You'll learn how to get complete network security visibility in under an hour. A SIEM deployment expert will walk you through our most popular features and use cases. To learn more, sign up for a live demo: http://www.alienvault.com/marketing/alienvault-usm-live-demo
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Get Security Visibility in Under 1 Hour with AlienVault
1. “LIVE” PRODUCT DEMO:
UNIFIED SECURITY MANAGEMENT IN UNDER 1 HOUR WITH ALIENVAULT ™
Tom D’Aquino, Systems Engineers
Justin S. Endres, Senior Vice President of Sales
2. AGENDA
Todays Threat Landscape: Realities & Implications
AlienVault Unified Security Management (USM)
Threat detection and risk assessment • Prioritizing risk through correlation of Internet reputation,
threat severity and asset vulnerability • Risk assessment and vulnerability reports of affected assets
Threat detection through correlation of firewall logs & Windows events • Data collection and
correlation from a Cisco ASA firewall to detect a network scan or worm behavior • Detection of brute
force attack leveraging OSSEC HIDS agent
Log management • A forensic view into stored logs • Tips for quickly browsing through collected logs
and how to export those into reports
Compliance Reporting • Mapping controls with collected data to generate quick and accurate
compliance reports for PCI DSS, HIPAA, ISO 27002, SOX, GPG 13
Questions & Answers as time permits
3. THREAT LANDSCAPE: OUR NEW REALITY
More and more organizations are finding
themselves in the crosshairs of various bad actors
for a variety of reasons.
The number of organizations experiencing high
profile breaches is unprecedented ~ SMB
increasingly become the target.
4. THREAT LANDSCAPE: THE GROWING GAP
The “security arms race” cannot continue
indefinitely as the economics of securing your
organization is stacked so heavily in favor of
those launching attacks that incremental
security investments are seen as impractical.
•
•
•
•
•
•
Initial Licensing Costs
Implementation / Optimization Costs
Ongoing Management Costs
Renewal Costs
Integration of all the security technologies
Training of personnel/incoming personnel
5. THE PROMISE OF SIEM / LEM
“The cost of a major and persistent system compromise can be substantial.
Standalone security tools provide some visibility; SIEM tools do much more”.
Is it delivering on it’s promise?
•
•
•
32% of those who have purchased a SIEM would consider
replacing their existing SIEM solution for better cost
(time/$$) savings.
44% of respondents suggest their SIEM lacks integration
with other products / Correlation is far too difficult to
manage/maintain.
58% of those who have invested in LEM solutions are
entirely frustrated with the lack of threat detection
(security) their LEM platform has provided and is moving to
SIEM.
6. THREAT LANDSCAPE: THE FAILURE OF SIEM/LEM
The cost of time from breach to containment remains
alarmingly high…poor correlation, lack of integration,
& “point solution sprawl”
Organizations (mid-market & enterprise) are
demanding solutions that are scalable, cost effective,
and manageable.
SIEM/LE
M
Cost effective
Easily Manageable
(example Unified Threat Management “UTM”)
Highly Integrated
Strong Correlation
User friendly UI
…Enter AlienVault’s Unified Security Management “USM” data
Contextual
Enterprises are shifting spend toward consolidated
solutions that offer better integration, manageability
and economic leverage.
7. Security
Asset Discovery
Piece it all
Intelligence
together
Look for strange
Behavioral
activity which could
Monitoring
indicate a threat
•
•
•
•
Active Network Scanning
Passive Network Scanning
Asset Inventory
Host-based Software Inventory
Vulnerability Assessment
Figure out what
Asset
is valuable
Discovery
• Network Vulnerability Testing
Threat Detection
•
•
•
•
Network IDS
Host IDS
Wireless IDS
File Integrity Monitoring
Behavioral Monitoring
Threat
Start looking
for threats
Detection
Identify ways the
Vulnerability
target could be
Assessment
compromised
• Log Collection
• Netflow Analysis
• Service Availability Monitoring
Security Intelligence
• SIEM Correlation
• Incident Response
8. UNIFIED SECURITY MANAGEMENT
“Security Intelligence through Integration that we do, NOT you”
USM Platform
•
•
Bundled Products - 30 Open-Source Security tools to plug
the gaps in your existing controls
•
•
USM Framework - Configure, Manage, & Run Security
Tools. Visualize output and run reports
USM Extension API - Support for inclusion of any other
data source into the USM Framework
Open Threat Exchange –Provides threat intelligence for
collaborative defense
9. A DIFFERENT APPROACH TO SIEM:
USM “UNIFIED SECURITY MANAGEMENT”
AlienVault collects data from any source…
11. View the Webinar on-Demand
To view the recorded
version of this webinar
Click Here.
Editor's Notes
\
Who do we sell toHow to find themHow to engageEmphasis on categories in which we play (e.g. IDS, Vuln Assessment, Asset Discovery...)Quick market/vendor overview of these categories (high level competitive)
Most organizations look like this… there’s a myriad of security solutions in their environment all promising to deliver greater visibility.
Most organizations look like this… there’s a myriad of security solutions in their environment all promising to deliver greater visibility.
Most organizations look like this… there’s a myriad of security solutions in their environment all promising to deliver greater visibility.
Most organizations look like this… there’s a myriad of security solutions in their environment all promising to deliver greater visibility.
So how do we do this ? We’ve pieced together all of the necessary security tools to feed the correlation engine, provide meaningful data, and manage entire networks from a single-pane-of-glass. -The essential elements of a SIEM are the ability to capture events and pull these into an engine that can parson, normalize, correlate, and log them.-What most folks in the security world will tell you is that in order to have a battle tested security solution – you need to extend the capabilities of that SIEM to take other information than just the logs. And we’ve done just that.-First, we realize folks need to know what assets are on their system to protect. We do that by building in Asset Discovery Tools, where we can automatically populate a database of assets on your network by scanning both passively and actively, identifying hosts and installed software packages.-Once we’ve identified what’s on your networks at all times, we’ve built in the ability to find out where your system might be vulnerable. Vulnerability assessment tools allow us to cross correlate vulnerability information with up to date detection rules to identify the weaknesses that hackers exploit. -On top of that, our built in Threat detection tools are actively searching for breaching attempts. Our aim is to cover all of your bases to include Host based IDS, Network IDS, File Integrity Monitoring and even Wireless IDS. -The 4th piece is behavioral monitoring. Security teams need to track user behavior that will give you the coverage you need for unknown threats – typically exemplified by strange or anomalous network or system behavior – this includes netflow analysis, service availability and of course log collection and analysis for in-depth forensic investigations.-Finally, aggregatiing these security controls altogether for correlation and analysis provides the intelligence you need in order to stay ahead of the bad guys and be pro-active instead of reactive in your security approach.
In fact, AlienVault offers the only unified security management solution to unify the five essential security capabilities you need for complete security visibility. This translates into rapid time to value – faster and easier audits, targeted remediation, and more seamless incident response.
Today’s threat landscape looks amazingly stark. There’s a growing number of bad actors,
As you know, it’s never easy to fight for budget, especially when that budget is shrinking. We hear from many customers who say that they’re looking to achieve more with less – less people, less time, less budget. The respondents in our survey echoed this refrain. Thanks to AlienVault, they’re getting a better handle on their environment, our solution was easy to deploy and more than half agreed that they’re now able to do more with less.