Archivo de la categoría: Security engineering

AlienVault Unified Security Provides Security Visibility for Amazon EC2

AlienVault today announced its latest 4.1 release, which aims to resolve the biggest challenges associated with traditional SIEM solutions including cost, complexity and difficult deployments. AlienVault Unified Security Management (AV-USM) platform 4.1 simplifies and speeds SIEM deployments and provides intelligent security incident response guidance. AV-USM 4.1 also extends AlienVault’s best-of-breed security monitoring capabilities to Amazon EC2 to enable greater control over hybrid environments.

“Lack of security visibility and control is a primary concern when businesses move workloads to the cloud,” said Russ Spitler, VP of Product Management at AlienVault. “Traditional SIEM solutions are extremely limited in their ability to monitor cloud environments, leaving companies with siloed assets and glaring holes in their security risk posture. By enabling the AV-USM platform to monitor Amazon EC2, AlienVault customers can lower their costs, optimize their IT environments and get security wherever they need it to be, without sacrificing visibility in their own private datacenters or the public cloud.”

New features in the AlienVault Unified Security Management platform 4.1 include:

  • Support for Amazon EC2: “Instant-on” essential security
    capabilities match the elasticity of the EC2 cloud environment and
    enable unified security monitoring whether assets are in the cloud or
    data center.
  • Auto-Deploy: Automatically identifies potential data sources
    upon deployment with integrated discovery capabilities and removes the
    “guesswork” common with traditional SIEM deployments.
  • Dynamic Incident Response Templates: Extends SIEM functionality
    past the alert by providing customized, contextually relevant
    workflow-driven response procedures so that analysts know exactly what
    to do next.
  • Suricata IDS Profile: Provides an alternative to the SNORT IDS
    engine with enhanced threat detection, analysis and performance.

Based on the open source project OSSIM, the AV-USM platform combines more than 30 of the best security technologies and provides security analysts with five essential security capabilities including asset detection, vulnerability assessment, threat detection, behavioral monitoring and security intelligence capabilities in a single, unified solution and management console. The AlienVault Open Threat Exchange™ is the largest community-sourced threat database and intelligence feed, and is built into the AV-USM platform and OSSIM to provide security analysts with real-time collaborative defense.

“Since our business is completely built on IaaS providers, we need to find a way to get reliable security visibility in this environment,” said Fredrick Lee, Lead Security Engineer for Twilio. “A lot of traditional security solutions fall short when facing the challenges of deploying in the cloud. AlienVault USM provides a great way to deploy the security capabilities I find essential – IDS, vulnerability assessment, SIEM – quickly and completely.”

AlienVault has also launched a new documentation portal, the AlienVault Repository of Knowledge (ARK), which complements the support forum and provides access to interactive assets, product documents and how-to videos for the larger OSSIM community.

The latest version of the AlienVault Unified Security Management platform 4.1 is available now.