AlienVault OTX Reputation Monitor

•

4 likes•2,525 views

Don't be the last to know if your website, domains or IPs show up in a blacklist, Pastebin, or third party IP reputation database. Check out this quick overview of AlienVault’s OTX Reputation Monitor Alerts. OTX Reputation Monitor Alert service is a free service to monitor the reputation of your public domains and IPs. You’ll not only receive alerts if one of your assets is potentially compromised or used in attack, you’ll also receive our free monthly threat intelligence alert newsletter. Exactly what you need to be the master of your domain.

Technology Design

BE THE MASTER OF YOUR DOMAIN
Introducing OTX Reputation Monitor Alert – free service
Black Hat 2013

It’s 2AM. Do you know what
your servers are doing?

Source: http://www.vagabumming.com/drunkguypic/

You may not get drunk when managing your servers…

So… How can you become
master of your domain?

Source: http://blog.bufferapp.com/how-to-build-a-great-twitter-reputation-and-get-more-followers-and-retweets

OTX Reputation Monitor Alert – free service
What is AlienVault’s OTX Reputation Monitor Alert?
Leveraging the world’s only open and collaborative IP reputation database,
AlienVault’s OTX Reputation Monitor Alert monitors the reputation of your assets
(public IPs and domains) and emails you notifications whenever there are changes.
What threats does it
uncover?
Malware Infections
Spamming Hosts
Malicious Activity
Potential Breaches
Compromised Websites
Hosts being used
for Botnets
8

9
Where are we monitoring for you?
These events will trigger an alert:
 OTX IP/Domain Match
 Presence in Pastebin/Pastie
 Presence on a DNS Blacklist
 DNS Registration Update – informational only
 SSL Certificate Update – informational only

10
How does the service work?
1. Sign up via our OTX portal.
2. Register your organization’s public
IPs and domains.
3. When there’s a match on one of our
alert types, we’ll email you an alert
with more information and
remediation advice.
4. You’ll also receive our monthly threat
intelligence newsletter.
Registration takes just a few minutes…

12
The Power of the “Crowd” for Threat Detection
 Cyber criminals are using (and
reusing) the same exploits against
others (and you).
 Sharing (and receiving) collaborative
threat intelligence makes us all more
secure.
 Using this data, identify, flag and
block known attackers by source IP
addresses.
 Organizations can’t build this
“neighborhood watch” infrastructure
on their own… that’s where
AlienVault comes in…
12
Source: http://www.cityofhemet.org/images/pages/N294/
Neighborhood%20Watch%20Sign.jpg

Global threat detection for local response

What is Open Threat Exchange (OTX)?
 An open and collaborative initiative for security
professionals to connect with their peers, find free tools
for security monitoring, and learn about the latest threats
and defensive tactics from security researchers.
 Open source threat intelligence projects and services including
OSSIM and OTX Reputation Monitor Alert
 Centralized place for these rich resources:
 OTX Projects
 OTX Blog
 OTX Forums
 OTX Learning Center
14
 8,000+
contributors
 140+ countries

Kramer’s out. But there’s still hope for you.
Source: http://home.swipnet.se/~w-44777/kramer2.jpg

Sign up now!
Several ways to do it:
• Scan the QR code on the card
• Use one of our demo “tables” in
the booth
• OR go to:
www.alienvault.com/blackhat-otx

More from AlienVault

Insider Threat Detection Recommendations

AlienVault

Alienvault threat alerts in spiceworks

AlienVault

Open Source IDS Tools: A Beginner's Guide

AlienVault

Malware detection how to spot infections early with alien vault usm

AlienVault

Security operations center 5 security controls

AlienVault

Payment Card Industry Data Security Standard (PCI DSS) compliance can be both hard and expensive. For most small to medium sized organizations, it doesn’t have to be as long you have the right plan and tools in place. In this guide you’ll learn five steps that you can take to implement and maintain PCI DSS compliance at your organization. AlienVault PCI DSS Compliance: https://www.alienvault.com/solutions/pci-dss-compliance Have a question? Ask it in our forum: http://forums.alienvault.com More videos: http://www.youtube.com/user/alienvaulttv AlienVault Blogs: http://www.alienvault.com/blogs AlienVault: http://www.alienvault.com

