MARK ALLEN, KING OF ALL SALES ENGINEERING

Unified Security Management PlatformAccelerates and simplifies threat detection and incident response for IT teams with limited resources, on day one

AlienVault Labs Threat IntelligenceIdentifies the most significant threats targeting your

network and provides context-specific remediation guidance

Open Threat Exchange The world’s first truly open threat intelligence

community that enables collaborative defense with actionable, community-powered threat data

AlienVault Approach: Unified Security Management

AgendaHIDS capabilities HIDS Agent ArchitectureAlienVault event correlation

AlienVault USM Demo – See it in action• Remote HIDS agent deployment, configuration and management• Behavioral monitoring of servers and workstations• Logging and reporting for PCI compliance• Data correlation with IP reputation data, vulnerability scans and more• Correlating HIDS events to detect attacks

HIDS in AlienVault USM Learning the Basics…

HIDS capabilities

Log analysis based intrusion detection

File integrity checking

Registry keys integrity checking (Windows)

Signature based malware/rootkits detection

Real-time alerting and active response

HIDS Agent ArchitectureAgent components:

Logcollectord: Read logs (syslog, WMI, flat files)

Syscheckd: File integrity checking

Rootcheckd: Malware and rootkits detection

Agentd: Forwards data to the server

Server components:

Remoted: Receives data from agents

Analysisd: Processes data (main process)

Monitord: Monitor agents

AlienVault Event CorrelationAlienVault USM correlates events from multiple sources, crossing HIDS alerts with information collected from embedded detectors and external sources.

USM HIDS Management Interface

• Status monitor• Events viewer• Agents control manager• Configuration manager• Rules viewer/editor• Logs viewer• Server control manager• Deployment manager• Rules viewer/editor

AlienVault USM provides a comprehensive GUI for HIDS agent management:

ASSET DISCOVERY• Active & Passive Network Scanning• Asset Inventory• Host-based Software Inventory

VULNERABILITY ASSESSMENT• Continuous

Vulnerability Monitoring• Authenticated /

Unauthenticated Active Scanning

• Remediation Verification

BEHAVIORAL MONITORING• Netflow Analysis• Service Availability

Monitoring

SIEM• Log Management• SIEM Event Correlation• Incident Response• OTX

INTRUSION DETECTION• Network IDS• Host IDS• File Integrity Monitoring

USM PLATFORM

Integrated, Essential Security Controls

Let’s See It In Action

888.613.6023

ALIENVAULT.COM

CONTACT US

HELLO@ALIENVAULT.COM

Test Drive AlienVault USMDownload a Free 30-Day Trial

http://www.alienvault.com/free-trialTry our Interactive Demo Site

http://www.alienvault.com/live-demo-site

Now for some Q&A..

Questions? Hello@AlienVault.comTwitter : @alienvault