Intrusion Detection System (IDS)

Accelerate Your Threat Detection and Response with a Complete Set of Security Technologies

See how easy it is to use AlienVault Unified Security Management™ (USM) for Intrusion Detection.

Watch a 90-Second Demo

Trusted by thousands of customers.

Bank of IrelandHays Medical CenterTaylor-MorrisonPolitie Dutch National PoliceNational Film Board of CanadaRichland Washington School DistrictInternational Currency ExchangeDelta SonicShake ShackSubaruAmy'sHuluU.S. Air ForceeHarmonyOklahoma UniversityUbisoftTHSBZioskSave Mart SupermarketsHigh Plains BankEpsilon Systems SolutionsPeet's Coffee and TeaPepco Holdings IncDaveyRegis UniversityLifespan BioscienceThe New York TimesArcos Dorados HoldingsBluegrass Cellular

Intrusion Detection Systems for Any Environment

AlienVault USM™ delivers intrusion detection for your network that enables you to inspect traffic between devices, not just at the edge. You can also correlate events from your existing IDS/IPS into a single console for complete network visibility while preserving your investments.

Intrusion Detection for Any EnvironmentNetwork Intrusion Detection System (NIDS)

Catch threats targeting your vulnerable systems with signature-based anomaly detection and protocol analysis technologies. Identify the latest attacks, malware infections, system compromise techniques, policy violations, and other exposures.

Host-based Intrusion Detection System (HIDS) and File Integrity Monitoring (FIM)

Analyze system behavior and configuration status to track user access and activity. Detect potential security exposures such as system compromise, modification of critical configuration files (e.g. registry settings, /etc/passwd), common rootkits, and rogue processes.

Deploys in Less Than One Hour

Sign up and deploy AlienVault USM quickly. Start seeing actionable alarms in less than one hour.

Integrated SIEM Correlation

More than 2,000 correlation directives (and growing) to alert you to the most important threats.

Always Vigilant

Automatically receive new IDS signatures and updated correlation directives for the latest threats.

Works with Other IDS

Forward IDS and IPS event logs from your existing devices to the USM Sensor for event correlation.

AlienVault Unified Security Management is being used across the whole organisation for event logging and monitoring, threat/vulnerability management and IDS.

AlienVault Unified Security Management (USM) is suited for the small office/business that could never afford the high end systems, and it can scale to large networks. PCI regulated businesses and HIPAA doctor offices and medical suites can be mor…

Alienvault is used to monitor security events in our entire organisation. It help us to keep an eye on security while saving time. This enables us to be more secure even if we desperately need more staff.

AlienVault Unified Security Management (USM) is well suited for anyone who wants to turn on a device and get actionable intelligence right away. Given the proper configuration, I can’t think of a scenario where AlienVault USM wouldn’t be appropri…

AlienVault is used to provide visibility into our network traffic inbound and outbound from/to the Internet as well as traffic between our DMZ, corporate and extranet networks. Prior to AlienVault we configured a layered security design and it wa…

The AlienVault USM platform allows us to provide services to our clients that help them meet their compliance needs. It covers some of the major PCI compliance requirements, for example, Secure Log Management and storage, File Integrity Monitorin…

We use AlienVault USM to monitor our data center, network traffic, and key workstations. Our goal is to protect the systems from loss of PII, from malware, and from intrusion.

Our organization currently uses AlienVault Unified Security Management in order to comply with the requirements made by the PCI DSS council. AlienVault USM is very easy to use, while gaining amazing feed back. The support given by the AlienVault…

If you are looking for an easy, turn key all in one solution, this is your best option. Other products have many different solutions stitched together, but only Alien Vault Unified Security Management has been able to take the best of breed open …

AlienVault Unified Security Management is being used by the information security department of our company. It is helping us to quickly identify security incidents and to investigate and respond in a timely manner.

Quickly View Threats
in the Dashboard

We utilize the Kill Chain Taxonomy to highlight the most important threats facing your network and the anomalies you should investigate. You can easily see the types of threats directed against your network and when known bad actors have triggered an alarm.

Attack Intent & Strategy

The Kill Chain Taxonomy breaks out threats into five categories, allowing you to understand the intent of the attacks and how they’re interacting with your network and assets:

  • System Compromise – Behavior indicating a compromised system.
  • Exploitation & Installation – Behavior indicating a successful exploit of a vulnerability or backdoor/RAT being installed on a system.
  • Delivery & Attack – Behavior indicating an attempted delivery of an exploit.
  • Reconnaissance & Probing – Behavior indicating an actor attempt to discover information about your network.
  • Environmental Awareness – Behavior indicating policy violations, vulnerable software, or suspicious communications.

External Known Bad Actors

Indicated by the OTX ‘Atomic’ logo, alarms and events associated with known Indicators of Compromise (IoCs) are highlighted throughout USM. This allows you to prioritize security events that contain data linked to malicious activity.

Reduced Noise

Correlating IDS/IPS data with multiple security tools reduces false positives and increases accuracy of alarms.

Automatic Notifications

Set up email notifications and implement phone messaging services such as SMS.

Complete Threat Evidence

See attack type, number of events, duration, source and destination IP addresses, and more.

Workflow Management

Create tickets from any alarm, delegate to users, or integrate with an external ticketing system.

Analyze Consolidated Threat Details Faster

Accelerate your response work by analyzing related threat details in one place.

Event Details

See the directive event, the individual event(s) that triggered the directive event, and the correlation
level of the directive rule.

You can click on any event to examine details such as:

  • Normalized event
  • SIEM information
  • Reputation of source and destination IP addresses
  • Knowledge base about the event
  • Payload of the packet triggering the event
Analyze Consolidated Threat Details Faster

Powerful Analytics Uncover Threat and
Vulnerability Details – All in One Console

Get to the bottom of who and what’s targeting your assets and what systems are vulnerable.

Search SIEM Events

You have the flexibility to conduct your own analysis. For example, you may want to search the SIEM database for events that came from the same host as the offending traffic triggering an alarm.

  • Displays events stored in the database
  • Filters help you find more granular data
  • Sort by event name, IP address, and more

Check Assets and Vulnerabilities

Search the built-in asset inventory for assets involved with an alarm. Integrated vulnerability assessment scans indicate whether an attack is relevant by identifying vulnerable operating systems, applications and services and more – all consolidated into a single view.

  • See all reported alarms and events by asset
  • Modify your mitigation / remediation strategy based on presence of threats targeting vulnerable systems
  • Correlate reported vulnerabilities with malicious traffic

Inspect Packet Captures

Use integrated packet capture functionality to capture interesting traffic for offline analysis. Packets can be viewed in the integrated Tshark tool, or you can download the capture as a PCAP file.

  • Set capture timeout
  • Select number of packets to capture
  • Choose source and destination IP addresses to capture

Examine Raw Logs

Search for any raw logs that are related to activity reported by an alarm. For example, look for logs that are related to the source IP address that was reported in the alarm.

  • Raw logs are digitally signed for evidentiary purposes
  • Filter by time range and search pattern
  • Export raw logs as a text file

Getting Started with AlienVault USM for Intrusion Detection

Network Intrusion Detection System

Host Intrusion Detection System