Live Product Demo: How to detect brute force attacks and APTs in under 1 hour with AlienVault
•Download as PPTX, PDF•
1 like•1,405 views
Detect Brute Force Attacks & APTs in less than 1 hour with AlienVault. In this session, our SIEM deployment expert will show you how to quickly and easily: *Detect brute force attacks with correlation of both Windows & Linux logs *Detect APTs and zero-day attacks *Expose network scans or worm behavior with firewall log correlation *Identify and prioritize vulnerabilities on affected assets *Customize alerts and reports for PCI, HIPAA and ISO
Recommended
Recommended
More Related Content
More from AlienVault
More from AlienVault (20)
Recently uploaded
Recently uploaded (20)
Live Product Demo: How to detect brute force attacks and APTs in under 1 hour with AlienVault
- 1. “LIVE” PRODUCT DEMO: HOW TO DETECT BRUTE FORCE ATTACKS AND APTS IN UNDER 1 HOUR W ITH ALIE NVAULT ™ Anthony Mack, Systems Engineer Payman Faed, Account Executive
- 2. AGENDA Todays Threat Landscape: Realities & Implications Advanced Persistent Threat • What is it and who is at risk? Threat detection through correlation of NIDS, HIDS and IP Reputation USM at a glance Live Demo of USM • Data collection and correlation from a Network IDS to detect malicious code • Detection of brute force attack leveraging OSSEC HIDS agent
- 3. THREAT LANDSCAPE: OUR NEW REALITY More and more organizations are finding themselves in the crosshairs of various bad actors for a variety of reasons. The number of organizations experiencing high profile breaches is unprecedented ~ SMB increasingly become the target. In 2012 (and we expect this to rise in 2013 and into 2014), 50% of all targeted attacks were aimed at businesses with fewer than 2,500 employees. In fact, the largest growth area for targeted attacks in 2013 was businesses with fewer than 250 employees; 31% of all attacks targeted them.
- 4. THREAT LANDSCAPE: ADVANCED PERSISTENT THREAT APT operates by quietly planting malicious code into an organization’s network to be used for reconnaissance and extraction of valuable information. Average end users are the most common targets for implanting malicious code through various techniques such as: Social engineering Fishing techniques Zero day vulnerabilities
- 5. WHO IS AT RISK: ADVANCED PERSISTENT THREAT Businesses holding a large quantity of personally identifiable information or intellectual property are at high risk of being targeted by advanced persistent threats. Some of the world’s most well known organizations have adopted AlienVault USM to combat this threat.
- 6. THE ALIENVAULT USM SOLUTION: NETWORK INTRUSION DETECTION Network IDS is embedded in our platform, giving you the ability to detect network level attacks including identifying network activity originating from malicious code. Network IDS signatures are updated frequently to keep you on the front lines of advanced detection
- 7. THE ALIENVAULT USM SOLUTION: HOST INTRUSION DETECTION Monitoring your mission critical servers through host IDS agents allow you to detect an APT attempting to spread out and gather sensitive information. File integrity checking Registry key integrity checking Operating system logging Centralized management
- 8. THE ALIENVAULT USM SOLUTION: IP REPUTATION Tracking activity from attackers around the world allows AlienVault USM to alert you when bad actors are accessing your network. Automatically correlates known attackers with detected intrusions and malware activity from both the network and host intrusion detection systems
- 9. Security Asset Discovery Piece it all Intelligence together Look for strange Behavioral activity which could Monitoring indicate a threat • • • • Active Network Scanning Passive Network Scanning Asset Inventory Host-based Software Inventory Vulnerability Assessment Figure out what Asset is valuable Discovery • Network Vulnerability Testing Threat Detection • • • • Network IDS Host IDS Wireless IDS File Integrity Monitoring Behavioral Monitoring Threat Start looking for threats Detection Identify ways the Vulnerability target could be Assessment compromised • Log Collection • Netflow Analysis • Service Availability Monitoring Security Intelligence • SIEM Correlation • Incident Response
- 10. UNIFIED SECURITY MANAGEMENT “Security Intelligence through Integration that we do, NOT you” USM Platform • • Bundled Products - 30 Open-Source Security tools to plug the gaps in your existing controls • • USM Framework - Configure, Manage, & Run Security Tools. Visualize output and run reports USM Extension API - Support for inclusion of any other data source into the USM Framework Open Threat Exchange –Provides threat intelligence for collaborative defense
- 12. VIEW ON DEMAND To watch a recorded version of this webcast on demand. Click Here
Editor's Notes
- \
- Who do we sell toHow to find themHow to engageEmphasis on categories in which we play (e.g. IDS, Vuln Assessment, Asset Discovery...)Quick market/vendor overview of these categories (high level competitive)
- Most organizations look like this… there’s a myriad of security solutions in their environment all promising to deliver greater visibility.
- Most organizations look like this… there’s a myriad of security solutions in their environment all promising to deliver greater visibility.
- Most organizations look like this… there’s a myriad of security solutions in their environment all promising to deliver greater visibility.
- Most organizations look like this… there’s a myriad of security solutions in their environment all promising to deliver greater visibility.
- Most organizations look like this… there’s a myriad of security solutions in their environment all promising to deliver greater visibility.
- Most organizations look like this… there’s a myriad of security solutions in their environment all promising to deliver greater visibility.
- So how do we do this ? We’ve pieced together all of the necessary security tools to feed the correlation engine, provide meaningful data, and manage entire networks from a single-pane-of-glass. -The essential elements of a SIEM are the ability to capture events and pull these into an engine that can parson, normalize, correlate, and log them.-What most folks in the security world will tell you is that in order to have a battle tested security solution – you need to extend the capabilities of that SIEM to take other information than just the logs. And we’ve done just that.-First, we realize folks need to know what assets are on their system to protect. We do that by building in Asset Discovery Tools, where we can automatically populate a database of assets on your network by scanning both passively and actively, identifying hosts and installed software packages.-Once we’ve identified what’s on your networks at all times, we’ve built in the ability to find out where your system might be vulnerable. Vulnerability assessment tools allow us to cross correlate vulnerability information with up to date detection rules to identify the weaknesses that hackers exploit. -On top of that, our built in Threat detection tools are actively searching for breaching attempts. Our aim is to cover all of your bases to include Host based IDS, Network IDS, File Integrity Monitoring and even Wireless IDS. -The 4th piece is behavioral monitoring. Security teams need to track user behavior that will give you the coverage you need for unknown threats – typically exemplified by strange or anomalous network or system behavior – this includes netflow analysis, service availability and of course log collection and analysis for in-depth forensic investigations.-Finally, aggregatiing these security controls altogether for correlation and analysis provides the intelligence you need in order to stay ahead of the bad guys and be pro-active instead of reactive in your security approach.
- In fact, AlienVault offers the only unified security management solution to unify the five essential security capabilities you need for complete security visibility. This translates into rapid time to value – faster and easier audits, targeted remediation, and more seamless incident response.
- As you know, it’s never easy to fight for budget, especially when that budget is shrinking. We hear from many customers who say that they’re looking to achieve more with less – less people, less time, less budget. The respondents in our survey echoed this refrain. Thanks to AlienVault, they’re getting a better handle on their environment, our solution was easy to deploy and more than half agreed that they’re now able to do more with less.