how to solve your top it security reporting challenges with alienvault
TRANSCRIPT
Jeff Olen, Senior Product Manager, AlienVault
Kate MacLean, Senior Product Marketing Manager, Cisco
Sacha Dawes, Principal Product Marketing Manager
Felipe Legorreta, Sales Engineer
How to Solve your Top IT
Security Reporting Challenges
with AlienVault
• Managing your Cybersecurity Risk
• The Necessity, Benefits, and Challenges of IT Security Reporting
• Simplify IT Security Reporting with AlienVault USM Anywhere
• USM Anywhere Live Demo
• Ask Us Questions!
Agenda
3
Managing Your Cybersecurity Risk
Identify
Protect
Detect
Respond
Learn & Adapt
Report
• Identify what and who is in your
environment, and what vulnerabilities exist
• Protect the confidentiality, integrity, and
availability of your information and
systems
• Detect threats and anomalies
• Respond to incidents
• Learn about intrusions and adapt your
protections
• Report that your security controls are in
place, are working, and watch for
anomalies
• Regular/Continuous review of security
controls› Identify trends and anomalies
• Executive / Management reporting› Demonstrate security posture and effectiveness
• Audit Success› Demonstrate controls are in place and operational
IT Security Reporting is NecessaryAssess
RemediateRespond
• Many regulations seek monitoring and report out
against common control objectives, including:
› Asset inventories
› Detected vulnerabilities
› Detected malware & threats
› Failed logon attempts
• Security Frameworks are increasingly being used
as a basis for security and compliance programs
› Ex: NIST CSF has multiple mappings to other
security frameworks such as CIS Controls, NIST
800-53, COBIT, ISO 27001, and more
› Implementation and report out of controls supports
continuous compliance practices
Security Reporting Supports Compliance & Security Best
Practices
Source: LinkedIn Information Security – Threat Monitoring, Detection & Response (2017)
• Requires analysis of events from multiple sources
and solutions
• Different vendor solutions typically have custom log
formats
• Built-in vendor reports typically only provide insight
into that solution
• Even where APIs are available to gather logs,
typically requires programming expertise
IT Security Reporting is Hard
How many staff and different tools are required to
successfully create your IT security reports?
• Aggregating logs into a centralized
location is a necessary first step
• Enables log collection and normalization
from multiple sources
• Precursor for activities including event
correlation
• Facilitates and simplifies reporting for all
your environments, not just by solution
IT Security Reporting Success Requires Log
Management
A Unified Approach to Threat Detection, Incident Response & Compliance Management
Simplify IT Security Reporting with AlienVault USM Anywhere
Unified Security Management (USM) PlatformAlienVault combines five essential security monitoring capabilities for your
cloud and on-premises environments, and cloud applications, in a unified
platform for today’s resource-constrained organizations.
Supports Continuous Security MonitoringUSM Anywhere constantly monitors your environment with capabilities that
support continuous security monitoring of your environments. Combined with
continuously updated threat intelligence, USM Anywhere provides optimal
threat detection, incident response, and compliance management.
Simplifies and Reduces the Cost of ComplianceSecurity automation and orchestration enables different point solutions to
work together, helping your teams manage incidents more efficiently. Built-in
and customizable views and reports simplify review and compliance reporting.
10
Combines Five Security Essentials
Vulnerability AssessmentKnow where the vulnerabilities are to avoid easy
exploitation and compromise
Incident ResponseEnable discovered threats to be quickly
contained and/or mitigated
Threat DetectionKnow when anomalies and suspicious activities
happen in your environment
SIEM, Log Management & ReportingAggregate, retain and enable analysis of security event data from
across your network into a HIPAA, PCI DSS & SOC 2 certified
solution
Asset DiscoveryKnow who and what is connected to your cloud and
on-premises environments at all times
Unified Security Management from a
single cloud-based pane of glass
11
Complete Cloud and On-Premises Monitoring
Cloud Sensors On-Premises Sensors
Monitor cloud environments
and applicationsMonitor on-premises virtual
and physical environments
Continuously Updated Threat Intelligence
Threat Intelligence Powered by
AlienVault Labs Security Research
• AlienVault researches emerging threats–so
you don’t have to
• Continuous Threat Intelligence updates built
into your USM Anywhere include:
• Correlation directives
• IDS signatures
• Vulnerability audits
• Asset discovery signatures
• IP reputation data
• Data source plugins & AlienApps
• Incident response guidance
Supplemented by the AlienVault
Open Threat Exchange™ (OTX)
• FREE access to over 14 million threat
indicators contributed daily
• Collaborate with 65,000+ global participants
to investigate emerging threats in the wild
• Subscribe to threat research updates from
other OTX contributors
• Leverage the latest OTX threat intelligence
directly in your AlienVault USM environment
Cloud InfrastructureProductivity Apps IT VirtualizationIT OperationsIT Security
A Growing “Galaxy” of AlienApps
Respond
Automate and orchestrate your
threat responses for efficiency
Monitor
AlienApps collect and enrich
data from your environment
Detect
USM Anywhere uses that data
to detect threats and alerts you
Security Automation & Orchestration
Simplifies and Reduces the Cost of Compliance
• Built-In Reports for PCI & HIPAA
› Malware, Vulnerabilities, Failed Logons, and more
• Reports Covering Key NIST Cybersecurity
Framework (NIST CSF) Functions
› Asset Management, Risk Management, Access
Control, Audit/Log Records Review, Anomalies &
Events, Security Continuous Monitoring, Detection
Processes, and Analysis
• Reports to Review Common Events
› Events by Types of Data Source
› Events by Data Source
• Customizable Views with Hundreds of Available
Fields
Fast, Repeatable Reporting for Compliance & Security Best Practice
Built-In & Customizable Reports
17
How USM Anywhere Works
Hyper-V
VMware
AlienVault Threat
Intelligence
URLs
Malware
Samples
File
Hashes
Domains
IP Addresses
PUBLIC CLOUD
ON-PREMISES
CLOUD APPS
IT’S DEMO TIME!
19
Centrally Monitor
All Your
Environments
Orchestrate & Automate
Your Incident Response
Leverage Integrated
Threat Intelligence
Save Time & Money
with Unified
Essentials
Deploy Fast in the
Cloud or in Your Data
Center
Five Reasons You’ll Love the AlienVault Approach
Questions?
Test Drive USM Anywhere in our Interactive, Online Demo:
Get instant access, no download, no install
https://www.alienvault.com/products/usm-anywhere/demo
Try it for Free in your Environment :
Start detecting threats in less than an hour
https://www.alienvault.com/products/usm-anywhere/free-trial
Review Pricing and Get a Quote:
Multiple tiers available, low annual subscription pricing
https://www.alienvault.com/products/usm-anywhere/pricing