Securing your network from threats is a constantly evolving challenge, especially for federal government agencies with much valuable data to protect, and where IT security resources are often limited. AlienVault has helped many government organizations get complete security visbility for effective threat detection and response, without breaking the bank.
Join us for a live demo to see how AlienVault USM addresses these key IT security needs:
Discover all IP-enabled assets to get an accurate picture of attack surface
Identify vulnerabilities like insecure configurations and unpatched software
Improve situational awareness with real-time threat detection and alerting
Speed incident containment & response with built-in remediation guidance for every alert
Investigate anomalies in protocol usage, privilege escalation, host behavior and more
Generate fast & accurate reports for compliance & management
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Improve Situational Awareness for Federal Government with AlienVault USM
1.
2. About AlienVault
Founded in 2007 and headquartered in San Mateo, CA with
offices in:
• Madrid, Spain (Sales & Support)
• Austin, Texas (Dev, Engineering, Sales & Support)
• Cork, Ireland (Sales & Support)
Over 14,500 active implementations
Over 1,900 customers
Only company to be named “Visionary” in the Gartner
Magic Quadrant in 2013 and 2014
Backed by Premier Investors including GGV Capital, KPCB,
Trident Capital, and Intel Capital
• Closed on Series D funding in December 2013
3. Agenda
Threat Landscape
OMB / OPM Government-wide 30-Day Sprint
5 Essential Security Capabilities for Unified Controls
AlienVault Open Threat Exchange – What is it and how do Federal users
benefit?
Solution Architecture
Demonstration – Victor Obando
Q&A
4. Threat Landscape - Our New Reality
The Public Sector experienced nearly 50 times more
cyber incidents than any other industry in 2014 and it’s
not slowing down into 2015.
Federal CIO’s cannot simply rely on traditional
boundary protection anymore and recruiting top-talent
for cyber security remains a core challenge.
Continuous Monitoring / Diagnostics and Mitigation
(CDM) got off to a fast start, but in order for it to
flourish, it must be a priority for the agency from a
budget and resource perspective
84%
of organizations breached
had evidence of the
breach in their log files…
-2015 Verizon Data Breach Investigations Report
5. 30-Day Sprint - Security “Asks” for Fed Agencies
① Protecting Data: Better protect data at rest and in transit
② Improving Situational Awareness: Improve indication and warning
③ Increasing Cybersecurity Proficiency: Ensure a robust capacity to recruit and retain
cybersecurity personnel
④ Increase Awareness: improve overall risk awareness by all users
⑤ Standardizing and Automating Processes: Decrease time needed to manage
configurations and patch vulnerabilities
⑥ Controlling, Containing, and Recovering from Incidents: Contain malware proliferation,
privilege escalation, and lateral movement. Quickly identify and resolve events and
incidents
⑦ Strengthening Systems Lifecycle Security: Increase inherent security of platforms by
buying more secure systems and retiring legacy systems in a timely manner
⑧ Reducing Attack Surfaces: Decrease complexity and number of things defenders need to
protect
7. The ONLY Unified Security Management Solution
AlienVault is the only security vendor that provides the five
essential capabilities in one, pre-integrated solution
Delivers rapid time to visibility and value
8. Open Threat Exchange:
World’s Largest Crowd-sourced IP Reputation Alerting Platform
• Real-time insights on known,
validated malicious IP addresses and
incidents affecting others globally
• AlienVault Labs reacts to the
emerging threat and publishes new
correlation rules to all of our users
• Every AlienVault USM installation
receives the ThreatExchange update
and protects against potential
attacks
OTX facilitates secure collaboration to identify emerging
threats and prevent compromise. Providing the broadest
based Reputation Feed in the world.
9. Coordinated Analysis, Actionable Guidance
AlienVault Labs Threat Intelligence:
Weekly updates that cover all
coordinated rulesets:
Network and host-based IDS
signatures – detects the
latest threats in your
environment
Asset discovery signatures
– identifies the latest OS’es,
applications, and device types
Vulnerability assessment
signatures – dual database
coverage to find the latest
vulnerabilities on all your
systems
Correlation rules – translates
raw events into
actionable remediation tasks
Reporting modules –
provides new ways of viewing
data about your environment
Dynamic incident response
templates – delivers
customized guidance on how
to respond to each alert
Newly supported data
source plug-ins – expands
your monitoring footprint
9
12. 888.613.6023
ALIENVAULT.COM
CONTACT US
HELLO@ALIENVAULT.COM
Now for some Questions..
Questions? Hello@AlienVault.com
Twitter : @alienvault
Test Drive AlienVault USM
Download a Free 30-Day Trial
http://www.alienvault.com/free-trial
Check out our 15-Day Trial of USM for AWS
https://www.alienvault.com/free-trial/usm-for-aws
Try our Interactive Demo Site
http://www.alienvault.com/live-demo-site
Editor's Notes
A little background on AlienVault if you’re new to us.
We were founded in 2007 with the purpose of simplifying security operations by consolidating separate point products to be managed from a single platform. We’re headquartered in San Mateo, CA where I’m sitting at today and currently have offices in Madrid, Austin, Cork, and the UK
We’ll certainly talk more about the platform and how we’re assisting Federal organizations with improving Situational Awareness through this Unified approach later in the presentation, however just a quick summary… since 2007 the flagship USM platform has grown to integrate approximately two dozen separate security technologies that has been deployed in over 1,900 customer networks in North and South America, Europe, and Asia. With a pretty substantial footprint in the Federal space whether it be through Systems Integrators working on behalf of Federal agencies or within the various agencies you see on the right. These all represent active customers and how we’re solving the fundamental situational awareness challenge by providing folks with a comprehensive set of tools, operating on a single platform without the need for significant spend nor IT headcount to manage it all.
We are on extremely solid financial footing, with backing from some of the most well-known VC in Silicon Valley. We closed our Series D funding at the end of 2013.
And Gartner has named us ‘Visionary’ in their SIEM magic quadrant for two years in a row.
So, a little about the threat landscape we’re faced with that inevitably and constantly changes. The 2015 Verizon Data Breach Investigations Report points out that the Public Sector experienced nearly 50 times more cyber incidents than any other industry in 2014. Not necessarily shocking considering the information that cyber criminals are seeking, but the important thing to take away is that More and more Federal agencies are finding themselves in the crosshairs of various bad actors. Whether it be through phishing campagins, engineered spam, or other external threats, the sophistication of attacks through multiple threat vectors has changed dramatically., and it’s tough to keep up.
Most of you may be familiar with the 30-day sprint that was put in place by the Office of Management and Budget CIO Tony Scott, shortly after the OPM incident. This is a breakdown of the 8 priority areas he’s focusing on as government-wide security asks, giving agencies 30-days to shore up there systems and report back on where they’re gapped. The end goal of all of this will be to issue a Federal Civilian Cybersecurity Strategy based on their findings. Now when you look at this, some of you might be a little surprised as to how basic the asks are and some of you might be shaking your head in agreement. Things such as: protecting data, increase risk awareness, improve situational awareness
----- Meeting Notes (4/17/15 15:31) -----
These 5 essential capabilities are the strength of the platform
Rename Threat Detection "Intrusion Detection"
Open Threat Exchange: World’s Largest Crowd-sourced IP Reputation Alerting Platform