Upload
alienvault
View
1.001
Download
0
Embed Size (px)
Citation preview
Unified Security Management PlatformAccelerates and simplifies threat detection and incident response for IT teams with limited resources, on day one
AlienVault Labs Threat IntelligenceIdentifies the most significant threats targeting your
network and provides context-specific remediation guidance
Open Threat Exchange The world’s first truly open threat intelligence
community that enables collaborative defense with actionable, community-powered threat data
AlienVault Approach: Unified Security Management
AgendaHIDS capabilities HIDS Agent ArchitectureAlienVault event correlation
AlienVault USM Demo – See it in action• Remote HIDS agent deployment, configuration and management• Behavioral monitoring of servers and workstations• Logging and reporting for PCI compliance• Data correlation with IP reputation data, vulnerability scans and more• Correlating HIDS events to detect attacks
HIDS capabilities
Log analysis based intrusion detection
File integrity checking
Registry keys integrity checking (Windows)
Signature based malware/rootkits detection
Real-time alerting and active response
HIDS Agent ArchitectureAgent components:
Logcollectord: Read logs (syslog, WMI, flat files)
Syscheckd: File integrity checking
Rootcheckd: Malware and rootkits detection
Agentd: Forwards data to the server
Server components:
Remoted: Receives data from agents
Analysisd: Processes data (main process)
Monitord: Monitor agents
AlienVault Event CorrelationAlienVault USM correlates events from multiple sources, crossing HIDS alerts with information collected from embedded detectors and external sources.
USM HIDS Management Interface
• Status monitor• Events viewer• Agents control manager• Configuration manager• Rules viewer/editor• Logs viewer• Server control manager• Deployment manager• Rules viewer/editor
AlienVault USM provides a comprehensive GUI for HIDS agent management:
ASSET DISCOVERY• Active & Passive Network Scanning• Asset Inventory• Host-based Software Inventory
VULNERABILITY ASSESSMENT• Continuous
Vulnerability Monitoring• Authenticated /
Unauthenticated Active Scanning
• Remediation Verification
BEHAVIORAL MONITORING• Netflow Analysis• Service Availability
Monitoring
SIEM• Log Management• SIEM Event Correlation• Incident Response• OTX
INTRUSION DETECTION• Network IDS• Host IDS• File Integrity Monitoring
USM PLATFORM
Integrated, Essential Security Controls
888.613.6023
ALIENVAULT.COM
CONTACT US
Test Drive AlienVault USMDownload a Free 30-Day Trial
http://www.alienvault.com/free-trialTry our Interactive Demo Site
http://www.alienvault.com/live-demo-site
Now for some Q&A..
Questions? [email protected] : @alienvault