To simplify how organizations detect and mitigate threats

Enable organizations to benefit from the power of crowd-sourced threat intelligence & unified security

AlienVault Vision

Unified Security Management PlatformA single platform for simplified, accelerated threat detection, incident response & policy compliance

AlienVault Labs Threat IntelligenceCorrelation rules and directives written by ourAlienVault Labs team and displayed throughthe USM interface

Open Threat Exchange The world’s largest repository ofcrowd-sourced threat data providing acontinuous view of real time threats that mayhave penetrated the company’s defenses.

Unified Security Management

Threat Intelligence

Customer Success: Council Rock

Matthew Frederickson, Director of Information Technology for Council Rock School District12th largest school district in Pennsylvania (out of 500)

• 11,200 students, 1,300 staff• 2 High Schools, 3 Middle Schools, 10 Elementary Schools• 72 square miles• 10 person IT department

Key challenges:• Similar external threats that everyone else faces, plus…

“Curious” students who like to see what they can get away with Budget constraints Accountable to many stakeholders – school district management,

community, teachers, administrators, parents, etc.

Customer Success: Council Rock

Factors for choosing USM:• Started with SANS 20 Critical Security Controls• High visibility into the network with a tool that doesn’t require a lot

of care & feeding• Scalable• Measures what matters – out of the box

Communications with known malicious IPs (OTX) Not overwhelmed with alerts – built-in correlation directives

filter the signal from the noise Alerts when abnormal trends are observed Weekly threat intelligence updates to alert on emerging threats

Customer Success: Council Rock

Benefits gained using USM:• Identifying scripts brought in via thumb drives to scan network

& other mischief from students• Identifying malware distributed via spear-phishing among staff• Alerts for the things that need attention, not overwhelmed

with false positives• Comprehensive, customizable reporting• Certainty about what is going on in the network

ASSET DISCOVERY• Active Network Scanning• Passive Network Scanning• Asset Inventory

VULNERABILITY ASSESSMENT• Continuous

Vulnerability Monitoring• Authenticated /

Unauthenticated Active Scanning

BEHAVIORAL MONITORING• Log Collection• Netflow Analysis• Service Availability

Monitoring

SECURITY INTELLIGENCE/SIEM• SIEM Event Correlation• Incident Response

THREAT DETECTION• Network IDS• Host IDS• File Integrity Monitoring

USM Platform

Integrated, Essential Security Controls

DEMO

Headline Avoidance Checklist

Integrate tools into a single operating console or dashboardMaintain a continually updated software inventoryUse continuous vulnerability monitoringComplete a hardware inventoryUse network mappingIncorporate log aggregation and correlationTake threat intelligence feeds for threat identification and prioritization

SANS Report: Practical Threat Management for Education Organizations

Protection on a Budget

Four Valuable Questions for SIEM Vendors

• How quickly can you get meaningful insights from the SIEM?• How much training is required for staff to use the SIEM?• How easily does the SIEM scale as the organization grows?• Does the SIEM integrate host-based agents, or is it limited to receiving logs from syslog or other forwarders?

SANS Report: Practical Threat Management for Education Organizations

888.613.6023

ALIENVAULT.COM

CONTACT US

HELLO@ALIENVAULT.COM

Now for some Questions..

Questions? Hello@AlienVault.comTwitter : @alienvault

Test Drive AlienVault USM Download a Free 30-Day Trialhttp://www.alienvault.com/free-trial

Check out our 15-Day Trial of USM for AWShttps://www.alienvault.com/free-trial/usm-for-aws

Try our Interactive Demo Sitehttp://www.alienvault.com/live-demo-site