PCI DSS Implementation: A Five Step Guide

AlienVault

Host-based intrusion dection systems (HIDS) work by monitoring activity that is occurring internally on a host. HIDS look for unusual or nefarious activity by examining logs created by the operating system, looking for changes made to key system files, tracking installed software, and sometimes examining the network connections a host makes. AlienVault USM integrates HIDS with other key security controls to help you get the most out of HIDS, including: Analyzing system behavior and configuration status to track user access and activity Detecting system compromise, modification of critical configuration files (e.g. registry settings, /etc/passwd), common rootkits, and rogue processes Correlating HIDS data with known IP reputation, vulnerability scans and more Logging and reporting for PCI compliance

Improve threat detection with hids and alien vault usm

AlienVault

Incident Response (IR) teams are designed to detect, investigate and, when necessary, perform remediation in the event of a critical incident. The results of the 2015 SANS Incident Response Survey provides a picture of what IR teams are up against today—the types of attacks they see, what defenses they have in place to detect and respond to these threats, and their perceived effectiveness and obstacles to incident handling. Some key challenges reported by responders to the survey were: 66% cited a skills shortage as being an impediment to effective IR: 54% cited budgetary shortages for tools and technology 45% noted lack of visibility into system or domain events 41% noted a lack of procedural reviews and practice 37% have trouble distinguishing malicious events from nonevents Do these challenges sound familiar? Download the full survey to learn more about how other organizations are approaching incident response, along with best practices and advice. Visit http://ow.ly/R3Cr0

The State of Incident Response - INFOGRAPHIC

AlienVault

So, you've got an alarm - or 400 alarms maybe, now what? Security incident investigations can take many paths leading to incident response, a false positive or something else entirely. Join this webcast to see security experts from AlienVault and Castra Consulting work on real security events (well, real at one point), and perform real investigations, using AlienVault USM as the investigative tool. Process or art form? Yes. You'll learn: Tips for assessing context for the investigation How to spend your time doing the right things How to to classify alarms, rule out false positives and improve tuning The value of documentation for effective incident response and security controls How to speed security incident investigation and response with AlienVault USM

Incident response live demo slides final

AlienVault

Securing your network from threats is a constantly evolving challenge, especially for federal government agencies with much valuable data to protect, and where IT security resources are often limited. AlienVault has helped many government organizations get complete security visbility for effective threat detection and response, without breaking the bank. Join us for a live demo to see how AlienVault USM addresses these key IT security needs: Discover all IP-enabled assets to get an accurate picture of attack surface Identify vulnerabilities like insecure configurations and unpatched software Improve situational awareness with real-time threat detection and alerting Speed incident containment & response with built-in remediation guidance for every alert Investigate anomalies in protocol usage, privilege escalation, host behavior and more Generate fast & accurate reports for compliance & management

Improve Situational Awareness for Federal Government with AlienVault USM

AlienVault

At the heart of SIEM is ability to correlate events from one or many sources into actionable alarms based on your security policies. AlienVault USM provides over 2100 correlation directives developed by the AlienVault Labs team, plus the ability to create your own custom rules. Join us for this customer training session covering how to: Ensure you are using the latest and greatest built-in correlation directives from AlienVault Labs Write your own correlation directives based on events from one or more sources Turn correlation information into actionable alarms Use correlations to enforce your security policies

Improve Security Visibility with AlienVault USM Correlation Directives

AlienVault

With malware accounting for at least 40% of all breaches, knowing how malware works can be an extremely valuable asset in your threat detection cache – especially for the incident responder. According to Verizon’s 2013 Data Breach Investigations Report, “Malware and hacking still rank as the most common [threat] actions”. In general, malware can range from being simple annoyances like pop-up advertising to causing serious damage like stealing passwords and data or infecting other machines on the network. Malware is as old as software itself and although there are new types of malware constantly under development, they generally fall into a few broad categories. Check out this SlideShare to learn how malware works, and what we believe are the most common types of malware you should be prepared for. By learning how malware works and recognizing its different types, you’ll understand: - How they find their way into your network - How attackers control them remotely - How they use your systems for nefarious purposes - And most importantly, the security controls you need to effectively defend against and detect malware infections. (Hint: you need more than antivirus!)

