SlideShare una empresa de Scribd logo

Integrated Tools in AlienVault Unified Security Management Platform

Descargar como PPTX, PDF
AlienVault
AlienVault

Today more than 30 open-source security tools are built into this framework, making AlienVault the fastest way to start and the easiest way to manage a comprehensive security program.

Tecnología
1 de 27
TAKE YOUR OPEN SOURCE SECURITY STRATEGY TO THE NEXT LEVEL The power of open source from a single, unified console WWW.ALIENVAULT.COM/
The World’s Most Widely Used SIEM MEET OSSIM OSSIM is trusted by 195,000+ security professionals in 175 countries…and counting Established and launched by security engineers out of necessity Users enjoy all of the features of a traditional SIEM – and more
EXAMPLE OF HOW THE TOOLS WORK TOGETHER
Tools Classification HOW IT WORKS TOOLS integrated with AlienVault OSSIM are classified by behavior of the tool with the network Active: they generate traffic in network being monitored Passive: they analyze network traffic without generating any traffic Passive tools require port mirroring (SPAN) configured in network equipment or virtual machines to analyze traffic
ASSET DISCOVERY
Detecting Network Assets in AlienVault OSSIM PRADS What is it? Signature-based detection engine used to passively detect network assets OSSIM allows for distributed PrADS monitoring, to help simplify: Inventory management Version changes on services Policy violations Inventory correlation Passive Tool Passive.sourceforge.net
Identifying Network Hosts & Services in AlienVault OSSIM NMAP (NETWORK MAPPER) What is it? Security scanner to discover hosts & services on network Product includes interface for scheduling NMAP scans & inventory system to manage results The OSSIM user interface makes it easy to schedule NMAP scans and manage results. Quickly find: network assets, open ports, service versions, operating systems and product versions Active Tool nmap.org
Inventorying IT Assets in AlienVault OSSIM OCS INVENTORY NG What is it? Lightweight agent; provides full enumeration on installed software Collects information about hardware running OCS agent OSSIM simplifies OCS inventory installation and management of: Hardware and software inventory Vulnerabilities Information on policy violations Active Tool ocsinventory.ng.org
VULNERABILITY ASSESSMENT
Vulnerability Assessment in AlienVault OSSIM OPENVAS What is it? Provides both authenticated and unauthenticated vulnerability detection Actively scans network for known vulnerabilities per your specifications Daily feed of network vulnerability tests (over 33,000) Allows for scanning aggressiveness fine-tuning OSSIM gives users the ability to schedule OpenVAS scans and reporting in concert with vulnerability information. Active Tool openvas.org
Web Vulnerability Scanning in AlienVault OSSIM NIKTO What is it? Performs comprehensive tests against web servers NIKTO in OSSIM scans web servers for problems including: Server and software misconfigurations Default files and programs Insecure files and programs Outdated software Active Tool cirt.net/nikto2
THREAT DETECTION
Host-based Intrusion Detection in AlienVault OSSIM OSSEC What is it? Host-based intrusion detection system How it works? OSSIM provides a web interface for OSSEC to simplify management of distributed deployments AlienVault Sensor collects events from OSSEC server OSSIM can use Windows, UNIX and application logs, as well as registry and file integrity monitoring information Active Tool ossec.org
Network Intrusion Detection in AlienVault OSSIM SNORT What is it? Default IDS in virtual appliance Generates security events for SIEM when analyzing network traffic Combines signature, protocol and anomaly-based inspection OSSIM makes it easy to manage distributed SNORT installations. Manage IDS rules to monitor for malware signatures and policy violations (p2P, unauthorized IM, games, etc.) Passive Tool snort.org
