Aanval is a product of Tactical FLEX, Inc. - Copyright 2012 - All Rights Reserved

Snort and Syslog Intrusion Detection, Correlation and Threat Management

AANVAL® 7 PRODUCT TECHNOLOGY BRIEF

TACTICAL FLEX, INC.

2

Directory

» What is Aanval?.................................................................3

» Aanval Customer Base.......................................................5

» Aanval 7 Technology Features

» Situational Awareness........................................................7

» False Positive Protection...................................................7

» Correlation........................................................................7

» GeoLocation......................................................................8

» Advanced Displays............................................................8

» Tagging.............................................................................8

» Timeline Browser...............................................................9

» Storage Capabilities..........................................................9

» Real-Time Event Viewing and Responding........................9

» Advanced Search..............................................................9

» Reporting, Charts, and Graphs........................................10

» Snort Signature Management...........................................10

» Automated Actions...........................................................10

» Event Details...................................................................10

» Download Aanval - Free and Commercial........................11

» Aanval 7 Licensing..........................................................11

» Aanval 7 Requirements....................................................11

» About Tactical FLEX, Inc..................................................12

Tactical FLEX, Inc. All Rights Reserved. 800-921-2584

3

Aanval is the industry's leading Snort and Syslog SIEM (Security Information and Event Management) console. Aanval is the only SIEM on the market with the ability to automatically scale to meet the needs of its environment.

Government security, defense organizations from more than a half dozen countries, global financial organizations and educational institutions, as well as space exploration and military weapons manufacturers rely upon Aanval as a part of their security infrastructure.

Tactical FLEX, Inc. has been serving the information security industry and protecting organizations world-wide since 2003. Our organization is dedicated to providing our customers with leading-edge products and comprehensive services and support.

Why IT Security Departments Worldwide Choose Aanval?

• Aanval does more than just display event data. We do the work for you. Aanval includes a sophisticated event correlation engine to logically group detected attacks from your Snort and syslog sensors together. We even do it in real-time.

• Enterprise scalability has been a key focus of Aanval since its creation. On industry standard hardware, Aanval imports, processes, normalizes, and indexes as much as 4,000 to 6,000 events per second.

• Aanval is built upon a sophisticated and time-tested data storage mechanism that allows for event storage that is only limited by disk space resources. Store billions of Snort and syslog events locally or remotely without adversely affecting performance.

Tactical FLEX, Inc. All Rights Reserved. 800-921-2584

4

• Aanval is written in standards-based HTML and JavaScript, which works in every major browser, on any system or device, and is accompanied by a native iPhone and iPad application available in the iTunes App Store.

• Not only browse and search events by IP, port, signature, risk level, protocol, and more—Take control of your data and perform real-time packet payload searching and reporting.

• View attack vectors in real-time using Aanval’s new wide-range of GeoLocation displays. Know the precise location on this planet from where those pesky little attackers are sourcing attacks.

Installs in Minutes

Aanval has been designed from its core outward to support a broad variety of installation environments and be as simple to install as possible.

Downloading and installing Aanval takes only minutes to accomplish. Designed to work with all current Linux, UNIX, and Mac OS X flavors, you can be up, running, and viewing events within quickly.

Additionally, our highly knowledgable product service and support staff is available to assist organizations in implementing Aanval for both testing and production.

View the Aanval Online Demo

Tactical FLEX, Inc. has created a public online demo (limited) of Aanval for prospective users to explore. Visit the link http://demo.aanval.com/aanval/ and use the username “root” and password “demo” to log in.

Tactical FLEX, Inc. All Rights Reserved. 800-921-2584

5

Aanval Customers

With as many as 6,000+ customers protected worldwide, we’ve selected a few organizations to represent Aanval’s success and wide-ranging capabilities.

Since 2003, Tactical FLEX, Inc. has been successfully adopted into nearly every private, public, and government sector.

Our customers, products, and services speak greatly towards our knowledge and experience in deploying security solutions that meet and exceed security, business, and regulatory requirements.

A more extensive list can also be viewed online by visiting www.aanval.com/customers

Technology Corporations

RSA Sony Microsoft

Phillips Lucent HID GLobal

Texas Instruments Google Lexis Nexus

Specialized Corporations

Mercedes-AMG ACS Mckee Foods Corp.

