About AlienVault
Founded in 2007 and headquartered in San Mateo, CA with offices in:
• Madrid, Spain (Sales & Support)• Austin, Texas (Dev, Engineering, Sales & Support)• Cork, Ireland (Sales & Support)
Over 14,500 active implementationsOver 1,900 customersOnly company to be named “Visionary” in the Gartner Magic Quadrant in 2013 and 2014Backed by Premier Investors including GGV Capital, KPCB, Trident Capital, and Intel Capital
• Closed on Series D funding in December 2013
Agenda
Threat LandscapeOMB / OPM Government-wide 30-Day Sprint 5 Essential Security Capabilities for Unified ControlsAlienVault Open Threat Exchange – What is it and how do Federal users benefit?Solution Architecture Demonstration – Victor ObandoQ&A
Threat Landscape - Our New Reality
The Public Sector experienced nearly 50 times more cyber incidents than any other industry in 2014 and it’s not slowing down into 2015.
Federal CIO’s cannot simply rely on traditional boundary protection anymore and recruiting top-talent for cyber security remains a core challenge.
Continuous Monitoring / Diagnostics and Mitigation (CDM) got off to a fast start, but in order for it to flourish, it must be a priority for the agency from a budget and resource perspective
84% of organizations breached
had evidence of the breach in their log files…
-2015 Verizon Data Breach Investigations Report
30-Day Sprint - Security “Asks” for Fed Agencies
① Protecting Data: Better protect data at rest and in transit② Improving Situational Awareness: Improve indication and warning③ Increasing Cybersecurity Proficiency: Ensure a robust capacity to recruit and retain
cybersecurity personnel④ Increase Awareness: improve overall risk awareness by all users⑤ Standardizing and Automating Processes: Decrease time needed to manage
configurations and patch vulnerabilities⑥ Controlling, Containing, and Recovering from Incidents: Contain malware
proliferation, privilege escalation, and lateral movement. Quickly identify and resolve events and incidents
⑦ Strengthening Systems Lifecycle Security: Increase inherent security of platforms by buying more secure systems and retiring legacy systems in a timely manner
⑧ Reducing Attack Surfaces: Decrease complexity and number of things defenders need to protect
Built-In, Essential Security Capabilities
USM Platform
ASSET DISCOVERY•Active Network Scanning•Passive Network Scanning•Asset Inventory•Host-based Software Inventory
VULNERABILITY ASSESSMENT• Continuous
Vulnerability Monitoring• Authenticated /
Unauthenticated Active Scanning
BEHAVIORAL MONITORING• Log Collection• Netflow Analysis• Service Availability
Monitoring
SIEM• SIEM Event Correlation• Incident Response
INTRUSION DETECTION•Network IDS•Host IDS•File Integrity Monitoring
The ONLY Unified Security Management Solution
AlienVault is the only security vendor that provides the five essential capabilities in one, pre-integrated
solution
Delivers rapid time to visibility and value
Open Threat Exchange: World’s Largest Crowd-sourced IP Reputation Alerting Platform
• Real-time insights on known, validated malicious IP addresses and incidents affecting others globally
• AlienVault Labs reacts to the emerging threat and publishes new correlation rules to all of our users
• Every AlienVault USM installation receives the ThreatExchange update and protects against potential attacks
OTX facilitates secure collaboration to identify emerging threats and prevent compromise. Providing the broadest based Reputation Feed in the world.
Coordinated Analysis, Actionable Guidance
AlienVault Labs Threat Intelligence:
Weekly updates that cover all coordinated rulesets:
Network and host-based IDS signatures – detects the latest threats in your environment
Asset discovery signatures – identifies the latest OS’es, applications, and device types
Vulnerability assessment signatures – dual database coverage to find the latest vulnerabilities on all your systems
Correlation rules – translates raw events into actionable remediation tasks
Reporting modules – provides new ways of viewing data about your environment
Dynamic incident response templates – delivers customized guidance on how to respond to each alert
Newly supported data source plug-ins – expands your monitoring footprint
9
AlienVault Solution Architecture – 3 Components
USM Server• Forensic Console• Reporting Engine• Event Correlation • Vulnerability Management• Availability Monitoring• Incident Management• Policy based Event Filtering
Sensor• Event Collection/Normalizer• Threat Detection• Vulnerability Scanner• Netflow Protocol Analysis
Logger• Forensic Event Storage• Digitally Time-Stamped Raw Logs• Fully Searchable
DEMO
888.613.6023
ALIENVAULT.COM
CONTACT US
Now for some Questions..
Questions? [email protected] : @alienvault
Test Drive AlienVault USM Download a Free 30-Day Trialhttp://www.alienvault.com/free-trial
Check out our 15-Day Trial of USM for AWShttps://www.alienvault.com/free-trial/usm-for-aws
Try our Interactive Demo Sitehttp://www.alienvault.com/live-demo-site