About AlienVault

Founded in 2007 and headquartered in San Mateo, CA with offices in:

• Madrid, Spain (Sales & Support)• Austin, Texas (Dev, Engineering, Sales & Support)• Cork, Ireland (Sales & Support)

Over 14,500 active implementationsOver 1,900 customersOnly company to be named “Visionary” in the Gartner Magic Quadrant in 2013 and 2014Backed by Premier Investors including GGV Capital, KPCB, Trident Capital, and Intel Capital

• Closed on Series D funding in December 2013

Agenda

Threat LandscapeOMB / OPM Government-wide 30-Day Sprint 5 Essential Security Capabilities for Unified ControlsAlienVault Open Threat Exchange – What is it and how do Federal users benefit?Solution Architecture Demonstration – Victor ObandoQ&A

Threat Landscape - Our New Reality

The Public Sector experienced nearly 50 times more cyber incidents than any other industry in 2014 and it’s not slowing down into 2015.

Federal CIO’s cannot simply rely on traditional boundary protection anymore and recruiting top-talent for cyber security remains a core challenge.

Continuous Monitoring / Diagnostics and Mitigation (CDM) got off to a fast start, but in order for it to flourish, it must be a priority for the agency from a budget and resource perspective

84% of organizations breached

had evidence of the breach in their log files…

-2015 Verizon Data Breach Investigations Report

30-Day Sprint - Security “Asks” for Fed Agencies

① Protecting Data: Better protect data at rest and in transit② Improving Situational Awareness: Improve indication and warning③ Increasing Cybersecurity Proficiency: Ensure a robust capacity to recruit and retain

cybersecurity personnel④ Increase Awareness: improve overall risk awareness by all users⑤ Standardizing and Automating Processes: Decrease time needed to manage

configurations and patch vulnerabilities⑥ Controlling, Containing, and Recovering from Incidents: Contain malware

proliferation, privilege escalation, and lateral movement. Quickly identify and resolve events and incidents

⑦ Strengthening Systems Lifecycle Security: Increase inherent security of platforms by buying more secure systems and retiring legacy systems in a timely manner

⑧ Reducing Attack Surfaces: Decrease complexity and number of things defenders need to protect

Built-In, Essential Security Capabilities

USM Platform

ASSET DISCOVERY•Active Network Scanning•Passive Network Scanning•Asset Inventory•Host-based Software Inventory

VULNERABILITY ASSESSMENT• Continuous

Vulnerability Monitoring• Authenticated /

Unauthenticated Active Scanning

BEHAVIORAL MONITORING• Log Collection• Netflow Analysis• Service Availability

Monitoring

SIEM• SIEM Event Correlation• Incident Response

INTRUSION DETECTION•Network IDS•Host IDS•File Integrity Monitoring

The ONLY Unified Security Management Solution

AlienVault is the only security vendor that provides the five essential capabilities in one, pre-integrated

solution

Delivers rapid time to visibility and value

Open Threat Exchange: World’s Largest Crowd-sourced IP Reputation Alerting Platform

• Real-time insights on known, validated malicious IP addresses and incidents affecting others globally

• AlienVault Labs reacts to the emerging threat and publishes new correlation rules to all of our users

• Every AlienVault USM installation receives the ThreatExchange update and protects against potential attacks

OTX facilitates secure collaboration to identify emerging threats and prevent compromise. Providing the broadest based Reputation Feed in the world.

Coordinated Analysis, Actionable Guidance

AlienVault Labs Threat Intelligence:

Weekly updates that cover all coordinated rulesets:

Network and host-based IDS signatures – detects the latest threats in your environment

Asset discovery signatures – identifies the latest OS’es, applications, and device types

Vulnerability assessment signatures – dual database coverage to find the latest vulnerabilities on all your systems

Correlation rules – translates raw events into actionable remediation tasks

Reporting modules – provides new ways of viewing data about your environment

Dynamic incident response templates – delivers customized guidance on how to respond to each alert

Newly supported data source plug-ins – expands your monitoring footprint

9

AlienVault Solution Architecture – 3 Components 

USM Server• Forensic Console• Reporting Engine• Event Correlation • Vulnerability Management• Availability Monitoring• Incident Management• Policy based Event Filtering

Sensor• Event Collection/Normalizer• Threat Detection• Vulnerability Scanner• Netflow Protocol Analysis

Logger• Forensic Event Storage• Digitally Time-Stamped Raw Logs• Fully Searchable 

DEMO

888.613.6023

ALIENVAULT.COM

CONTACT US

HELLO@ALIENVAULT.COM

Now for some Questions..

Questions? Hello@AlienVault.comTwitter : @alienvault

Test Drive AlienVault USM Download a Free 30-Day Trialhttp://www.alienvault.com/free-trial

Check out our 15-Day Trial of USM for AWShttps://www.alienvault.com/free-trial/usm-for-aws

Try our Interactive Demo Sitehttp://www.alienvault.com/live-demo-site