How Malware Works

AlienVault

AlienVault Unified Security Management™ (USM) integrates SIEM/event correlation with built-in tools for intrusion detection, asset discovery, vulnerability assessment and behavioral monitoring to give you a unified, real-time view of threats in your environment. NEW v5.0 (available 4/20) makes it faster and easier than ever to get the insights you need, starting on Day 1. Join us for a live demo to see how new USM v5.0 makes it easier than ever to accomplish these key tasks: Discover all IP-enabled assets on your network Identify vulnerabilities like unpatched software or insecure configurations Detect network scans and malware like botnets, trojans & rootkits Speed incident response with built-in remediation guidance for every alert Generate accurate compliance reports for PCI DSS, HIPAA and more

New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever

AlienVault

With a focus on simplifying asset management, OSSIM v5.0 (available 4/20) makes it faster and easier than ever to get the insights you need. Join us for this user training to learn how to get the most out of these new enhancements: Assign custom labels for assets, groups and networks Search, filter and group assets by OS, IP address, device type, custom labels and more Run vulnerability and asset scans on custom asset groups with one click Filter by asset groups in alarms, security events and raw logs Update configuration, sensor assignment, asset value and more on multiple assets and groups of assets at once ...and more!

New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever

AlienVault

In this SlideShare, we’ll share the AWS Security Best Practices for securing AWS environments, as well as some of the trends our research has shown with regard to attacks on those environments. We'll also introduce the key capabilities needed for a modern threat detection & incident response program customized for AWS, and other AWS Security Best Practices including: -Asset Discovery - creating an inventory of running instances -Vulnerability Assessment - conducting scans to assess exposure to attack, and prioritize risks -Change Management - detect changes in your AWS environment and insecure network access control configurations -S3 & ELB Access Log Monitoring - Monitor access logs of hosted content and data directed at your instance -CloudTrail Monitoring and Alerting - Monitor the CloudTrail service for abnormal behavior -Windows Event Monitoring - Analyze system level behavior to detect advanced threats With more IT environments moving data and applications to AWS, the motivation for hackers to target AWS environments is also increasing. We believe these AWS Security Best Practices will be a valuable addition to every security practitioner’s playbook. We'll finish up with a demo of NEW AlienVault USM for AWS, which delivers all of the above capabilities, plus log management & event correlation to help you detect threats quickly and comply with regulatory requirements.

AWS Security Best Practices for Effective Threat Detection & Response

AlienVault

Host-based IDS systems, or HIDS, work by monitoring activity that is occurring internally on a host. HIDS look for unusual or nefarious activity by examining logs created by the operating system, looking for changes made to key system files, tracking installed software, and sometimes examining the network connections a host makes. AlienVault USM features a complete integration of OSSEC, one of the most popular and effective open source HIDS tools. In this live demo, we'll show you how USM helps you get more out of OSSEC with: Remote agent deployment, configuration and management Behavioral monitoring of OSSEC clients Logging and reporting for PCI compliance Data correlation with IP reputation data, vulnerability scans and more We'll finish up by showing a demo of how OSSEC alert correlation can be used to detect brute force attacks with USM

Improve Threat Detection with OSSEC and AlienVault USM

AlienVault

Because every network environment is different, OSSIM offers flexibile configuration options to adapt to the needs of different environments. Whether you are just getting started with OSSIM, or have been using it for years, thinking through the configuration options availble will help you get the most out of your installation. Join us for this customer training webcast where our OSSIM experts will walk through: How to deploy & configure OSSEC agents Best practices for configuring syslog and enabling plugins Scanning your network for assets and vulnerabilities

