Securing your network from threats is a constantly evolving challenge, especially for federal government agencies with much valuable data to protect, and where IT security resources are often limited. AlienVault has helped many government organizations get complete security visbility for effective threat detection and response, without breaking the bank. Join us for a live demo to see how AlienVault USM addresses these key IT security needs: Discover all IP-enabled assets to get an accurate picture of attack surface Identify vulnerabilities like insecure configurations and unpatched software Improve situational awareness with real-time threat detection and alerting Speed incident containment & response with built-in remediation guidance for every alert Investigate anomalies in protocol usage, privilege escalation, host behavior and more Generate fast & accurate reports for compliance & management

2. About AlienVault
Founded in 2007 and headquartered in San Mateo, CA with
offices in:
• Madrid, Spain (Sales & Support)
• Austin, Texas (Dev, Engineering, Sales & Support)
• Cork, Ireland (Sales & Support)
Over 14,500 active implementations
Over 1,900 customers
Only company to be named “Visionary” in the Gartner
Magic Quadrant in 2013 and 2014
Backed by Premier Investors including GGV Capital, KPCB,
Trident Capital, and Intel Capital
• Closed on Series D funding in December 2013

3. Agenda
Threat Landscape
OMB / OPM Government-wide 30-Day Sprint
5 Essential Security Capabilities for Unified Controls
AlienVault Open Threat Exchange – What is it and how do Federal users
benefit?
Solution Architecture
Demonstration – Victor Obando
Q&A

4. Threat Landscape - Our New Reality
The Public Sector experienced nearly 50 times more
cyber incidents than any other industry in 2014 and it’s
not slowing down into 2015.
Federal CIO’s cannot simply rely on traditional
boundary protection anymore and recruiting top-talent
for cyber security remains a core challenge.
Continuous Monitoring / Diagnostics and Mitigation
(CDM) got off to a fast start, but in order for it to
flourish, it must be a priority for the agency from a
budget and resource perspective
84%
of organizations breached
had evidence of the
breach in their log files…
-2015 Verizon Data Breach Investigations Report

5. 30-Day Sprint - Security “Asks” for Fed Agencies
① Protecting Data: Better protect data at rest and in transit
② Improving Situational Awareness: Improve indication and warning
③ Increasing Cybersecurity Proficiency: Ensure a robust capacity to recruit and retain
cybersecurity personnel
④ Increase Awareness: improve overall risk awareness by all users
⑤ Standardizing and Automating Processes: Decrease time needed to manage
configurations and patch vulnerabilities
⑥ Controlling, Containing, and Recovering from Incidents: Contain malware proliferation,
privilege escalation, and lateral movement. Quickly identify and resolve events and
incidents
⑦ Strengthening Systems Lifecycle Security: Increase inherent security of platforms by
buying more secure systems and retiring legacy systems in a timely manner
⑧ Reducing Attack Surfaces: Decrease complexity and number of things defenders need to
protect

6. Built-In, Essential Security Capabilities
USM Platform
ASSET DISCOVERY
• Active Network Scanning
• Passive Network Scanning
• Asset Inventory
• Host-based Software Inventory
VULNERABILITY
ASSESSMENT
• Continuous
Vulnerability Monitoring
• Authenticated /
Unauthenticated Active
Scanning
BEHAVIORAL MONITORING
• Log Collection
• Netflow Analysis
• Service Availability Monitoring
SIEM
• SIEM Event Correlation
• Incident Response
INTRUSION DETECTION
• Network IDS
• Host IDS
• File Integrity Monitoring

7. The ONLY Unified Security Management Solution
AlienVault is the only security vendor that provides the five
essential capabilities in one, pre-integrated solution
Delivers rapid time to visibility and value

8. Open Threat Exchange:
World’s Largest Crowd-sourced IP Reputation Alerting Platform
• Real-time insights on known,
validated malicious IP addresses and
incidents affecting others globally
• AlienVault Labs reacts to the
emerging threat and publishes new
correlation rules to all of our users
• Every AlienVault USM installation
receives the ThreatExchange update
and protects against potential
attacks
OTX facilitates secure collaboration to identify emerging
threats and prevent compromise. Providing the broadest
based Reputation Feed in the world.

9. Coordinated Analysis, Actionable Guidance
AlienVault Labs Threat Intelligence:
Weekly updates that cover all
coordinated rulesets:
Network and host-based IDS
signatures – detects the
latest threats in your
environment
Asset discovery signatures
– identifies the latest OS’es,
applications, and device types
Vulnerability assessment
signatures – dual database
coverage to find the latest
vulnerabilities on all your
systems
Correlation rules – translates
raw events into
actionable remediation tasks
Reporting modules –
provides new ways of viewing
data about your environment
Dynamic incident response
templates – delivers
customized guidance on how
to respond to each alert
Newly supported data
source plug-ins – expands
your monitoring footprint
9

10. AlienVault Solution Architecture – 3 Components
USM Server
• Forensic Console
• Reporting Engine
• Event Correlation
• Vulnerability Management
• Availability Monitoring
• Incident Management
• Policy based Event Filtering
Sensor
• Event Collection/Normalizer
• Threat Detection
• Vulnerability Scanner
• Netflow Protocol Analysis
Logger
• Forensic Event Storage
• Digitally Time-Stamped Raw Logs
• Fully Searchable

11. DEMO

12. 888.613.6023
ALIENVAULT.COM
CONTACT US
HELLO@ALIENVAULT.COM
Now for some Questions..
Questions? Hello@AlienVault.com
Twitter : @alienvault
Test Drive AlienVault USM
Download a Free 30-Day Trial
http://www.alienvault.com/free-trial
Check out our 15-Day Trial of USM for AWS
https://www.alienvault.com/free-trial/usm-for-aws
Try our Interactive Demo Site
http://www.alienvault.com/live-demo-site