Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
TAKE YOUR OPEN SOURCE SECURITY
STRATEGY TO THE NEXT LEVEL
The power of open source from a single, unified console
WWW.ALIE...
The World’s Most Widely Used SIEM
MEET OSSIM
OSSIM is trusted by 195,000+ security professionals in 175 countries…and coun...
EXAMPLE OF HOW THE TOOLS WORK TOGETHER
Tools Classification
HOW IT WORKS
TOOLS integrated with AlienVault OSSIM are classified by behavior of
the tool with the n...
ASSET DISCOVERY
Detecting Network Assets in AlienVault OSSIM
PRADS
What is it?
Signature-based detection engine used to passively detect n...
Identifying Network Hosts & Services in AlienVault OSSIM
NMAP (NETWORK MAPPER)
What is it?
Security scanner to discover ho...
Inventorying IT Assets in AlienVault OSSIM
OCS INVENTORY NG
What is it?
Lightweight agent; provides full enumeration on in...
VULNERABILITY
ASSESSMENT
Vulnerability Assessment in AlienVault OSSIM
OPENVAS
What is it?
Provides both authenticated and unauthenticated vulnerabi...
Web Vulnerability Scanning in AlienVault OSSIM
NIKTO
What is it?
Performs comprehensive tests against web servers
NIKTO in...
THREAT DETECTION
Host-based Intrusion Detection in AlienVault OSSIM
OSSEC
What is it?
Host-based intrusion detection system
How it works?
O...
Network Intrusion Detection in AlienVault OSSIM
SNORT
What is it?
Default IDS in virtual appliance
Generates security even...
Intrusion Detection & Prevention in AlienVault OSSIM
SURICATA
What is it?
Intrusion detection and intrusion prevention, ba...
Wireless Intrusion Detection System in AlienVault OSSIM
KISMET
What is it?
OSSIM uses the Kismet package for wireless IDS
...
SECURITY INFORMATION &
EVENT MANAGEMENT
Security Event & Information Management
ALIENVAULT OSSIM
OSSIM, the open source SIEM, is the most
widely used SIEM in the ...
BEHAVIORAL ANALYSIS
System & Network Monitoring in AlienVault OSSIM
NAGIOS
What is it?
Watches hosts & services and provides alerts
Configurab...
Network Traffic Capture in AlienVault OSSIM
TCPDUMP
What is it?
TCPDUMP is a command-line packet analyzer and libpcap
It i...
Generating Netflow Data in AlienVault OSSIM
FPROBE
What is it?
Collects network traffic data and distributes it as netflow...
Netflow Collector in AlienVault OSSIM
NFDUMP
What is it?
Read netflow data from the files stored by NFCAPD
NFSUMP syntax i...
Collecting IP Traffic in AlienVault OSSIM
NFSEN
What is it?
Web based front end for NFDUMP
NFSEN is a network protocol dev...
Network Use Monitoring in AlienVault OSSIM
NTOP
What is it?
Network probe providing real-time & historical network usage
U...
Play, share, enjoy!
START USING OSSIM TODAY
Download OSSIM
Join AlienVault OTX
Learn more about our commercial offering
Tr...
Integrated Tools in AlienVault Unified Security Management Platform
Upcoming SlideShare
Loading in …5
×
Upcoming SlideShare
What to Upload to SlideShare
Next
Download to read offline and view in fullscreen.

11

Share

Download to read offline

Integrated Tools in AlienVault Unified Security Management Platform

Download to read offline

Today more than 30 open-source security tools are built into this framework, making AlienVault the fastest way to start and the easiest way to manage a comprehensive security program.