Best Practices for Configuring Your OSSIM Installation

AlienVault

The fun with IDS doesn't stop after installation, in fact, that's really where the fun starts. Join our panel of IDS experts for an educational discussion that will help you make sense of your IDS data, starting from Day 1. We will discuss signature manipulation, event output and the three "P's" - policy, procedure and process. We won't stop there either! You will find out the meaning behind the terms all the cool kids are using like "False Positives" and "Baselining". We'll round it out with more information about how IDS interacts with the rest of your IT applications and infrastructure. If you installed an IDS and are wondering what to do next then signup now!

IDS for Security Analysts: How to Get Actionable Insights from your IDS

AlienVault

There's always a need to stop bad stuff from coming in, but it's important to remember that those inside the firewall can pose an even bigger risk to your network security. Whether its unsuspecting users clicking on phishing e-mails, someone running bit torrent in your datacenter, or a truly malicious user out to sabotage the network, insider threats can really keep you up at night. Join us for this technical demo showing how USM can help you detect: Malware infections on end-user machines Insiders misusing network resources Privileged users engaging in suspicious behaviors

Insider Threats: How to Spot Trouble Quickly with AlienVault USM

AlienVault

Over the last several years, we have seen that attackers are innovating much faster than defenders are. This trend is steering many companies to look towards cyber threat intelligence (CTI) to help them navigate today’s threatening landscape. SANS conducted a survey this year to explore who is using cyber threat intelligence and how they are using it. The survey collected responses from 326 IT professionals working in a variety of industries, in all sizes and from many different regions. 69% of the respondents reported implementing CTI to some extent, with only 16% planning not to pursue CTI in their environments. Which side of this percentage do you fall into? The infographic below provides some of the key questions to ask when getting started with threat intelligence, along with data from the SANS survey to show you how others are using threat intelligence.

Alien vault sans cyber threat intelligence

AlienVault

More from AlienVault (20)

Insider Threat Detection Recommendations

Alienvault threat alerts in spiceworks

Open Source IDS Tools: A Beginner's Guide

Malware detection how to spot infections early with alien vault usm

Security operations center 5 security controls

PCI DSS Implementation: A Five Step Guide

Improve threat detection with hids and alien vault usm

The State of Incident Response - INFOGRAPHIC

Incident response live demo slides final

Improve Situational Awareness for Federal Government with AlienVault USM

Improve Security Visibility with AlienVault USM Correlation Directives

How Malware Works

New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever

New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever

AWS Security Best Practices for Effective Threat Detection & Response

Improve Threat Detection with OSSEC and AlienVault USM

Best Practices for Configuring Your OSSIM Installation

IDS for Security Analysts: How to Get Actionable Insights from your IDS

Insider Threats: How to Spot Trouble Quickly with AlienVault USM

Alien vault sans cyber threat intelligence

Recently uploaded

Following the popularity of “Cloud Revolution: Exploring the New Wave of Serverless Spatial Data,” we’re thrilled to announce this much-anticipated encore webinar. In this sequel, we’ll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you’re building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Dubai, known for its towering skyscrapers, luxurious lifestyle, and relentless pursuit of innovation, often finds itself in the global spotlight. However, amidst the glitz and glamour, the emirate faces its own set of challenges, including the occasional threat of flooding. In recent years, Dubai has experienced sporadic but significant floods, disrupting normalcy and posing unique challenges to its infrastructure. Among the critical nodes in this bustling metropolis is the Dubai International Airport, a vital hub connecting the world. This article delves into the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Orbitshub

Accelerating FinTech Innovation: Unleashing API Economy and GenAI Vasa Krishnan, Chief Technology Officer - FinResults Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

apidays

MINDCTI Revenue Release Quarter One 2024

MIND CTI

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Rustici Software

Retrieval augmented generation (RAG) is the most popular style of large language model application to emerge from 2023. The most basic style of RAG works by vectorizing your data and injecting it into a vector database like Milvus for retrieval to augment the text output generated by an LLM. This is just the beginning. One of the ways that we can extend RAG, and extend AI, is through multilingual use cases. Typical RAG is done in English using embedding models that are trained in English. In this talk, we’ll explore how RAG could work in languages other than English. We’ll explore French, Chinese, and Polish.