Intrusion Detection & Prevention in AlienVault OSSIM SURICATA What is it? Intrusion detection and intrusion prevention, based on threat signatures Same IDS signatures as SNORT Advanced processing of HTTP signatures Multi-threaded processing OSSIM makes it easy to manage distributed Suricata installations and manage IDS rules. Passive Tool Suricata.ids.org
Wireless Intrusion Detection System in AlienVault OSSIM KISMET What is it? OSSIM uses the Kismet package for wireless IDS Works with any wireless card supporting raw monitoring (rfmon) mode With appropriate hardware, like Raspberry Pi, can sniff 802.11b, 802.11a, 802.11g & 802.11n traffic OSSIM provides an interface for easy distributed deployments of Kismet. WIFI network security monitoring Rogue Apps detection PCI compliance help Passive Tool kismetwireless.org
SECURITY INFORMATION & EVENT MANAGEMENT
Security Event & Information Management ALIENVAULT OSSIM OSSIM, the open source SIEM, is the most widely used SIEM in the world. What can you do with it? Event collection, normalization and correlation Leverage suite of pre- integrated, best of breed security tools for incident response Passive Tool www.alienvault.com/open-threat-exchange/projects
BEHAVIORAL ANALYSIS
System & Network Monitoring in AlienVault OSSIM NAGIOS What is it? Watches hosts & services and provides alerts Configurable checking of assets Can do checks with agent or remotely, without agent Wide variety of plugins for monitoring apps and devices available OSSIM provides web interface for Nagios, making distributed installations easy with: Ongoing availability monitoring Availability monitoring during logical correlation (by request) Visibility whether service ports are open or closed Active Tool nagios.org
Network Traffic Capture in AlienVault OSSIM TCPDUMP What is it? TCPDUMP is a command-line packet analyzer and libpcap It is also a portable C/C++ library What does it do? Watches hosts and services and provides alerts Configurable checking of assets Can do checks with agent or remotely, without agent Wide variety of plugins for monitoring apps and devices available Active Tool tcpdump.org
Generating Netflow Data in AlienVault OSSIM FPROBE What is it? Collects network traffic data and distributes it as netflow flows towards the specified collector Libpcap-based tool OSSIM provides an integrated console where you can view netflow information, from FPROBE, to assist with incident response Passive Tool fprobe.sourceforge.net/
Netflow Collector in AlienVault OSSIM NFDUMP What is it? Read netflow data from the files stored by NFCAPD NFSUMP syntax is similar to TCPDUMP OSSIM makes it easy to quickly implement NFDUMP for netflow analysis Provides netflow data Creates customizable, top N statistics of flows, IP addresses, ports etc. Saves time by eliminating need for “How To” tutorial Passive Tool Nfdump.sourceforge.net
Collecting IP Traffic in AlienVault OSSIM NFSEN What is it? Web based front end for NFDUMP NFSEN is a network protocol developed by Cisco to run on iOS-enabled equipment and collect IP traffic information It is supported by other platforms, such as Juniper, Linux, FreeBSD and OpenBSD OSSIM aggregates NFSEN data and allows you to: Display netflow data Process netflow data within specific time frame Create historic and continuous profiles Passive nfsen.sourceforge.net
Network Use Monitoring in AlienVault OSSIM NTOP What is it? Network probe providing real-time & historical network usage Uses RRD Aberrant Behavior algorithm to draw predictions of future behavior **If prediction differs from real traffic, an event is generated in OSSIM In OSSIM, NTOP provides: Network usage statistics Asset information Time & activity matrices Real-time session monitoring And network abuse information Passive Tool ntop.org
Play, share, enjoy! START USING OSSIM TODAY Download OSSIM Join AlienVault OTX Learn more about our commercial offering Try AlienVault USM, free for 30 days Join us for a LIVE Demo!
Integrated Tools in AlienVault Unified Security Management Platform

