improve threat detection with ossec and alienvault usm

About AlienVault

AlienVault has unified the security products, intelligence and community essential for mid-sized businesses to defend against

today’s modern threats

Agenda

OSSEC capabilities

AlienVault USM capabilities

Demo – See it in action

• Remote OSSEC agent deployment, configuration and management

• Behavioral monitoring of servers and workstations

• Logging and reporting for PCI compliance

• Data correlation with IP reputation data, vulnerability scans and more

• Correlating OSSEC events to detect attacks

OSSEC & AlienVault USM

Learning the Basics…

OSSEC capabilities

Log analysis based intrusion detection

File integrity checking

Registry keys integrity checking (Windows)

Signature based malware/rootkits detection

Real-time alerting and active response

OSSEC Architecture

Agent components:

Logcollectord: Read logs (syslog, WMI, flat files)

Syscheckd: File integrity checking

Rootcheckd: Malware and rootkits detection

Agentd: Forwards data to the server

Server components:

Remoted: Receives data from agents

Analysisd: Processes data (main process)

Monitord: Monitor agents

ASSET DISCOVERY

• Active Network Scanning

• Passive Network Scanning

• Asset Inventory

• Host-based Software Inventory

VULNERABILITY ASSESSMENT

• Continuous

Vulnerability Monitoring

• Authenticated / Unauthenticated

Active Scanning

BEHAVIORAL MONITORING

• Log Collection

• Netflow Analysis

• Service Availability Monitoring

SECURITY INTELLIGENCE/SIEM

• SIEM Event Correlation

• Incident Response

THREAT DETECTION

• Network IDS

• Host IDS

• File Integrity Monitoring

USM Platform

Integrated, Essential Security Controls

AlienVault USM Architecture

Embedded tools:

Asset discovery: Nmap, Prads

Behavioral monitoring: Netflow, Ntop, Nagios

Threat detection: Snort, Suricata, OSSEC

Vulnerability assessment: OpenVas

External collectors:

Syslog

WMI

SDEE

AlienVault Event Correlation

AlienVault USM correlates events from multiple sources, crossing OSSEC alerts with information collected from embedded detectors and external sources.

OSSEC Management Interface

• Status monitor

• Events viewer

• Agents control manager

• Configuration manager

• Rules viewer/editor

• Logs viewer

• Server control manager

• Deployment manager

• Rules viewer/editor

AlienVault USM provides a comprehensive GUI for OSSEC alerts management:

Let’s See It In Action

888.613.6023

ALIENVAULT.COM

CONTACT US

HELLO@ALIENVAULT.COM

Test Drive AlienVault USM

Download a Free 30-Day Trial

http://www.alienvault.com/free-trial

Try our Interactive Demo Site

http://www.alienvault.com/live-demo-site

Now for some Q&A..

Questions? Hello@AlienVault.com

Twitter : @alienvault