Call a Specialist Today! 844-960-3901

AlienVault IT Compliance Management
Achieve IT Compliance Management and Security Goals Faster with One Unified Solution


Maintain IT Compliance with Continuous Monitoring

Complete IT Compliance & Security Management in a Single Pane of Glass

IT compliance management is often a manual process that requires you to deploy and monitor multiple IT security point products to satisfy regulatory or industry requirements. You also must aggregate data from multiple IT systems into a single view or set of reports to prove to management and auditors that your IT controls are in place and working. While a SIEM or log management tool can help automate that effort, it’s not enough to meet the stringent requirements of today’s widely-accepted regulatory compliance standards, such as PCI DSS, HIPAA, GDPR, and others.

AlienVault Unified Security Management (USM) is a unified solution for complete security and IT compliance management. It combines the essential security technologies needed to demonstrate compliance against today’s most challenging regulatory standards and to continuously monitor your networks, cloud environments, and endpoints—all in a single pane of glass. It combines asset discovery, vulnerability assessment, intrusion detection, behavioral monitoring, endpoint detection and response, file integrity monitoring, orchestrated incident response, SIEM, log management, compliance reporting, and continuous threat intelligence updates.

AlienVault USM breaks through the complexity and expense of having to manage multiple point security solutions, giving today’s resource-limited IT security teams a centralized security and IT compliance solution that’s affordable, easy to use, and can be deployed in as quickly as one day.

Discover how the AlienVault USM platform helps to accelerate and simplify security and IT compliance management:

AlienVault Is Trusted & Verified

AlienVault makes compliance a top priority for your organization and for ours. We have adopted the NIST Cybersecurity Framework (CSF), aligning our security controls and processes with industry-proven security best practices. We use our own USM platform to demonstrate and maintain compliance, working with third-party auditors to regularly test our systems, controls, and processes.

Maintain IT Compliance with Continuous Monitoring

Compliance is never done. Even after the auditors leave, you must continuously maintain your compliance practices, which if performed manually, can consume an overwhelming amount of resources, especially for small IT security teams. Still, failure to stay in compliance can result in substantial fines, along with damage to your company’s reputation or brand.

AlienVault USM makes it simple and automatic to maintain your IT compliance practices between audits, so you can focus on what really matters—keeping your organization secure from the latest threats.

Continuous Asset Discovery & Vulnerability Scanning
To satisfy most regulatory standards, you must maintain visibility of all of your in-scope assets and their vulnerabilities. The AlienVault USM platform continuously scans your environment to dynamically discover all of your cloud and on-premises assets. Internal vulnerability scans run regularly, and you can run an on-demand vulnerability scan of any asset group, for example a PCI CDE asset group.

Automated Log Collection, Analysis, & Event Correlation
AlienVault USM automatically collects, aggregates, and correlates log data from systems, devices, and applications in your cloud and on-premises environments. And, with our lightweight, adaptable AlienVault Agent, you can collect in-depth endpoint data, even as your endpoints move on and off the corporate network. As such, you get full-environment correlation across your cloud, on-premises networks, and endpoints for the most comprehensive security visibility. You’ll automatically be alerted to suspicious and anomalous activities, and very importantly, have full context of the threat, so you can speed investigation. 

Continuous Threat Intelligence Updates from AlienVault Labs
To protect your organization from the latest malware-based threats and vulnerabilities, as mandated by many regulatory compliance standards, you need the up-to-date threat intelligence in your IT compliance management solution. Yet, most organizations simply don’t have the resources to stay ahead of emerging threats. With AlienVault USM, that’s okay. The platform receives continuous threat intelligence updates automatically from the AlienVault Labs Security Research Team. This team scours the global threat landscape and delivers ready-to-use threat intelligence in the form of continually updated correlation rules, new intrusion detection and vulnerability signatures, optimized endpoint queries, up-to-date remediation guidance, and more, in order to combat the latest threats. The platform also receives crowd-sourced threat intelligence from the AlienVault Open Threat Exchange (OTX), a worldwide community of security practitioners and researchers who openly contribute threat data on new attacks as they unfold in real-time in the wild.

Automated Incident Response & Orchestration
Next-generation compliance standards not only mandate that you prevent and detect intrusions in your environment, but also that you respond to incidents quickly and efficiently. AlienVault USM empowers you with proactive endpoint queries, automated response actions, and advanced security orchestration so that when an incident occurs, you can work to immediately contain or otherwise respond to the threat. This orchestration extends to third-party security tools like Palo Alto Networks and Cisco Umbrella, so you can centralize your threat detection and incident response activities in the USM platform.