Recomendados

Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?AlienVault
 
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsAlienVault
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMAlienVault
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...AlienVault
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection RecommendationsAlienVault
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienVault
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideAlienVault
 

Recomendados

Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?AlienVault
 
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsAlienVault
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMAlienVault
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...AlienVault
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection RecommendationsAlienVault
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienVault
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideAlienVault
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmAlienVault
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuideAlienVault
 
Improve threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmImprove threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmAlienVault
 
The State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHICThe State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHICAlienVault
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides finalAlienVault
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMAlienVault
 
Improve Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesImprove Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesAlienVault
 
How Malware Works
How Malware WorksHow Malware Works
How Malware WorksAlienVault
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverAlienVault
 
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than EverAlienVault
 
AWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAlienVault
 
Improve Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMImprove Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMAlienVault
 
Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationAlienVault
 
IDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDSIDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDSAlienVault
 
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USMInsider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USMAlienVault
 
Alien vault sans cyber threat intelligence
Alien vault sans cyber threat intelligenceAlien vault sans cyber threat intelligence
Alien vault sans cyber threat intelligenceAlienVault
 
Security by Collaboration: Rethinking Red Teams versus Blue Teams
Security by Collaboration: Rethinking Red Teams versus Blue TeamsSecurity by Collaboration: Rethinking Red Teams versus Blue Teams
Security by Collaboration: Rethinking Red Teams versus Blue TeamsAlienVault
 
Prepare to Be Breached: How to Adapt your Security Controls to the “New Normal”
Prepare to Be Breached: How to Adapt your Security Controls to the “New Normal”Prepare to Be Breached: How to Adapt your Security Controls to the “New Normal”
Prepare to Be Breached: How to Adapt your Security Controls to the “New Normal”AlienVault
 
How to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USMHow to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USMAlienVault
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 

Más contenido relacionado

Más de AlienVault

Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmAlienVault
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuideAlienVault
 
Improve threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmImprove threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmAlienVault
 
The State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHICThe State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHICAlienVault
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides finalAlienVault
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMAlienVault
 
Improve Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesImprove Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesAlienVault
 
How Malware Works
How Malware WorksHow Malware Works
How Malware WorksAlienVault
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverAlienVault
 
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than EverAlienVault
 
AWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAlienVault
 
Improve Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMImprove Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMAlienVault
 
Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationAlienVault
 
IDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDSIDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDSAlienVault
 
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USMInsider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USMAlienVault
 
Alien vault sans cyber threat intelligence
Alien vault sans cyber threat intelligenceAlien vault sans cyber threat intelligence
Alien vault sans cyber threat intelligenceAlienVault
 
Security by Collaboration: Rethinking Red Teams versus Blue Teams
Security by Collaboration: Rethinking Red Teams versus Blue TeamsSecurity by Collaboration: Rethinking Red Teams versus Blue Teams
Security by Collaboration: Rethinking Red Teams versus Blue TeamsAlienVault
 
Prepare to Be Breached: How to Adapt your Security Controls to the “New Normal”
Prepare to Be Breached: How to Adapt your Security Controls to the “New Normal”Prepare to Be Breached: How to Adapt your Security Controls to the “New Normal”
Prepare to Be Breached: How to Adapt your Security Controls to the “New Normal”AlienVault
 
How to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USMHow to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USMAlienVault
 

Más de AlienVault (20)

Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usm
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step Guide
 
Improve threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmImprove threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usm
 
The State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHICThe State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHIC
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides final
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USM
 
Improve Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesImprove Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation Directives
 
How Malware Works
How Malware WorksHow Malware Works
How Malware Works
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
 
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
 
AWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & Response
 
Improve Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMImprove Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USM
 
Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM Installation
 
IDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDSIDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDS
 
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USMInsider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
 
Alien vault sans cyber threat intelligence
Alien vault sans cyber threat intelligenceAlien vault sans cyber threat intelligence
Alien vault sans cyber threat intelligence
 
Security by Collaboration: Rethinking Red Teams versus Blue Teams
Security by Collaboration: Rethinking Red Teams versus Blue TeamsSecurity by Collaboration: Rethinking Red Teams versus Blue Teams
Security by Collaboration: Rethinking Red Teams versus Blue Teams
 
