Intrusion Detection System (IDS)
Accelerate Your Threat Detection and Response with a Complete Set of Security Technologies
See how easy it is to use AlienVault Unified Security Management™ (USM) for Intrusion Detection.
Trusted by thousands of customers.
Intrusion Detection Systems for Any Environment
AlienVault USM™ delivers intrusion detection for your network that enables you to inspect traffic between devices, not just at the edge. You can also correlate events from your existing IDS/IPS into a single console for complete network visibility while preserving your investments.
Network Intrusion Detection System (NIDS)
Catch threats targeting your vulnerable systems with signature-based anomaly detection and protocol analysis technologies. Identify the latest attacks, malware infections, system compromise techniques, policy violations, and other exposures.
Host-based Intrusion Detection System (HIDS) and File Integrity Monitoring (FIM)
Analyze system behavior and configuration status to track user access and activity. Detect potential security exposures such as system compromise, modification of critical configuration files (e.g. registry settings, /etc/passwd), common rootkits, and rogue processes.
Deploys in Less Than One HourSign up and deploy AlienVault USM quickly. Start seeing actionable alarms in less than one hour. |
Integrated SIEM CorrelationMore than 2,000 correlation directives (and growing) to alert you to the most important threats. |
Always VigilantAutomatically receive new IDS signatures and updated correlation directives for the latest threats. |
Works with Other IDSForward IDS and IPS event logs from your existing devices to the USM Sensor for event correlation. |
Quickly View Threats
in the Dashboard
We utilize the Kill Chain Taxonomy to highlight the most important threats facing your network and the anomalies you should investigate. You can easily see the types of threats directed against your network and when known bad actors have triggered an alarm. Attack Intent & StrategyThe Kill Chain Taxonomy breaks out threats into five categories, allowing you to understand the intent of the attacks and how they’re interacting with your network and assets:
External Known Bad ActorsIndicated by the OTX ‘Atomic’ logo, alarms and events associated with known Indicators of Compromise (IoCs) are highlighted throughout USM. This allows you to prioritize security events that contain data linked to malicious activity. |
|
Reduced NoiseCorrelating IDS/IPS data with multiple security tools reduces false positives and increases accuracy of alarms. Automatic NotificationsSet up email notifications and implement phone messaging services such as SMS. |
Complete Threat EvidenceSee attack type, number of events, duration, source and destination IP addresses, and more. Workflow ManagementCreate tickets from any alarm, delegate to users, or integrate with an external ticketing system. |
Analyze Consolidated Threat Details Faster
Accelerate your response work by analyzing related threat details in one place.
Event Details
See the directive event, the individual event(s) that triggered the directive event, and the correlation
level of the directive rule.
You can click on any event to examine details such as:
- Normalized event
- SIEM information
- Reputation of source and destination IP addresses
- Knowledge base about the event
- Payload of the packet triggering the event
Powerful Analytics Uncover Threat and
Vulnerability Details – All in One Console
Get to the bottom of who and what’s targeting your assets and what systems are vulnerable. | |
Search SIEM EventsYou have the flexibility to conduct your own analysis. For example, you may want to search the SIEM database for events that came from the same host as the offending traffic triggering an alarm.
Check Assets and VulnerabilitiesSearch the built-in asset inventory for assets involved with an alarm. Integrated vulnerability assessment scans indicate whether an attack is relevant by identifying vulnerable operating systems, applications and services and more – all consolidated into a single view.
|
Inspect Packet CapturesUse integrated packet capture functionality to capture interesting traffic for offline analysis. Packets can be viewed in the integrated Tshark tool, or you can download the capture as a PCAP file.
Examine Raw LogsSearch for any raw logs that are related to activity reported by an alarm. For example, look for logs that are related to the source IP address that was reported in the alarm.
|