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Zilliz

Keynote 2: APIs in 2030: The Risk of Technological Sleepwalk Paolo Malinverno, Growth Advisor - The Business of Technology Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

apidays

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

[BuildWithAI] Introduction to Gemini.pdf

Sandro Moreira

Passkeys: Developing APIs to enable passwordless authentication Cody Salas, Sr Developer Advocate | Solutions Architect - Yubico Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

apidays

DBX First Quarter 2024 Investor Presentation

Dropbox

Six Myths about Ontologies: The Basics of Formal Ontology

johnbeverley2021

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

ICT role in 21st century education and its challenges

rafiqahmad00786416

Angeliki Cooney has spent over twenty years at the forefront of the life sciences industry, working out of Wynantskill, NY. She is highly regarded for her dedication to advancing the development and accessibility of innovative treatments for chronic diseases, rare disorders, and cancer. Her professional journey has centered on strategic consulting for biopharmaceutical companies, facilitating digital transformation, enhancing omnichannel engagement, and refining strategic commercial practices. Angeliki's innovative contributions include pioneering several software-as-a-service (SaaS) products for the life sciences sector, earning her three patents. As the Senior Vice President of Life Sciences at Avenga, Angeliki orchestrated the firm's strategic entry into the U.S. market. Avenga, a renowned digital engineering and consulting firm, partners with significant entities in the pharmaceutical and biotechnology fields. Her leadership was instrumental in expanding Avenga's client base and establishing its presence in the competitive U.S. market.

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

Angeliki Cooney

Vector Search -An Introduction in Oracle Database 23ai.pptx

Remote DBA Services

Architecting Cloud Native Applications

WSO2

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

Recently uploaded (20)

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

MINDCTI Revenue Release Quarter One 2024

How to Troubleshoot Apps for the Modern Connected Worker

Corporate and higher education May webinar.pptx

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

[BuildWithAI] Introduction to Gemini.pdf

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

DBX First Quarter 2024 Investor Presentation

Six Myths about Ontologies: The Basics of Formal Ontology

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

ICT role in 21st century education and its challenges

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

Vector Search -An Introduction in Oracle Database 23ai.pptx

Architecting Cloud Native Applications

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

AlienVault OTX Reputation Monitor

1. BE THE MASTER OF YOUR DOMAIN Introducing OTX Reputation Monitor Alert – free service Black Hat 2013

2. It’s 2AM. Do you know what your servers are doing?

4. Source: http://www.vagabumming.com/drunkguypic/

5. You may not get drunk when managing your servers…

6. So… How can you become master of your domain?

7. Source: http://blog.bufferapp.com/how-to-build-a-great-twitter-reputation-and-get-more-followers-and-retweets

8. OTX Reputation Monitor Alert – free service What is AlienVault’s OTX Reputation Monitor Alert? Leveraging the world’s only open and collaborative IP reputation database, AlienVault’s OTX Reputation Monitor Alert monitors the reputation of your assets (public IPs and domains) and emails you notifications whenever there are changes. What threats does it uncover? Malware Infections Spamming Hosts Malicious Activity Potential Breaches Compromised Websites Hosts being used for Botnets 8

9. 9 Where are we monitoring for you? These events will trigger an alert:  OTX IP/Domain Match  Presence in Pastebin/Pastie  Presence on a DNS Blacklist  DNS Registration Update – informational only  SSL Certificate Update – informational only

10. 10 How does the service work? 1. Sign up via our OTX portal. 2. Register your organization’s public IPs and domains. 3. When there’s a match on one of our alert types, we’ll email you an alert with more information and remediation advice. 4. You’ll also receive our monthly threat intelligence newsletter. Registration takes just a few minutes…