Prepare to Be Breached: How to Adapt your Security Controls to the “New Normal”
Prepare to Be Breached: How to Adapt your Security Controls to the “New Normal”Prepare to Be Breached: How to Adapt your Security Controls to the “New Normal”
Prepare to Be Breached: How to Adapt your Security Controls to the “New Normal”
 
How to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USMHow to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USM
 

Último

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Último (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

Integrated Tools in AlienVault Unified Security Management Platform

  • 1. TAKE YOUR OPEN SOURCE SECURITY STRATEGY TO THE NEXT LEVEL The power of open source from a single, unified console WWW.ALIENVAULT.COM/
  • 2. The World’s Most Widely Used SIEM MEET OSSIM OSSIM is trusted by 195,000+ security professionals in 175 countries…and counting Established and launched by security engineers out of necessity Users enjoy all of the features of a traditional SIEM – and more
  • 3. EXAMPLE OF HOW THE TOOLS WORK TOGETHER
  • 4. Tools Classification HOW IT WORKS TOOLS integrated with AlienVault OSSIM are classified by behavior of the tool with the network Active: they generate traffic in network being monitored Passive: they analyze network traffic without generating any traffic Passive tools require port mirroring (SPAN) configured in network equipment or virtual machines to analyze traffic
  • 6. Detecting Network Assets in AlienVault OSSIM PRADS What is it? Signature-based detection engine used to passively detect network assets OSSIM allows for distributed PrADS monitoring, to help simplify: Inventory management Version changes on services Policy violations Inventory correlation Passive Tool Passive.sourceforge.net
  • 7. Identifying Network Hosts & Services in AlienVault OSSIM NMAP (NETWORK MAPPER) What is it? Security scanner to discover hosts & services on network Product includes interface for scheduling NMAP scans & inventory system to manage results The OSSIM user interface makes it easy to schedule NMAP scans and manage results. Quickly find: network assets, open ports, service versions, operating systems and product versions Active Tool nmap.org
  • 8. Inventorying IT Assets in AlienVault OSSIM OCS INVENTORY NG What is it? Lightweight agent; provides full enumeration on installed software Collects information about hardware running OCS agent OSSIM simplifies OCS inventory installation and management of: Hardware and software inventory Vulnerabilities Information on policy violations Active Tool ocsinventory.ng.org
  • 10. Vulnerability Assessment in AlienVault OSSIM OPENVAS What is it? Provides both authenticated and unauthenticated vulnerability detection Actively scans network for known vulnerabilities per your specifications Daily feed of network vulnerability tests (over 33,000) Allows for scanning aggressiveness fine-tuning OSSIM gives users the ability to schedule OpenVAS scans and reporting in concert with vulnerability information. Active Tool openvas.org
  • 11. Web Vulnerability Scanning in AlienVault OSSIM NIKTO What is it? Performs comprehensive tests against web servers NIKTO in OSSIM scans web servers for problems including: Server and software misconfigurations Default files and programs Insecure files and programs Outdated software Active Tool cirt.net/nikto2
  • 13. Host-based Intrusion Detection in AlienVault OSSIM OSSEC What is it? Host-based intrusion detection system How it works? OSSIM provides a web interface for OSSEC to simplify management of distributed deployments AlienVault Sensor collects events from OSSEC server OSSIM can use Windows, UNIX and application logs, as well as registry and file integrity monitoring information Active Tool ossec.org
  • 14. Network Intrusion Detection in AlienVault OSSIM SNORT What is it? Default IDS in virtual appliance Generates security events for SIEM when analyzing network traffic Combines signature, protocol and anomaly-based inspection OSSIM makes it easy to manage distributed SNORT installations. Manage IDS rules to monitor for malware signatures and policy violations (p2P, unauthorized IM, games, etc.) Passive Tool snort.org
