Integrated Tools in AlienVault Unified Security Management Platform

26,781 views

Published on

Today more than 30 open-source security tools are built into this framework, making AlienVault the fastest way to start and the easiest way to manage a comprehensive security program.

Published in: Technology
0 Comments
11 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
26,781
On SlideShare
0
From Embeds
0
Number of Embeds
23
Actions
Shares
0
Downloads
225
Comments
0
Likes
11
Embeds 0
No embeds

No notes for slide
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Integrated Tools in AlienVault Unified Security Management Platform

    1. 1. TAKE YOUR OPEN SOURCE SECURITY STRATEGY TO THE NEXT LEVEL The power of open source from a single, unified console WWW.ALIENVAULT.COM/
    2. 2. The World’s Most Widely Used SIEM MEET OSSIM OSSIM is trusted by 195,000+ security professionals in 175 countries…and counting Established and launched by security engineers out of necessity Users enjoy all of the features of a traditional SIEM – and more
    3. 3. EXAMPLE OF HOW THE TOOLS WORK TOGETHER
    4. 4. Tools Classification HOW IT WORKS TOOLS integrated with AlienVault OSSIM are classified by behavior of the tool with the network Active: they generate traffic in network being monitored Passive: they analyze network traffic without generating any traffic Passive tools require port mirroring (SPAN) configured in network equipment or virtual machines to analyze traffic
    5. 5. ASSET DISCOVERY
    6. 6. Detecting Network Assets in AlienVault OSSIM PRADS What is it? Signature-based detection engine used to passively detect network assets OSSIM allows for distributed PrADS monitoring, to help simplify: Inventory management Version changes on services Policy violations Inventory correlation Passive Tool Passive.sourceforge.net
    7. 7. Identifying Network Hosts & Services in AlienVault OSSIM NMAP (NETWORK MAPPER) What is it? Security scanner to discover hosts & services on network Product includes interface for scheduling NMAP scans & inventory system to manage results The OSSIM user interface makes it easy to schedule NMAP scans and manage results. Quickly find: network assets, open ports, service versions, operating systems and product versions Active Tool nmap.org
    8. 8. Inventorying IT Assets in AlienVault OSSIM OCS INVENTORY NG What is it? Lightweight agent; provides full enumeration on installed software Collects information about hardware running OCS agent OSSIM simplifies OCS inventory installation and management of: Hardware and software inventory Vulnerabilities Information on policy violations Active Tool ocsinventory.ng.org
    9. 9. VULNERABILITY ASSESSMENT
    10. 10. Vulnerability Assessment in AlienVault OSSIM OPENVAS What is it? Provides both authenticated and unauthenticated vulnerability detection Actively scans network for known vulnerabilities per your specifications Daily feed of network vulnerability tests (over 33,000) Allows for scanning aggressiveness fine-tuning OSSIM gives users the ability to schedule OpenVAS scans and reporting in concert with vulnerability information. Active Tool openvas.org
    11. 11. Web Vulnerability Scanning in AlienVault OSSIM NIKTO What is it? Performs comprehensive tests against web servers NIKTO in OSSIM scans web servers for problems including: Server and software misconfigurations Default files and programs Insecure files and programs Outdated software Active Tool cirt.net/nikto2
    12. 12. THREAT DETECTION
    13. 13. Host-based Intrusion Detection in AlienVault OSSIM OSSEC What is it? Host-based intrusion detection system How it works? OSSIM provides a web interface for OSSEC to simplify management of distributed deployments AlienVault Sensor collects events from OSSEC server OSSIM can use Windows, UNIX and application logs, as well as registry and file integrity monitoring information Active Tool ossec.org
    14. 14. Network Intrusion Detection in AlienVault OSSIM SNORT What is it? Default IDS in virtual appliance Generates security events for SIEM when analyzing network traffic Combines signature, protocol and anomaly-based inspection OSSIM makes it easy to manage distributed SNORT installations. Manage IDS rules to monitor for malware signatures and policy violations (p2P, unauthorized IM, games, etc.) Passive Tool snort.org
