About AlienVault
AlienVault has unified the security products, intelligence and community essential for mid-sized businesses to defend against
today’s modern threats
Agenda
OSSEC capabilities
AlienVault USM capabilities
Demo – See it in action
• Remote OSSEC agent deployment, configuration and management
• Behavioral monitoring of servers and workstations
• Logging and reporting for PCI compliance
• Data correlation with IP reputation data, vulnerability scans and more
• Correlating OSSEC events to detect attacks
OSSEC & AlienVault USM
Learning the Basics…
OSSEC capabilities
Log analysis based intrusion detection
File integrity checking
Registry keys integrity checking (Windows)
Signature based malware/rootkits detection
Real-time alerting and active response
OSSEC Architecture
Agent components:
Logcollectord: Read logs (syslog, WMI, flat files)
Syscheckd: File integrity checking
Rootcheckd: Malware and rootkits detection
Agentd: Forwards data to the server
Server components:
Remoted: Receives data from agents
Analysisd: Processes data (main process)
Monitord: Monitor agents
ASSET DISCOVERY
• Active Network Scanning
• Passive Network Scanning
• Asset Inventory
• Host-based Software Inventory
VULNERABILITY ASSESSMENT
• Continuous
Vulnerability Monitoring
• Authenticated / Unauthenticated
Active Scanning
BEHAVIORAL MONITORING
• Log Collection
• Netflow Analysis
• Service Availability Monitoring
SECURITY INTELLIGENCE/SIEM
• SIEM Event Correlation
• Incident Response
THREAT DETECTION
• Network IDS
• Host IDS
• File Integrity Monitoring
USM Platform
Integrated, Essential Security Controls
AlienVault USM Architecture
Embedded tools:
Asset discovery: Nmap, Prads
Behavioral monitoring: Netflow, Ntop, Nagios
Threat detection: Snort, Suricata, OSSEC
Vulnerability assessment: OpenVas
External collectors:
Syslog
WMI
SDEE
AlienVault Event Correlation
AlienVault USM correlates events from multiple sources, crossing OSSEC alerts with information collected from embedded detectors and external sources.
OSSEC Management Interface
• Status monitor
• Events viewer
• Agents control manager
• Configuration manager
• Rules viewer/editor
• Logs viewer
• Server control manager
• Deployment manager
• Rules viewer/editor
AlienVault USM provides a comprehensive GUI for OSSEC alerts management:
Let’s See It In Action
888.613.6023
ALIENVAULT.COM
CONTACT US
Test Drive AlienVault USM
Download a Free 30-Day Trial
http://www.alienvault.com/free-trial
Try our Interactive Demo Site
http://www.alienvault.com/live-demo-site
Now for some Q&A..
Questions? [email protected]
Twitter : @alienvault