed of network vulnerability tests (over 33,000) Allows for scanning aggressiveness fine-tuning OSSIM gives users the ability to schedule OpenVAS scans and reporting in concert with vulnerability information. Active Tool openvas.org
    • 11. Web Vulnerability Scanning in AlienVault OSSIM NIKTO What is it? Performs comprehensive tests against web servers NIKTO in OSSIM scans web servers for problems including: Server and software misconfigurations Default files and programs Insecure files and programs Outdated software Active Tool cirt.net/nikto2
    • 12. THREAT DETECTION
    • 13. Host-based Intrusion Detection in AlienVault OSSIM OSSEC What is it? Host-based intrusion detection system How it works? OSSIM provides a web interface for OSSEC to simplify management of distributed deployments AlienVault Sensor collects events from OSSEC server OSSIM can use Windows, UNIX and application logs, as well as registry and file integrity monitoring information Active Tool ossec.org
    • 14. Network Intrusion Detection in AlienVault OSSIM SNORT What is it? Default IDS in virtual appliance Generates security events for SIEM when analyzing network traffic Combines signature, protocol and anomaly-based inspection OSSIM makes it easy to manage distributed SNORT installations. Manage IDS rules to monitor for malware signatures and policy violations (p2P, unauthorized IM, games, etc.) Passive Tool snort.org
    • 15. Intrusion Detection & Prevention in AlienVault OSSIM SURICATA What is it? Intrusion detection and intrusion prevention, based on threat signatures Same IDS signatures as SNORT Advanced processing of HTTP signatures Multi-threaded processing OSSIM makes it easy to manage distributed Suricata installations and manage IDS rules. Passive Tool Suricata.ids.org
    • 16. Wireless Intrusion Detection System in AlienVault OSSIM KISMET What is it? OSSIM uses the Kismet package for wireless IDS Works with any wireless card supporting raw monitoring (rfmon) mode With appropriate hardware, like Raspberry Pi, can sniff 802.11b, 802.11a, 802.11g & 802.11n traffic OSSIM provides an interface for easy distributed deployments of Kismet. WIFI network security monitoring Rogue Apps detection PCI compliance help Passive Tool kismetwireless.org
    • 17. SECURITY INFORMATION & EVENT MANAGEMENT
    • 18. Security Event & Information Management ALIENVAULT OSSIM OSSIM, the open source SIEM, is the most widely used SIEM in the world. What can you do with it? Event collection, normalization and correlation Leverage suite of pre- integrated, best of breed security tools for incident response Passive Tool www.alienvault.com/open-threat-exchange/projects
    • 19. BEHAVIORAL ANALYSIS
    • 20. System & Network Monitoring in AlienVault OSSIM NAGIOS What is it? Watches hosts & services and provides alerts Configurable checking of assets Can do checks with agent or remotely, without agent Wide variety of plugins for monitoring apps and devices available OSSIM provides web interface for Nagios, making distributed installations easy with: Ongoing availability monitoring Availability monitoring during logical correlation (by request) Visibility whether service ports are open or closed Active Tool nagios.org
    • 21. Network Traffic Capture in AlienVault OSSIM TCPDUMP What is it? TCPDUMP is a command-line packet analyzer and libpcap It is also a portable C/C++ library What does it do? Watches hosts and services and provides alerts Configurable checking of assets Can do checks with agent or remotely, without agent Wide variety of plugins for monitoring apps and devices available Active Tool tcpdump.org
    • 22. Generating Netflow Data in AlienVault OSSIM FPROBE What is it? Collects network traffic data and distributes it as netflow flows towards the specified collector Libpcap-based tool OSSIM provides an integrated console where you can view netflow information, from FPROBE, to assist with incident response Passive Tool fprobe.sourceforge.net/
    • 23. Netflow Collector in AlienVault OSSIM NFDUMP What is it? Read netflow data from the files stored by NFCAPD NFSUMP syntax is similar to TCPDUMP OSSIM makes it easy to quickly implement NFDUMP for netflow analysis Provides netflow data Creates customizable, top N statistics of flows, IP addresses, ports etc. Saves time by eliminating need for “How To” tutorial Passive Tool Nfdump.sourceforge.net
    • 24. Collecting IP Traffic in AlienVault OSSIM NFSEN What is it? Web based front end for NFDUMP NFSEN is a network protocol developed by Cisco to run on iOS-enabled equipment and collect IP traffic information It is supported by other platforms, such as Juniper, Linux, FreeBSD and OpenBSD OSSIM aggregates NFSEN data and allows you to: Display netflow data Process netflow data within specific time frame Create historic and continuous profiles Passive nfsen.sourceforge.net
    • 25. Network Use Monitoring in AlienVault OSSIM NTOP What is it? Network probe providing real-time & historical network usage Uses RRD Aberrant Behavior algorithm to draw predictions of future behavior **If prediction differs from real traffic, an event is generated in OSSIM In OSSIM, NTOP provides: Network usage statistics Asset information Time & activity matrices Real-time session monitoring And network abuse information Passive Tool ntop.org
    • 26. Play, share, enjoy! START USING OSSIM TODAY Download OSSIM Join AlienVault OTX Learn more about our commercial offering Try AlienVault USM, free for 30 days Join us for a LIVE Demo!

    ×