11. How does AlienVault do it?

12. 12 The Power of the “Crowd” for Threat Detection  Cyber criminals are using (and reusing) the same exploits against others (and you).  Sharing (and receiving) collaborative threat intelligence makes us all more secure.  Using this data, identify, flag and block known attackers by source IP addresses.  Organizations can’t build this “neighborhood watch” infrastructure on their own… that’s where AlienVault comes in… 12 Source: http://www.cityofhemet.org/images/pages/N294/ Neighborhood%20Watch%20Sign.jpg

13. Global threat detection for local response

14. What is Open Threat Exchange (OTX)?  An open and collaborative initiative for security professionals to connect with their peers, find free tools for security monitoring, and learn about the latest threats and defensive tactics from security researchers.  Open source threat intelligence projects and services including OSSIM and OTX Reputation Monitor Alert  Centralized place for these rich resources:  OTX Projects  OTX Blog  OTX Forums  OTX Learning Center 14  8,000+ contributors  140+ countries

15. Kramer’s out. But there’s still hope for you. Source: http://home.swipnet.se/~w-44777/kramer2.jpg

16. Sign up now! Several ways to do it: • Scan the QR code on the card • Use one of our demo “tables” in the booth • OR go to: www.alienvault.com/blackhat-otx

Editor's Notes

http://www.vagabumming.com/drunkguypic/
http://blog.bufferapp.com/how-to-build-a-great-twitter-reputation-and-get-more-followers-and-retweets
The AlienVault OTX Reputation Monitor enables end users to verify the security (or “reputation”) of their publicly addressable IP range(s). This allows immediate notification of Malware InfestationsSpamming HostsMalicious ActivityPotential BreachesCompromised WebsitesHosts being used for BotnetsRegistered users can instantly check their IP address range(s) and domains against the AlienVault OTX database as soon as they register. Additionally, registered users will receive instant notifications should those IPs ever show up in the future. In addition to instant alert notifications, registered users will also receive monthly threat intelligence reports via email.
Pastebin/Pastie Alerts - we monitor hacker forums such as paste bin/pastie and a few other sites to see if we ever find the domains/IPs posted. These sites are often used to store the output from recon tools and as the destination for data exfiltration. We will provide the specific link to where this information is found within the alert. OTX IP/Domain Match - we immediately and continually look for matches between the IP addresses/domains that the user entered and those in our OTX database. DNS Blacklist – we look for the registered domain names in any public blacklist.DNS Registration Update – we look for changes to the DNS registration information. This can be an indicator of someone hijacking the domain or could be a routine change of the ISP – either way, we alert the user.SSL Certification Update – we look for updates to the SSL certificate. This can be an indicator of someone compromising your website and trying to intercept traffic or could simply be a routine change of the ISP.
This is a very simple four step process, all enabled through a web-based portal designed to be a “one-stop-shop” for all resources available to the AlienVault Community (Forum, Knowledge Base, etc). After registering, users enter the IP addresses owned by their organization, and these are checked against our OTX database as it is updated. If there is an “instant” match, then we provide information on the observed issues, along with some basic remediation suggestions. If there’s no match, we provide verification to the user that their IP addresses and domains are not in our database, but that we will continue to monitor them, and send them immediate notifications if their public IP addresses or domains ever show up in the OTX database. We will also send them monthly threat intelligence emails outside of the context of these alerts.
http://www.cityofhemet.org/images/pages/N294/Neighborhood%20Watch%20Sign.jpg
The industry’s only threat collaboration database with 9,500 contributors in 120+ countries
http://home.swipnet.se/~w-44777/kramer2.jpg

AlienVault OTX Reputation Monitor

Recommended

Recommended

More Related Content

More from AlienVault

More from AlienVault (20)

Recently uploaded

Recently uploaded (20)

AlienVault OTX Reputation Monitor

Editor's Notes