In a Nutshell: An increase in sophisticated cyberattacks involving ransomware and malicious hacking is giving rise to the number of defense solutions available on the market. While businesses have many options to protect their networks, most require multiple products that work independently of each other instead of in unison. AlienVault’s Unified Security Management™ (USM) platform aims to provide essential capabilities within a single console. USM works within network, host, and cloud environments to detect and defend against attacks and streamlines the tedious task of checking logs on multiple servers by incorporating the data into one file within the console. The company claims it can identify and start working against cyberattacks within an hour of their intrusion into a network.
I recently had a problem with the mobile application tied to one of my credit cards. Tech support said the only solution was to download a separate application that adjusts the settings for the troubled app.
After five minutes of toggling through security options and unchecking dozens of random boxes, the app still didn’t work. That’s when I was put on hold and subjected to the entire 26 minutes of Mozart’s Symphony No. 40.
When tech support returned, the agent said all I had to do to fix the problem was download another app and toggle some more settings. That’s when I ended the call, deleted the app, and moved the credit card to the back of my wallet.
Consolidation is important in today’s financial world. Customers don’t want to deal with multiple windows to solve a singular problem. The same can be said for financial institutions that are forced to juggle multiple solutions to manage their evergrowing regulatory and security needs.
AlienVault believes juggling multiple security point solutions can dramatically reduce effectiveness. The company’s SaaS-based USM Anywhere™ platform combines essential security technologies — asset discovery, vulnerability assessment, intrusion detection (network, host, and cloud), behavioral monitoring, SIEM, and log management — in one unified platform. This unified approach, which provides easy, fast access to security capabilities through a single pane of glass, is one way the company sets itself apart in the crowded security space.
“We’re focused on bringing multiple security essentials into one platform and one product with integrated threat intelligence that is designed for organizations with resource-constrained security teams,” said Sacha Dawes, Principal Product Marketing Manager at AlienVault. “These organizations may not have the resources to purchase multiple point products or the time to deploy and manage them all at once.”
AlienVault’s services are trusted by more than 7,000 customers — including Black Hills Federal Credit Union, Georgia United Credit Union, and United Southern Bank — to detect and manage cyberthreats in cloud and on-premises environments, as well as cloud applications like Office 365, while mitigating the risks involved with operating large operations on multiple servers.
“As soon as you deploy your first sensor, it’s going to start finding information and present near-immediate insights on what is going on in your environment,” Dawes said. “Ultimately all you need to do is the initial sensor deployment and then start monitoring right away as opposed to some of the products out there which can, at times, take two or three weeks to get configured with the help of professional services.”
AlienVault USM Anywhere looks at the different layers of an attack cycle and approaches each one with the goal of gathering information on vulnerabilities to spot potential attacks before they happen.
“We start off by looking at the risk within an organization with our asset discovery and vulnerability management solutions,” Dawes said.” Anything with an IP address is discovered in this phase. Once we discover it, we do a deeper inspection of each asset to find out what operating systems, software, and services they’re running.”
Dawes said the product often finds risks, such as a version of Windows Server that needs updating or an unpatched application running on a Linux box, both of which could be exploited by an attacker if not addressed properly.
Protecting Digital Environments with Advanced Risk Management Technologies
Businesses that run operations processes on several servers can struggle to properly maintain security standards across the multiple machines. Problems often stem from improper monitoring of the logs and the long strings of information each server generates.
“We gather all of that data from those logs and assets, as well as events from devices and services across your entire environment, and bring it into one location and one view,” Dawes said. “Once it’s in USM Anywhere, we normalize it and look for patterns or indicators of compromise to identify if something bad is going on inside the environment.”
Information gathered from the monitored on-premises and cloud environments is retained for at least one year to meet security best-practice and regulatory requirements. That information, according to Dawes, can come in handy in the event of a cyberattack.
“If a breach is detected, having that information in storage allows you to go back and do investigations,” he said.
AlienVault claims its threat intelligence — whether from the AlienVault Labs Security Team or from the crowd-sourced threat intelligence community of its Open Threat Exchange — can detect new threats (often referred to as zero-day attacks) within an hour of their appearance.
“The threat intelligence saves our customers from having to write complex correlation rules or develop their own security knowledge on threats,” Dawes said. “Our security researchers are effectively an extension of our customer’s team, and do the security research for them.”
That’s a lofty standard, as the various online threats being introduced are more sophisticated than ever.
“If you look across the threat ecosystem, we know that things like hacking and ransomware are more prominent — regardless of the industry you’re in,” Dawes said. “With that said, there are certain attacks targeted against specific industries. Organizations are at a disadvantage if they haven’t implemented a security program to both detect and prevent against such attacks.”
Dawes pointed to the company’s response to recent widespread attacks to show how its best defense is the preparation it takes before a threat emerges.
“If you look at many of the recent, more-publicized attacks like the WannaCry ransomware attack, we effectively had the ability to detect vulnerabilities in advance,” he said. “As soon as the attack happened, we had the information within the first hour and it was already being sent to our customers’ environments so they could detect if they were under attack, and reference critical and contextually-relevant information on the threat and how to respond.”
Intrusion Detection Monitoring for Host, Network & Cloud
AlienVault’s services are tailored to work with the host, network, and cloud environments and provide solutions to the intricate needs each have.
“USM Anywhere allows customers to monitor their on-premises and cloud environments or where they are using cloud-based services like Office 365 or G Suite,” Dawes said. “It monitors what’s going on in those environments and provides feedback to the clients to help them understand where anomalies may exist.”
An important facet of AlienVault USM Anywhere to Finserv companies is the File Integrity Monitoring, which identifies changes in system files, folders, and Microsoft Windows registries.
“Financial institutions want to know who or what is accessing specific files and to know if people are changing things on those systems that could be malicious,” Dawes said. “USM Anywhere monitors that for them.”
AlienVault’s USM Anywhere platform isn’t only about monitoring. In the event of an actual attack, intrusion detection and response capabilities go well beyond basic firewall protection and help detect and contain attacks such as malware installation, data exfiltration, privilege escalation, and other attacks within internal networks.
A Single Console Providing Multiple Capabilities
AlienVault’s USM Anywhere platform provides multiple security capabilities without the hassle of toggling between different applications or windows.
“If you look at the different products in the security space, you’ll find you need multiple point solutions in order to achieve things,” Dawes said. “Or you can use a product like AlienVault USM Anywhere that has all of the essential security capabilities in one console. With all of those point solutions, you have to buy them, deploy them, then try to make them work together — often through different consoles to get the information you want.”
Dawes said such a process can not only be time-consuming, but it can overwhelm a company budget, too. AlienVault’s goal is to provide superior solutions at an affordable price.
“USM Anywhere is available in three editions — essential, standard, and enterprise,” he said. “Each edition offers all the security essentials and at least one year of long-term storage, and standard and enterprise editions offer up to 90 days of real-time event search, orchestration with security tools, dark web monitoring, and more. Customers can also opt for higher data consumption tiers within each edition. It’s basically a subscription pricing based on the amount of data you’re consuming each month.”
USM Anywhere is available as a free 14-day trial for potential users to experience the product before committing to the monthly cost, which starts at $650 per month for the essentials tier and $1,575 each month for the standard. The enterprise is custom-quoted.
“Everything we do is about providing security and value to our clients,” Dawes said. “We take a lot of the thinking and effort out of the security process so our customers can focus more on their business.”