Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Improve threat detection with hids and alien vault usm

1,526 views

Published on

Host-based intrusion dection systems (HIDS) work by monitoring activity that is occurring internally on a host. HIDS look for unusual or nefarious activity by examining logs created by the operating system, looking for changes made to key system files, tracking installed software, and sometimes examining the network connections a host makes. AlienVault USM integrates HIDS with other key security controls to help you get the most out of HIDS, including:

Analyzing system behavior and configuration status to track user access and activity
Detecting system compromise, modification of critical configuration files (e.g. registry settings, /etc/passwd), common rootkits, and rogue processes
Correlating HIDS data with known IP reputation, vulnerability scans and more
Logging and reporting for PCI compliance

Published in: Technology
  • Be the first to comment

Improve threat detection with hids and alien vault usm

  1. 1. MARK ALLEN, KING OF ALL SALES ENGINEERING
  2. 2. Unified Security Management Platform Accelerates and simplifies threat detection and incident response for IT teams with limited resources, on day one AlienVault Labs Threat Intelligence Identifies the most significant threats targeting your network and provides context-specific remediation guidance Open Threat Exchange The world’s first truly open threat intelligence community that enables collaborative defense with actionable, community-powered threat data AlienVault Approach: Unified Security Management
  3. 3. Agenda HIDS capabilities HIDS Agent Architecture AlienVault event correlation AlienVault USM Demo – See it in action • Remote HIDS agent deployment, configuration and management • Behavioral monitoring of servers and workstations • Logging and reporting for PCI compliance • Data correlation with IP reputation data, vulnerability scans and more • Correlating HIDS events to detect attacks
  4. 4. HIDS in AlienVault USM Learning the Basics…
  5. 5. HIDS capabilities Log analysis based intrusion detection File integrity checking Registry keys integrity checking (Windows) Signature based malware/rootkits detection Real-time alerting and active response
  6. 6. HIDS Agent Architecture Agent components: Logcollectord: Read logs (syslog, WMI, flat files) Syscheckd: File integrity checking Rootcheckd: Malware and rootkits detection Agentd: Forwards data to the server Server components: Remoted: Receives data from agents Analysisd: Processes data (main process) Monitord: Monitor agents
  7. 7. AlienVault Event Correlation AlienVault USM correlates events from multiple sources, crossing HIDS alerts with information collected from embedded detectors and external sources.
  8. 8. USM HIDS Management Interface • Status monitor • Events viewer • Agents control manager • Configuration manager • Rules viewer/editor • Logs viewer • Server control manager • Deployment manager • Rules viewer/editor AlienVault USM provides a comprehensive GUI for HIDS agent management:
  9. 9. ASSET DISCOVERY • Active & Passive Network Scanning • Asset Inventory • Host-based Software Inventory VULNERABILITY ASSESSMENT • Continuous Vulnerability Monitoring • Authenticated / Unauthenticated Active Scanning • Remediation Verification BEHAVIORAL MONITORING • Netflow Analysis • Service Availability Monitoring SIEM • Log Management • SIEM Event Correlation • Incident Response • OTX INTRUSION DETECTION • Network IDS • Host IDS • File Integrity Monitoring USM PLATFORM Integrated, Essential Security Controls
  10. 10. Let’s See It In Action
  11. 11. 888.613.6023 ALIENVAULT.COM CONTACT US HELLO@ALIENVAULT.COM Test Drive AlienVault USM Download a Free 30-Day Trial http://www.alienvault.com/free-trial Try our Interactive Demo Site http://www.alienvault.com/live-demo-site Now for some Q&A.. Questions? Hello@AlienVault.com Twitter : @alienvault

×