  • 15. Intrusion Detection & Prevention in AlienVault OSSIM SURICATA What is it? Intrusion detection and intrusion prevention, based on threat signatures Same IDS signatures as SNORT Advanced processing of HTTP signatures Multi-threaded processing OSSIM makes it easy to manage distributed Suricata installations and manage IDS rules. Passive Tool Suricata.ids.org
  • 16. Wireless Intrusion Detection System in AlienVault OSSIM KISMET What is it? OSSIM uses the Kismet package for wireless IDS Works with any wireless card supporting raw monitoring (rfmon) mode With appropriate hardware, like Raspberry Pi, can sniff 802.11b, 802.11a, 802.11g & 802.11n traffic OSSIM provides an interface for easy distributed deployments of Kismet. WIFI network security monitoring Rogue Apps detection PCI compliance help Passive Tool kismetwireless.org
  • 18. Security Event & Information Management ALIENVAULT OSSIM OSSIM, the open source SIEM, is the most widely used SIEM in the world. What can you do with it? Event collection, normalization and correlation Leverage suite of pre- integrated, best of breed security tools for incident response Passive Tool www.alienvault.com/open-threat-exchange/projects
  • 20. System & Network Monitoring in AlienVault OSSIM NAGIOS What is it? Watches hosts & services and provides alerts Configurable checking of assets Can do checks with agent or remotely, without agent Wide variety of plugins for monitoring apps and devices available OSSIM provides web interface for Nagios, making distributed installations easy with: Ongoing availability monitoring Availability monitoring during logical correlation (by request) Visibility whether service ports are open or closed Active Tool nagios.org
  • 21. Network Traffic Capture in AlienVault OSSIM TCPDUMP What is it? TCPDUMP is a command-line packet analyzer and libpcap It is also a portable C/C++ library What does it do? Watches hosts and services and provides alerts Configurable checking of assets Can do checks with agent or remotely, without agent Wide variety of plugins for monitoring apps and devices available Active Tool tcpdump.org
  • 22. Generating Netflow Data in AlienVault OSSIM FPROBE What is it? Collects network traffic data and distributes it as netflow flows towards the specified collector Libpcap-based tool OSSIM provides an integrated console where you can view netflow information, from FPROBE, to assist with incident response Passive Tool fprobe.sourceforge.net/
  • 23. Netflow Collector in AlienVault OSSIM NFDUMP What is it? Read netflow data from the files stored by NFCAPD NFSUMP syntax is similar to TCPDUMP OSSIM makes it easy to quickly implement NFDUMP for netflow analysis Provides netflow data Creates customizable, top N statistics of flows, IP addresses, ports etc. Saves time by eliminating need for “How To” tutorial Passive Tool Nfdump.sourceforge.net
  • 24. Collecting IP Traffic in AlienVault OSSIM NFSEN What is it? Web based front end for NFDUMP NFSEN is a network protocol developed by Cisco to run on iOS-enabled equipment and collect IP traffic information It is supported by other platforms, such as Juniper, Linux, FreeBSD and OpenBSD OSSIM aggregates NFSEN data and allows you to: Display netflow data Process netflow data within specific time frame Create historic and continuous profiles Passive nfsen.sourceforge.net
  • 25. Network Use Monitoring in AlienVault OSSIM NTOP What is it? Network probe providing real-time & historical network usage Uses RRD Aberrant Behavior algorithm to draw predictions of future behavior **If prediction differs from real traffic, an event is generated in OSSIM In OSSIM, NTOP provides: Network usage statistics Asset information Time & activity matrices Real-time session monitoring And network abuse information Passive Tool ntop.org
  • 26. Play, share, enjoy! START USING OSSIM TODAY Download OSSIM Join AlienVault OTX Learn more about our commercial offering Try AlienVault USM, free for 30 days Join us for a LIVE Demo!

Notas del editor

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. \n
  9. \n
  10. \n
  11. \n
  12. \n
  13. \n
  14. \n
  15. \n
  16. \n
  17. \n
  18. \n
  19. \n
  20. \n
  21. \n
  22. \n
  23. \n
  24. \n
  25. \n
  26. \n
  27. \n