The Green Sheet Online Edition
June 11, 2018 • Issue 18:06:01
Unified security management, compliance solution
AlienVault Inc., a global security solutions company with U.S. offices in Austin, Texas, and San Mateo, Calif., launched USM Anywhere, a security management solution designed to improve threat detection, incident response and compliance management across cloud, on-premise and hybrid environments. The unified platform combines continuous threat intelligence with asset discovery, vulnerability management, intrusion detection, behavioral monitoring, security information and event management, and log management, company representatives stated. "In today's chaotic security environment, organizations of all sizes can easily find themselves trapped in a 'threat cycle,' continually adding point solutions to deal with new and emerging threats," stated John Maguire, Vice President of Business Development at AlienVault. "USM Anywhere simplifies the process by combining all of the essential security capabilities you need to gain visibility into your full infrastructure – whether it is on-premises or in the cloud."
Maguire additionally noted that USM Anywhere can be rapidly deployed into cloud and on-site environments. The platform's cloud-based service natively monitors Amazon Web Services (AWS) and Microsoft Azure cloud environments and other cloud applications. Its on-site solutions use lightweight virtual sensors that run on Microsoft Hyper-V and VMware ESXi to monitor virtual private cloud and physical IT infrastructures, he noted.
Single SaaS platform, multiple capabilities
USM Anywhere aggregates multiple protections into a single, simplified software-as-a-service solution. USM Anywhere can be installed in three steps in both cloud and on-premise environments, the company stated. Users can initiate the process by entering a unique sensor authorization code in a dedicated USM Anywhere URL. Once inside the secure user portal, the installation wizard will identify the log sources and network segments to be monitored and begin monitoring for threats and malicious activities. AlienVault representatives said the platform can be configured for any type or size of business. Users can schedule vulnerability scans, search and analyze data and orchestrate security responses and alarms. The cloud-based solution can readily scale with growing IT environments and evolving threat detection needs. Users can add and remove software sensors, cloud services and log management as businesses change. The USM Anywhere subscription model uses tiered pricing based on log consumption levels. Each subscription includes at least one AlienVault USM Anywhere standard sensor, support and maintenance, AlienVault Labs threat intelligence and up to 12 months of cold storage, with the ability to extend storage capacity as needed.
AlienVault noted that the service provides the following capabilities and protections:
- Asset discovery: API-powered asset discovery; network asset discovery; software and services discovery
- Vulnerability assessment: Network vulnerability scanning; cloud vulnerability scanning; cloud infrastructure assessment
- Intrusion detection: Cloud, network, host environment; file integrity monitoring
- Behavioral monitoring: Asset access logs monitoring; cloud access and activity logs (Azure Monitor, AWS: CloudTrail, CloudWatch, S3, ELB); AWS VPC flow monitoring; VMware ESXi access logs
- SIEM and log management: Event correlation; log management and retention; incident response; integrated threat intelligence via the AlienVault Labs Security Team and AlienVault Open Threat Exchange (OTX)
Global network, crowdsourced intelligence
The AlienVault Labs Security Research Team continually updates USM Anywhere based on ongoing research and analysis of various attack vectors, emerging threats, vulnerabilities and exploits, the company said. The team leverages community-sourced threat intelligence from the AlienVault OTX, which aggregates data from more than 65,000 participants and more than 140 countries. AlienVault Labs analyzes raw OTX data from approximately 14 million threat indicators per day. The AlienVault Labs' discovery engine and validation engine bring additional granularity to threat analysis by continually curating the database and certifying results, AlienVault representatives stated.
AlienVault recently added ISO 27001 reporting templates to USM Anywhere, to help organizations prepare for the European Union's General Data Protection Regulation. AlienVault attributes its growth and development to an extended network of channel partners, which includes value-added resellers, systems integrators and merchant service providers. These partners sell and support AlienVault solutions throughout the global marketplace, the company added.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.