AmeriQuest Transportation Accenture Woolworth’s Limited

Internet and Telecom

Kayak Software Vonage Expedia

Monster Worldwide Verizon Match.com

Health and Biotechnology

United BioSource Corp. Covidien Advocate Health Care

Nuclear and Power

Basin Electric Power Cooperative Idaho National Laboratory Tucson Electric Power

Government

Lockheed Martin IRS FAA

US Naval Academy NASA AAFES

Israeli Defense Force US Navy SPAWAR

US Department of Defense US Army GE Aviation

Tactical FLEX, Inc. All Rights Reserved. 800-921-2584

6

Canadian Defense Force US Air Force Rockwell Collins

Australian Department of Defense Canadian Space Agency General Dynamics

US Dept. of Homeland Security New Zealand Defense Force US Department of Energy

Finance and Legal

Compass Bank Countrywide Financial Sidley Austin LLP

Education

Harvard University Carnegie Mellon Brown University

University of Notre Dame Vanderbilt University Cornell University

Tactical FLEX, Inc. All Rights Reserved. 800-921-2584

7

Aanval 7 Technology Features

Situational Awareness

New in Aanval v7 is our unique Situational Awareness engine, which provides an in-depth event and architecture analysis of the host network.

Situational Awareness allows analysts to quickly ident i fy which specific host devices, services, and approximate areas of the network that are most at risk and which are more likely to be a problem in the future.

Define devices, services, ports, and protocols supported on within your environment and let Aanval build detailed summaries of your networks security posture and current risks.

Tactical FLEX, Inc. is focused on creating new and meaningful methods of automated data analysis to help security departments quickly, efficiently, and accurately identify risk patterns.

False Positive Protection

Aanval includes a powerful event validation engine that performs real-time analyses of events against customizable network, device, and service definitions.

Aanval v7’s event validation engine automatically tags and filters events to help keep the false positives from overpowering true risks, allowing analysts and engineers to focus and get back to protecting the network.

Correlation

Aanval includes a fully integrated event management and attack data correlation engine. Aanval compares and correlates attacks in real-time and provides easy-on-the-eyes charts and visual representations of related attack data across both Snort and syslog sourced data.

Using every detail of a normalized event, Aanval compares events against one another as well as groups of events to identify complex attack patterns or determine if a single attack may or may not be related to larger attacks happening within the same timeframe.

Correlation is performed in both real-time and on-demand, allowing analysts to select an event and see which events may be

Tactical FLEX, Inc. All Rights Reserved. 800-921-2584

8

related.

GeoLocation

Aanval v7 includes a powerful new mapping framework that gives us the ability to do some pretty impressive geolocation plotting. Visualize attack data based on source destination, r i sk leve l , and quant i ty o f events—and all of this plotted on a fully interactive map of the world.

View various geolocation-based displays including our real-time Live GeoLocation display as well as newly updated Frequent Offenders and Frequent Attacks displays.

Know precisely where your network threats originate! Zoom, drag, and hover your mouse for details on both static and real-time geolocation details.

Advanced Displays

Dozens of displays designed to p rov ide ana lys ts w i th near l im i t less v iewing ang les o f a t tack data and cor re la ted events.

Events sorted and graphed by risk, signature statistics, and interactive timelines are only a f e w o f t h e p o w e r f u l n e w features.

Additionally, Aanval also includes powerful IP GeoLocation details to allow analysts to quickly identify attack proximity for complete situational awareness.

Tagging

Aanval v7 brings about the addition of a very powerful event tagging system, which allows users as well as teams to tag events with an unlimited number of keywords that may define various characteristics of an intrusion event.

Default tags are provided and each user can create their own set of custom tags; they can be added to events or through the automated action system as events are imported and normalized. Searching and reporting by tags is supported and tag statistics displays are included as well.

Tactical FLEX, Inc. All Rights Reserved. 800-921-2584

9

Timeline Browser

The analyst’s brain is very much tied to a timeline of events when mitigating an ongoing attack or investigating historical event results.

Aanval includes advanced new timeline-based charts and graphs in addition to our standard sets.

This graphing ability allows an analyst to see data from new angles and identify patterns that may have previously gone unnoticed.

Charts and graphs are JavaScript-based, enabling them to work on all desktop and mobile platforms.

Storage

Significant research and intense development of Aanval v7 brings about the ability to store nearly an unlimited number of events within the console.

As long as disk space is available, event storage continues without affecting performance.

Deployed installations with more than one billion events are not uncommon. Data can be stored locally or remotely and remains easily accessible for searching, reporting, and statistics.