    15. 15. Intrusion Detection & Prevention in AlienVault OSSIM SURICATA What is it? Intrusion detection and intrusion prevention, based on threat signatures Same IDS signatures as SNORT Advanced processing of HTTP signatures Multi-threaded processing OSSIM makes it easy to manage distributed Suricata installations and manage IDS rules. Passive Tool Suricata.ids.org
    16. 16. Wireless Intrusion Detection System in AlienVault OSSIM KISMET What is it? OSSIM uses the Kismet package for wireless IDS Works with any wireless card supporting raw monitoring (rfmon) mode With appropriate hardware, like Raspberry Pi, can sniff 802.11b, 802.11a, 802.11g & 802.11n traffic OSSIM provides an interface for easy distributed deployments of Kismet. WIFI network security monitoring Rogue Apps detection PCI compliance help Passive Tool kismetwireless.org
    17. 17. SECURITY INFORMATION & EVENT MANAGEMENT
    18. 18. Security Event & Information Management ALIENVAULT OSSIM OSSIM, the open source SIEM, is the most widely used SIEM in the world. What can you do with it? Event collection, normalization and correlation Leverage suite of pre- integrated, best of breed security tools for incident response Passive Tool www.alienvault.com/open-threat-exchange/projects
    19. 19. BEHAVIORAL ANALYSIS
    20. 20. System & Network Monitoring in AlienVault OSSIM NAGIOS What is it? Watches hosts & services and provides alerts Configurable checking of assets Can do checks with agent or remotely, without agent Wide variety of plugins for monitoring apps and devices available OSSIM provides web interface for Nagios, making distributed installations easy with: Ongoing availability monitoring Availability monitoring during logical correlation (by request) Visibility whether service ports are open or closed Active Tool nagios.org
    21. 21. Network Traffic Capture in AlienVault OSSIM TCPDUMP What is it? TCPDUMP is a command-line packet analyzer and libpcap It is also a portable C/C++ library What does it do? Watches hosts and services and provides alerts Configurable checking of assets Can do checks with agent or remotely, without agent Wide variety of plugins for monitoring apps and devices available Active Tool tcpdump.org
    22. 22. Generating Netflow Data in AlienVault OSSIM FPROBE What is it? Collects network traffic data and distributes it as netflow flows towards the specified collector Libpcap-based tool OSSIM provides an integrated console where you can view netflow information, from FPROBE, to assist with incident response Passive Tool fprobe.sourceforge.net/
    23. 23. Netflow Collector in AlienVault OSSIM NFDUMP What is it? Read netflow data from the files stored by NFCAPD NFSUMP syntax is similar to TCPDUMP OSSIM makes it easy to quickly implement NFDUMP for netflow analysis Provides netflow data Creates customizable, top N statistics of flows, IP addresses, ports etc. Saves time by eliminating need for “How To” tutorial Passive Tool Nfdump.sourceforge.net
    24. 24. Collecting IP Traffic in AlienVault OSSIM NFSEN What is it? Web based front end for NFDUMP NFSEN is a network protocol developed by Cisco to run on iOS-enabled equipment and collect IP traffic information It is supported by other platforms, such as Juniper, Linux, FreeBSD and OpenBSD OSSIM aggregates NFSEN data and allows you to: Display netflow data Process netflow data within specific time frame Create historic and continuous profiles Passive nfsen.sourceforge.net
    25. 25. Network Use Monitoring in AlienVault OSSIM NTOP What is it? Network probe providing real-time & historical network usage Uses RRD Aberrant Behavior algorithm to draw predictions of future behavior **If prediction differs from real traffic, an event is generated in OSSIM In OSSIM, NTOP provides: Network usage statistics Asset information Time & activity matrices Real-time session monitoring And network abuse information Passive Tool ntop.org
    26. 26. Play, share, enjoy! START USING OSSIM TODAY Download OSSIM Join AlienVault OTX Learn more about our commercial offering Try AlienVault USM, free for 30 days Join us for a LIVE Demo!

    ×