Downloaded 69 times
Uploaded byAlienVault
Improve threat detection with hids and alien vault usm
The document outlines the features and capabilities of AlienVault's Unified Security Management (USM) platform, designed for efficient threat detection and incident response for IT teams. It highlights the integration of threat intelligence, compliance, and various security monitoring and event correlation functionalities. Additionally, it offers insights into the hosting and operational architecture of the system, including its components and management interface.
More Related Content
Similar to Improve threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usm
- 1. MARK ALLEN, KINGOF ALL SALES ENGINEERING
- 2. Unified Security ManagementPlatform Accelerates and simplifies threat detection and incident response for IT teams with limited resources, on day one AlienVault Labs Threat Intelligence Identifies the most significant threats targeting your network and provides context-specific remediation guidance Open Threat Exchange The world’s first truly open threat intelligence community that enables collaborative defense with actionable, community-powered threat data AlienVault Approach: Unified Security Management
- 3. Agenda HIDS capabilities HIDS AgentArchitecture AlienVault event correlation AlienVault USM Demo – See it in action • Remote HIDS agent deployment, configuration and management • Behavioral monitoring of servers and workstations • Logging and reporting for PCI compliance • Data correlation with IP reputation data, vulnerability scans and more • Correlating HIDS events to detect attacks
- 4. HIDS in AlienVaultUSM Learning the Basics…
- 5. HIDS capabilities Log analysisbased intrusion detection File integrity checking Registry keys integrity checking (Windows) Signature based malware/rootkits detection Real-time alerting and active response
- 6. HIDS Agent Architecture Agentcomponents: Logcollectord: Read logs (syslog, WMI, flat files) Syscheckd: File integrity checking Rootcheckd: Malware and rootkits detection Agentd: Forwards data to the server Server components: Remoted: Receives data from agents Analysisd: Processes data (main process) Monitord: Monitor agents
- 7. AlienVault Event Correlation AlienVaultUSM correlates events from multiple sources, crossing HIDS alerts with information collected from embedded detectors and external sources.
- 8. USM HIDS ManagementInterface • Status monitor • Events viewer • Agents control manager • Configuration manager • Rules viewer/editor • Logs viewer • Server control manager • Deployment manager • Rules viewer/editor AlienVault USM provides a comprehensive GUI for HIDS agent management:
- 9. ASSET DISCOVERY • Active& Passive Network Scanning • Asset Inventory • Host-based Software Inventory VULNERABILITY ASSESSMENT • Continuous Vulnerability Monitoring • Authenticated / Unauthenticated Active Scanning • Remediation Verification BEHAVIORAL MONITORING • Netflow Analysis • Service Availability Monitoring SIEM • Log Management • SIEM Event Correlation • Incident Response • OTX INTRUSION DETECTION • Network IDS • Host IDS • File Integrity Monitoring USM PLATFORM Integrated, Essential Security Controls
- 10. Let’s See ItIn Action
- 11. 888.613.6023 ALIENVAULT.COM CONTACT US HELLO@ALIENVAULT.COM Test DriveAlienVault USM Download a Free 30-Day Trial http://www.alienvault.com/free-trial Try our Interactive Demo Site http://www.alienvault.com/live-demo-site Now for some Q&A.. Questions? Hello@AlienVault.com Twitter : @alienvault
Editor's Notes
- #3 Predictability of USM platform and security data: Ownership of the built-in data sources and management platform, coupled with unmatched security expertise delivered by the AlienVault Labs team of security experts, provides effective security controls and seamlessly integrated threat intelligence for any environment AlienVault Labs threat research team spends countless hours mapping out the different types of attacks, the latest threats, suspicious behavior, vulnerabilities and exploits they uncover across the entire threat landscape. They leverage the power of OTX, the world’s largest crowd-sourced repository of threat data to provide global insight into attack trends and bad actors. This eliminates the need for IT teams to conduct their own research on each threat. They provide Specific, Relevant, and Actionable Threat Intelligence– such as, Over 2,000 predefined correlation directives, eliminating the need for customers to create their own, which is one of the primary sources of frustration with other SIEM products. Besides correlation directives, the AlienVault Labs Threat Intelligence regularly publishes threat intelligence updates to the USM platform in the form of IDS signatures, vulnerability audits, asset discovery signatures, IP reputation data, data source plugins, and report templates.