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

Integrated Tools in AlienVault Unified Security Management Platform

  1. 1. TAKE YOUR OPEN SOURCE SECURITY STRATEGY TO THE NEXT LEVEL The power of open source from a single, unified console WWW.ALIENVAULT.COM/
  2. 2. The World’s Most Widely Used SIEM MEET OSSIM OSSIM is trusted by 195,000+ security professionals in 175 countries…and counting Established and launched by security engineers out of necessity Users enjoy all of the features of a traditional SIEM – and more
  3. 3. EXAMPLE OF HOW THE TOOLS WORK TOGETHER
  4. 4. Tools Classification HOW IT WORKS TOOLS integrated with AlienVault OSSIM are classified by behavior of the tool with the network Active: they generate traffic in network being monitored Passive: they analyze network traffic without generating any traffic Passive tools require port mirroring (SPAN) configured in network equipment or virtual machines to analyze traffic
  5. 5. ASSET DISCOVERY
  6. 6. Detecting Network Assets in AlienVault OSSIM PRADS What is it? Signature-based detection engine used to passively detect network assets OSSIM allows for distributed PrADS monitoring, to help simplify: Inventory management Version changes on services Policy violations Inventory correlation Passive Tool Passive.sourceforge.net
  7. 7. Identifying Network Hosts & Services in AlienVault OSSIM NMAP (NETWORK MAPPER) What is it? Security scanner to discover hosts & services on network Product includes interface for scheduling NMAP scans & inventory system to manage results The OSSIM user interface makes it easy to schedule NMAP scans and manage results. Quickly find: network assets, open ports, service versions, operating systems and product versions Active Tool nmap.org
  8. 8. Inventorying IT Assets in AlienVault OSSIM OCS INVENTORY NG What is it? Lightweight agent; provides full enumeration on installed software Collects information about hardware running OCS agent OSSIM simplifies OCS inventory installation and management of: Hardware and software inventory Vulnerabilities Information on policy violations Active Tool ocsinventory.ng.org
  9. 9. VULNERABILITY ASSESSMENT
  10. 10. Vulnerability Assessment in AlienVault OSSIM OPENVAS What is it? Provides both authenticated and unauthenticated vulnerability detection Actively scans network for known vulnerabilities per your specifications Daily feed of network vulnerability tests (over 33,000) Allows for scanning aggressiveness fine-tuning OSSIM gives users the ability to schedule OpenVAS scans and reporting in concert with vulnerability information. Active Tool openvas.org
  11. 11. Web Vulnerability Scanning in AlienVault OSSIM NIKTO What is it? Performs comprehensive tests against web servers NIKTO in OSSIM scans web servers for problems including: Server and software misconfigurations Default files and programs Insecure files and programs Outdated software Active Tool cirt.net/nikto2
  12. 12. THREAT DETECTION
  13. 13. Host-based Intrusion Detection in AlienVault OSSIM OSSEC What is it? Host-based intrusion detection system How it works? OSSIM provides a web interface for OSSEC to simplify management of distributed deployments AlienVault Sensor collects events from OSSEC server OSSIM can use Windows, UNIX and application logs, as well as registry and file integrity monitoring information Active Tool ossec.org
  14. 14. Network Intrusion Detection in AlienVault OSSIM SNORT What is it? Default IDS in virtual appliance Generates security events for SIEM when analyzing network traffic Combines signature, protocol and anomaly-based inspection OSSIM makes it easy to manage distributed SNORT installations. Manage IDS rules to monitor for malware signatures and policy violations (p2P, unauthorized IM, games, etc.) Passive Tool snort.org
  15. 15. Intrusion Detection & Prevention in AlienVault OSSIM SURICATA What is it? Intrusion detection and intrusion prevention, based on threat signatures Same IDS signatures as SNORT Advanced processing of HTTP signatures Multi-threaded processing OSSIM makes it easy to manage distributed Suricata installations and manage IDS rules. Passive Tool Suricata.ids.org