View and Respond to Events in Real-Time

Not only does Aanval process incoming data and make it available in real time, Aanval provides multiple advanced real-time event and statistics displays to help users grasp current security and situational awareness.

Aanval v7 includes significant updates and enhancements to our popular Live Event Monitor.

Advanced Search

Search results and correlation displays, in addition to being extremely powerful, are quick, simple, and efficient.

F ind targeted events us ing specific meta-data criteria as well as perform full clear test searches of al l event f ields including payload data for both Snort and syslog.

Aanval also supports a wide range of custom search keywords to locate events based upon time periods, risk level, relations to one another, and more.

Tactical FLEX, Inc. All Rights Reserved. 800-921-2584

10

Reporting, Charts, and Graphs

A a n v a l ’s r e p o r t i n g s y s t e m utilizes the same advanced core search engine as the primary console. Reporting on selected searches has never been easier and more efficient. All console repo r t s may be d i sp layed , s c h e d u l e d , m a n a g e d , a n d emai led. Reports are made available in common HTML, XML, TEXT, and native console formats. Aanval provides a great balance between raw data and graphical presentation. Charts and graphs, both statistic and real-time animated views, are available in searches, summaries, reports, and dedicated displays. Our charts and graphs are based on industry-standard JavaScript technology, ensuring they are equally and impressively displayed on all desktop and mobile devices.

Snort Signature Management

Aanval supports Snort signatures from any current source including signatures created and deployed by Sourcefire as well as Emerging Threats. Aanval users may create and manage Snort signature policies that can be deployed manually or automatically across single- and multiple-sensor architectures. Aanval allows users to download signature packs directly from snort.org as well as any of the widely available custom signature packs on the Internet.

Automated Actions

Aanval includes a sophisticated criteria-based event action system, which reacts to incoming events in real-time. Our sophisticated actions module is capable of sending emails, generating audio alerts, performing maintenance, and even executing customized shell scripts to do just about anything. Many clients build and deploy advanced action scripts to update firewall rules, generate custom statistics, and even trigger remote operations.

Event Details

Aanval provides a consistent layout for all event details regardless of source (Snort or syslog data). Aanval displays appropriate network layer details, protocols, fully encoded/decoded payload, as well as the signature that triggered the event. External network address lookups can be done with a single click. Tagging events and adding notes are among the various features of the event details display.

Tactical FLEX, Inc. All Rights Reserved. 800-921-2584

11

Download Aanval v7 - Free and Commercial

Free and Commercial in one package. Without commercial licenses, Aanval operates in a free single-sensor mode, allowing one Snort and one syslog sensor to function at length with no time limitations or trial expirations. Aanval is designed to work with every version of Snort available and can process syslog data from any device capable of external logging.

Download Aanval now by visiting http://www.aanval.com/download/.

Aanval 7 Licensing

Each reporting Snort and/or syslog sensor requires a unique license for operation.

Licenses may be purchased separately as well as mixed and matched as required.

Please see https://www.aanval.com/purchase for pricing or contact sales for assistance.

Aanval 7 Requirements

Aanval is supported on all current flavors of Linux, UNIX, and Mac OS X. It requires up-to-date installations of MYSQL, Apache, PHP and Perl to operate.

Aanval is not supported on any Microsoft platforms at this time.

Please see http://www.aanval.com/support for more information on system compatibility and operation requirements.

Tactical FLEX, Inc. All Rights Reserved. 800-921-2584

12

About Tactical FLEX, Inc.

Tactical FLEX, Inc. is a privately owned software development firm based in Seattle, specializing in information security research, engineering, technology design, and production. With the technological development of Aanval, Tactical FLEX, Inc. has become a global provider of information security vulnerability and risk management software solutions that protect businesses and organizations. The firm also provides IT consulting and professional services.

Copyright © 2012 - Aanval® is a product of Tactical FLEX™, Inc. All Rights Reserved. All logos, trademarks, and images are property and copyright of their respective owners. This site and its products are in no way endorsed by or related to any outside entity unless specifically noted.

Corporate Headquarters16710 Smokey Point Blvd., Suite #302Arlington, WA 98223

T 800-921-2584F 501-648-0875

http://www.aanval.com/

sales.group@aanval.com

Tactical FLEX, Inc. All Rights Reserved. 800-921-2584

13

AANVAL® 7 PRODUCT TECHNOLOGY BRIEF

Snort and Syslog Intrusion Detection, Correlation and Threat Management