Jeff Olen, Senior Product Manager, AlienVault

Kate MacLean, Senior Product Marketing Manager, Cisco

Sacha Dawes, Principal Product Marketing Manager

Felipe Legorreta, Sales Engineer

How to Solve your Top IT

Security Reporting Challenges

with AlienVault

• Managing your Cybersecurity Risk

• The Necessity, Benefits, and Challenges of IT Security Reporting

• Simplify IT Security Reporting with AlienVault USM Anywhere

• USM Anywhere Live Demo

• Ask Us Questions!

Agenda

3

Managing Your Cybersecurity Risk

Identify

Protect

Detect

Respond

Learn & Adapt

Report

• Identify what and who is in your

environment, and what vulnerabilities exist

• Protect the confidentiality, integrity, and

availability of your information and

systems

• Detect threats and anomalies

• Respond to incidents

• Learn about intrusions and adapt your

protections

• Report that your security controls are in

place, are working, and watch for

anomalies

• Regular/Continuous review of security

controls› Identify trends and anomalies

• Executive / Management reporting› Demonstrate security posture and effectiveness

• Audit Success› Demonstrate controls are in place and operational

IT Security Reporting is NecessaryAssess

RemediateRespond

• Many regulations seek monitoring and report out

against common control objectives, including:

› Asset inventories

› Detected vulnerabilities

› Detected malware & threats

› Failed logon attempts

• Security Frameworks are increasingly being used

as a basis for security and compliance programs

› Ex: NIST CSF has multiple mappings to other

security frameworks such as CIS Controls, NIST

800-53, COBIT, ISO 27001, and more

› Implementation and report out of controls supports

continuous compliance practices

Security Reporting Supports Compliance & Security Best

Practices

Source: LinkedIn Information Security – Threat Monitoring, Detection & Response (2017)

• Requires analysis of events from multiple sources

and solutions

• Different vendor solutions typically have custom log

formats

• Built-in vendor reports typically only provide insight

into that solution

• Even where APIs are available to gather logs,

typically requires programming expertise

IT Security Reporting is Hard

How many staff and different tools are required to

successfully create your IT security reports?

• Aggregating logs into a centralized

location is a necessary first step

• Enables log collection and normalization

from multiple sources

• Precursor for activities including event

correlation

• Facilitates and simplifies reporting for all

your environments, not just by solution

IT Security Reporting Success Requires Log

Management

A Unified Approach to Threat Detection, Incident Response & Compliance Management

Simplify IT Security Reporting with AlienVault USM Anywhere

Unified Security Management (USM) PlatformAlienVault combines five essential security monitoring capabilities for your

cloud and on-premises environments, and cloud applications, in a unified

platform for today’s resource-constrained organizations.

Supports Continuous Security MonitoringUSM Anywhere constantly monitors your environment with capabilities that

support continuous security monitoring of your environments. Combined with

continuously updated threat intelligence, USM Anywhere provides optimal

threat detection, incident response, and compliance management.

Simplifies and Reduces the Cost of ComplianceSecurity automation and orchestration enables different point solutions to

work together, helping your teams manage incidents more efficiently. Built-in

and customizable views and reports simplify review and compliance reporting.

10

Combines Five Security Essentials

Vulnerability AssessmentKnow where the vulnerabilities are to avoid easy

exploitation and compromise

Incident ResponseEnable discovered threats to be quickly

contained and/or mitigated

Threat DetectionKnow when anomalies and suspicious activities

happen in your environment

SIEM, Log Management & ReportingAggregate, retain and enable analysis of security event data from

across your network into a HIPAA, PCI DSS & SOC 2 certified

solution

Asset DiscoveryKnow who and what is connected to your cloud and

on-premises environments at all times

Unified Security Management from a

single cloud-based pane of glass

11

Complete Cloud and On-Premises Monitoring

Cloud Sensors On-Premises Sensors

Monitor cloud environments

and applicationsMonitor on-premises virtual

and physical environments

Continuously Updated Threat Intelligence

Threat Intelligence Powered by

AlienVault Labs Security Research

• AlienVault researches emerging threats–so

you don’t have to

• Continuous Threat Intelligence updates built

into your USM Anywhere include:

• Correlation directives

• IDS signatures

• Vulnerability audits

• Asset discovery signatures

• IP reputation data

• Data source plugins & AlienApps

• Incident response guidance

Supplemented by the AlienVault

Open Threat Exchange™ (OTX)

• FREE access to over 14 million threat

indicators contributed daily

• Collaborate with 65,000+ global participants

to investigate emerging threats in the wild

• Subscribe to threat research updates from

other OTX contributors

• Leverage the latest OTX threat intelligence

directly in your AlienVault USM environment

Cloud InfrastructureProductivity Apps IT VirtualizationIT OperationsIT Security

A Growing “Galaxy” of AlienApps

Respond

Automate and orchestrate your

threat responses for efficiency

Monitor

AlienApps collect and enrich

data from your environment

Detect

USM Anywhere uses that data

to detect threats and alerts you

Security Automation & Orchestration

Simplifies and Reduces the Cost of Compliance

• Built-In Reports for PCI & HIPAA

› Malware, Vulnerabilities, Failed Logons, and more

• Reports Covering Key NIST Cybersecurity

Framework (NIST CSF) Functions

› Asset Management, Risk Management, Access

Control, Audit/Log Records Review, Anomalies &

Events, Security Continuous Monitoring, Detection

Processes, and Analysis

• Reports to Review Common Events

› Events by Types of Data Source

› Events by Data Source

• Customizable Views with Hundreds of Available

Fields

Fast, Repeatable Reporting for Compliance & Security Best Practice

Built-In & Customizable Reports

17

How USM Anywhere Works

Hyper-V

VMware

AlienVault Threat

Intelligence

URLs

Malware

Samples

File

Hashes

Domains

IP Addresses

PUBLIC CLOUD

ON-PREMISES

CLOUD APPS

IT’S DEMO TIME!

19

Centrally Monitor

All Your

Environments

Orchestrate & Automate

Your Incident Response

Leverage Integrated

Threat Intelligence

Save Time & Money

with Unified

Essentials

Deploy Fast in the

Cloud or in Your Data

Center

Five Reasons You’ll Love the AlienVault Approach

Questions?

Test Drive USM Anywhere in our Interactive, Online Demo:

Get instant access, no download, no install

https://www.alienvault.com/products/usm-anywhere/demo

Try it for Free in your Environment :

Start detecting threats in less than an hour

https://www.alienvault.com/products/usm-anywhere/free-trial

Review Pricing and Get a Quote:

Multiple tiers available, low annual subscription pricing

https://www.alienvault.com/products/usm-anywhere/pricing