  16. 16. Wireless Intrusion Detection System in AlienVault OSSIM KISMET What is it? OSSIM uses the Kismet package for wireless IDS Works with any wireless card supporting raw monitoring (rfmon) mode With appropriate hardware, like Raspberry Pi, can sniff 802.11b, 802.11a, 802.11g & 802.11n traffic OSSIM provides an interface for easy distributed deployments of Kismet. WIFI network security monitoring Rogue Apps detection PCI compliance help Passive Tool kismetwireless.org
  17. 17. SECURITY INFORMATION & EVENT MANAGEMENT
  18. 18. Security Event & Information Management ALIENVAULT OSSIM OSSIM, the open source SIEM, is the most widely used SIEM in the world. What can you do with it? Event collection, normalization and correlation Leverage suite of pre- integrated, best of breed security tools for incident response Passive Tool www.alienvault.com/open-threat-exchange/projects
  19. 19. BEHAVIORAL ANALYSIS
  20. 20. System & Network Monitoring in AlienVault OSSIM NAGIOS What is it? Watches hosts & services and provides alerts Configurable checking of assets Can do checks with agent or remotely, without agent Wide variety of plugins for monitoring apps and devices available OSSIM provides web interface for Nagios, making distributed installations easy with: Ongoing availability monitoring Availability monitoring during logical correlation (by request) Visibility whether service ports are open or closed Active Tool nagios.org
  21. 21. Network Traffic Capture in AlienVault OSSIM TCPDUMP What is it? TCPDUMP is a command-line packet analyzer and libpcap It is also a portable C/C++ library What does it do? Watches hosts and services and provides alerts Configurable checking of assets Can do checks with agent or remotely, without agent Wide variety of plugins for monitoring apps and devices available Active Tool tcpdump.org
  22. 22. Generating Netflow Data in AlienVault OSSIM FPROBE What is it? Collects network traffic data and distributes it as netflow flows towards the specified collector Libpcap-based tool OSSIM provides an integrated console where you can view netflow information, from FPROBE, to assist with incident response Passive Tool fprobe.sourceforge.net/
  23. 23. Netflow Collector in AlienVault OSSIM NFDUMP What is it? Read netflow data from the files stored by NFCAPD NFSUMP syntax is similar to TCPDUMP OSSIM makes it easy to quickly implement NFDUMP for netflow analysis Provides netflow data Creates customizable, top N statistics of flows, IP addresses, ports etc. Saves time by eliminating need for “How To” tutorial Passive Tool Nfdump.sourceforge.net
  24. 24. Collecting IP Traffic in AlienVault OSSIM NFSEN What is it? Web based front end for NFDUMP NFSEN is a network protocol developed by Cisco to run on iOS-enabled equipment and collect IP traffic information It is supported by other platforms, such as Juniper, Linux, FreeBSD and OpenBSD OSSIM aggregates NFSEN data and allows you to: Display netflow data Process netflow data within specific time frame Create historic and continuous profiles Passive nfsen.sourceforge.net
  25. 25. Network Use Monitoring in AlienVault OSSIM NTOP What is it? Network probe providing real-time & historical network usage Uses RRD Aberrant Behavior algorithm to draw predictions of future behavior **If prediction differs from real traffic, an event is generated in OSSIM In OSSIM, NTOP provides: Network usage statistics Asset information Time & activity matrices Real-time session monitoring And network abuse information Passive Tool ntop.org
  26. 26. Play, share, enjoy! START USING OSSIM TODAY Download OSSIM Join AlienVault OTX Learn more about our commercial offering Try AlienVault USM, free for 30 days Join us for a LIVE Demo!
  • ssuser8f79e3

    Jan. 29, 2016
  • quangchinh

    Oct. 2, 2015
  • KateBrew1

    Jan. 21, 2014
  • mahzad67

    Jan. 18, 2014
  • bu3ny

    Apr. 20, 2013
  • tuaninfo

    Mar. 28, 2013
  • lucacanc

    Nov. 5, 2012
  • mehdihamzehlou

    Sep. 7, 2012
  • LucioRusso

    Feb. 27, 2012
  • dotanp

    Oct. 16, 2011
  • lionzl

    Oct. 12, 2011

Today more than 30 open-source security tools are built into this framework, making AlienVault the fastest way to start and the easiest way to manage a comprehensive security program.

Views

Total views

29,287

On Slideshare

0

From embeds

0

Number of embeds

23

Actions

Downloads

312

Shares

0

Comments

0

Likes

11

×