Tom D’Aquino, Systems EngineersJustin S. Endres, Senior Vice President of Sales
“LIVE” PRODUCT DEMO:UNIFIED SECURITY MANAGEMENT IN UNDER 1 HOUR WITH ALIENVAULT ™
AGENDATodays Threat Landscape: Realities & ImplicationsAlienVault Unified Security Management (USM)Threat detection and risk assessment• Prioritizing risk through correlation of Internet reputation, threat severity and asset vulnerability• Risk assessment and vulnerability reports of affected assetsThreat detection through correlation of firewall logs & Windows events• Data collection and correlation from a Cisco ASA firewall to detect a network scan or worm behavior• Detection of brute force attack leveraging OSSEC HIDS agentLog management• A forensic view into stored logs• Tips for quickly browsing through collected logs and how to export those into reportsCompliance Reporting• Mapping controls with collected data to generate quick and accurate compliance reports for PCI DSS, HIPAA, ISO 27002, SOX, GPG 13Questions & Answers as time permits
More and more organizations are finding themselves in the crosshairs of various bad actors for a variety of reasons.
The number of organizations experiencing high profile breaches is unprecedented ~ SMB increasingly become the target.
THREAT LANDSCAPE: OUR NEW REALITY
Despite the
BILLIONSspent every year on IT security
>80% of organizations EXPECT to be breached every year.
~ Gartner 2012
The “security arms race” cannot continue indefinitely as the economics of securing your organization is stacked so heavily in favor of those launching attacks that incremental security investments are seen as impractical.
• Initial Licensing Costs• Implementation / Optimization Costs• Ongoing Management Costs• Renewal Costs • Integration of all the security technologies• Training of personnel/incoming personnel
THREAT LANDSCAPE: THE GROWING GAP
THE PROMISE OF SIEM / LEM
“The cost of a major and persistent system compromise can be substantial. Standalone security tools provide some visibility; SIEM tools do much more”.
Is it delivering on it’s promise?
• 32% of those who have purchased a SIEM would consider replacing their existing SIEM solution for better cost (time/$$) savings.
• 44% of respondents suggest their SIEM lacks integration with other products / Correlation is far too difficult to manage/maintain.
• 58% of those who have invested in LEM solutions are entirely frustrated with the lack of threat detection (security) their LEM platform has provided and is moving to SIEM.
The cost of time from breach to containment remains alarmingly high…poor correlation, lack of integration, & “point solution sprawl”
Organizations (mid-market & enterprise) are demanding solutions that are scalable, cost effective, and manageable.
Enterprises are shifting spend toward consolidated solutions that offer better integration, manageability and economic leverage. (example Unified Threat Management “UTM”)
SIEM/LEM
Cost effective Easily Manageable Highly Integrated Strong Correlation User friendly UI Contextual data…Enter AlienVault’s Unified Security Management “USM”
THREAT LANDSCAPE: THE FAILURE OF SIEM/LEM
Figure out what is valuable
Identify ways the target could be compromised
Start looking for threats
Look for strange activity which could
indicate a threat
Piece it all together
AssetDiscovery
VulnerabilityAssessment
ThreatDetection
BehavioralMonitoring
SecurityIntelligence
Asset Discovery• Active Network Scanning• Passive Network Scanning• Asset Inventory• Host-based Software Inventory
Vulnerability Assessment• Network Vulnerability Testing
Threat Detection• Network IDS• Host IDS• Wireless IDS• File Integrity Monitoring
Behavioral Monitoring• Log Collection• Netflow Analysis• Service Availability Monitoring
Security Intelligence• SIEM Correlation• Incident Response
UNIFIED SECURITY MANAGEMENT
“Security Intelligence through Integration that we do, NOT you”
USM Platform• Bundled Products - 30 Open-Source Security tools to plug
the gaps in your existing controls• USM Framework - Configure, Manage, & Run Security
Tools. Visualize output and run reports
• USM Extension API - Support for inclusion of any other data source into the USM Framework
• Open Threat Exchange –Provides threat intelligence for collaborative defense
A DIFFERENT APPROACH TO SIEM:USM “UNIFIED SECURITY MANAGEMENT”
AlienVault collects data from any source…
www.alienvault.com
30-Day Free Trial(Fully featured)
View the Webinar on-Demand
To view the recorded version of this webinar
Click Here.