Get Security Visibility in Under 1 Hour with AlienVault
•Download as PPTX, PDF•
0 likes•1,275 views
You'll learn how to get complete network security visibility in under an hour. A SIEM deployment expert will walk you through our most popular features and use cases. To learn more, sign up for a live demo: http://www.alienvault.com/marketing/alienvault-usm-live-demo
Recommended
Recommended
More Related Content
More from AlienVault
More from AlienVault (20)
Recently uploaded
Recently uploaded (20)
Get Security Visibility in Under 1 Hour with AlienVault
- 1. “LIVE” PRODUCT DEMO: UNIFIED SECURITY MANAGEMENT IN UNDER 1 HOUR WITH ALIENVAULT ™ Tom D’Aquino, Systems Engineers Justin S. Endres, Senior Vice President of Sales
- 2. AGENDA Todays Threat Landscape: Realities & Implications AlienVault Unified Security Management (USM) Threat detection and risk assessment • Prioritizing risk through correlation of Internet reputation, threat severity and asset vulnerability • Risk assessment and vulnerability reports of affected assets Threat detection through correlation of firewall logs & Windows events • Data collection and correlation from a Cisco ASA firewall to detect a network scan or worm behavior • Detection of brute force attack leveraging OSSEC HIDS agent Log management • A forensic view into stored logs • Tips for quickly browsing through collected logs and how to export those into reports Compliance Reporting • Mapping controls with collected data to generate quick and accurate compliance reports for PCI DSS, HIPAA, ISO 27002, SOX, GPG 13 Questions & Answers as time permits
- 3. THREAT LANDSCAPE: OUR NEW REALITY More and more organizations are finding themselves in the crosshairs of various bad actors for a variety of reasons. The number of organizations experiencing high profile breaches is unprecedented ~ SMB increasingly become the target.
- 4. THREAT LANDSCAPE: THE GROWING GAP The “security arms race” cannot continue indefinitely as the economics of securing your organization is stacked so heavily in favor of those launching attacks that incremental security investments are seen as impractical. • • • • • • Initial Licensing Costs Implementation / Optimization Costs Ongoing Management Costs Renewal Costs Integration of all the security technologies Training of personnel/incoming personnel
- 5. THE PROMISE OF SIEM / LEM “The cost of a major and persistent system compromise can be substantial. Standalone security tools provide some visibility; SIEM tools do much more”. Is it delivering on it’s promise? • • • 32% of those who have purchased a SIEM would consider replacing their existing SIEM solution for better cost (time/$$) savings. 44% of respondents suggest their SIEM lacks integration with other products / Correlation is far too difficult to manage/maintain. 58% of those who have invested in LEM solutions are entirely frustrated with the lack of threat detection (security) their LEM platform has provided and is moving to SIEM.
- 6. THREAT LANDSCAPE: THE FAILURE OF SIEM/LEM The cost of time from breach to containment remains alarmingly high…poor correlation, lack of integration, & “point solution sprawl” Organizations (mid-market & enterprise) are demanding solutions that are scalable, cost effective, and manageable. SIEM/LE M Cost effective Easily Manageable (example Unified Threat Management “UTM”) Highly Integrated Strong Correlation User friendly UI …Enter AlienVault’s Unified Security Management “USM” data Contextual Enterprises are shifting spend toward consolidated solutions that offer better integration, manageability and economic leverage.
- 7. Security Asset Discovery Piece it all Intelligence together Look for strange Behavioral activity which could Monitoring indicate a threat • • • • Active Network Scanning Passive Network Scanning Asset Inventory Host-based Software Inventory Vulnerability Assessment Figure out what Asset is valuable Discovery • Network Vulnerability Testing Threat Detection • • • • Network IDS Host IDS Wireless IDS File Integrity Monitoring Behavioral Monitoring Threat Start looking for threats Detection Identify ways the Vulnerability target could be Assessment compromised • Log Collection • Netflow Analysis • Service Availability Monitoring Security Intelligence • SIEM Correlation • Incident Response
- 8. UNIFIED SECURITY MANAGEMENT “Security Intelligence through Integration that we do, NOT you” USM Platform • • Bundled Products - 30 Open-Source Security tools to plug the gaps in your existing controls • • USM Framework - Configure, Manage, & Run Security Tools. Visualize output and run reports USM Extension API - Support for inclusion of any other data source into the USM Framework Open Threat Exchange –Provides threat intelligence for collaborative defense
- 9. A DIFFERENT APPROACH TO SIEM: USM “UNIFIED SECURITY MANAGEMENT” AlienVault collects data from any source…
- 11. View the Webinar on-Demand To view the recorded version of this webinar Click Here.
Editor's Notes
- \
- Who do we sell toHow to find themHow to engageEmphasis on categories in which we play (e.g. IDS, Vuln Assessment, Asset Discovery...)Quick market/vendor overview of these categories (high level competitive)
- Most organizations look like this… there’s a myriad of security solutions in their environment all promising to deliver greater visibility.
- Most organizations look like this… there’s a myriad of security solutions in their environment all promising to deliver greater visibility.
- Most organizations look like this… there’s a myriad of security solutions in their environment all promising to deliver greater visibility.
- Most organizations look like this… there’s a myriad of security solutions in their environment all promising to deliver greater visibility.
- So how do we do this ? We’ve pieced together all of the necessary security tools to feed the correlation engine, provide meaningful data, and manage entire networks from a single-pane-of-glass. -The essential elements of a SIEM are the ability to capture events and pull these into an engine that can parson, normalize, correlate, and log them.-What most folks in the security world will tell you is that in order to have a battle tested security solution – you need to extend the capabilities of that SIEM to take other information than just the logs. And we’ve done just that.-First, we realize folks need to know what assets are on their system to protect. We do that by building in Asset Discovery Tools, where we can automatically populate a database of assets on your network by scanning both passively and actively, identifying hosts and installed software packages.-Once we’ve identified what’s on your networks at all times, we’ve built in the ability to find out where your system might be vulnerable. Vulnerability assessment tools allow us to cross correlate vulnerability information with up to date detection rules to identify the weaknesses that hackers exploit. -On top of that, our built in Threat detection tools are actively searching for breaching attempts. Our aim is to cover all of your bases to include Host based IDS, Network IDS, File Integrity Monitoring and even Wireless IDS. -The 4th piece is behavioral monitoring. Security teams need to track user behavior that will give you the coverage you need for unknown threats – typically exemplified by strange or anomalous network or system behavior – this includes netflow analysis, service availability and of course log collection and analysis for in-depth forensic investigations.-Finally, aggregatiing these security controls altogether for correlation and analysis provides the intelligence you need in order to stay ahead of the bad guys and be pro-active instead of reactive in your security approach.
- In fact, AlienVault offers the only unified security management solution to unify the five essential security capabilities you need for complete security visibility. This translates into rapid time to value – faster and easier audits, targeted remediation, and more seamless incident response.
- Today’s threat landscape looks amazingly stark. There’s a growing number of bad actors,
- As you know, it’s never easy to fight for budget, especially when that budget is shrinking. We hear from many customers who say that they’re looking to achieve more with less – less people, less time, less budget. The respondents in our survey echoed this refrain. Thanks to AlienVault, they’re getting a better handle on their environment, our solution was easy to deploy and more than half agreed that they’re now able to do more with less.