Compliance-Ready Log Storage
AlienVault USM stores your log data in the AlienVault Secure Cloud. Up to your most recent 90 days of events are searchable in the USM platform, and logs are stored in cold storage for up to one year.  And because the USM platform is certified compliant to widely-accepted compliance standards, including PCI DSS, HIPAA, and SOC 2, you can rely on our secure log storage as you pursue your own certification efforts.

Audit-Ready Compliance ReportingAudit-Ready Compliance Reporting

To meet compliance mandates of PCI DSS, HIPAA, and other regulatory standards, you must demonstrate that you regularly monitor your IT environments and that your IT controls are working. This demands rigorous reporting on your assets, vulnerabilities, and potential threats, which can be very time-consuming if done manually and can slow down or jeopardize your audit process.

Predefined Compliance Reports
AlienVault USM delivers a vast library of “audit-ready” predefined reports for PCI DSS, HIPAA, and NIST CSF, helping you to accelerate your compliance process and be ready faster for your next audit. Also available are reports that facilitate regular review of events from key data sources such as your firewalls, or by key event types such as authentication events. The USM platform gives you centralized visibility of all your cloud and on-premises assets, vulnerabilities, threats, and log data from your firewalls and other security tools, so you always have the most complete and contextual data set at your fingertips.

Save & Export Custom Reports
In addition to predefined reports, AlienVault USM makes it incredibly simple to create custom reports, so you can satisfy the reporting needs of your compliance auditor, your executives, and your board. It provides a highly efficient and fast way to search, filter, and analyze your security-related data. You can save and export any custom search as an HTML or CSV report and add visual data elements, perfect for analyzing trends or presenting an executive-level summary.

Create & Save Custom Data Views
Complementing the predefined and custom reports, the USM platform also gives you the ability to easily create and save custom views on events and alarms, so you can quickly and regularly review data related to a specific threat, user, or system that you want to focus on. You simply select the search terms and data fields you want presented in the view and save it for quick reference at any time.

GDPR Compliance:

Simplify GDPR Compliance Monitoring With A Complete Set of Essential Security Capabilities in a Single Solution

The General Data Protection Regulation (GDPR) requires organizations handling the personal data of European Union citizens to keep that data secure, and it levies big penalties to organizations that fail to comply. Unfortunately, traditional security monitoring solutions may fall short of helping organizations meet GDPR requirements.

AlienVault Unified Security Management® (USM) provides a unified security monitoring and compliance management platform to accelerate GDPR compliance readiness. By integrating multiple capabilities into a single platform, AlienVault USM gives you visibility into your entire security posture and simplifies the compliance process.

GDPR requires organizations to maintain a plan to detect a data breach, regularly evaluate the effectiveness of security practices, and document evidence of compliance. Instead of specific technical direction, the regulation puts the onus on organizations to maintain best practices for data security.

Starting on Day One, AlienVault USM supports GDPR compliance readiness by helping you detect data breaches, monitor data security, and document your compliance readiness. The unified platform centralizes essential capabilities like asset discovery, vulnerability scanning, intrusion detection, behavioral monitoring, SIEM, log management, and threat intelligence updates.

USM Anywhere includes pre-built reporting templates to help you prove compliance with regulatory requirements and adhere to IT security frameworks like ISO 27001 and NIST CSF. While GDPR does not define or prescribe specific reporting requirements, following ISO 27001 can be an effective way to demonstrate that your technical security controls are aligned with globally recognized best practices. Using the ISO 27001 compliance reporting templates in USM Anywhere as a foundation can help you add structure to your GDPR readiness efforts.

AlienVault USM delivers the essential security capabilities you need from GDPR compliance software:

Simplify Security and GDPR Compliance Management with a Unified Platform

  • Shrink your attack surface with asset discovery and vulnerability scanning
  • Detect intrusions and potential data breaches with built-in intrusion detection
  • Prepare for forensic investigation with log retention and management

Detect, Investigate, and Report on Data Breaches

  • Detect breaches quickly with network intrusion detection (NIDS), host intrusion detection (HIDS), and cloud intrusion detection (CIDS)
  • Identify anomalous activity with behavioral monitoring
  • Document compliance readiness with pre-built report templates along with fully customizable reports

Reduce Your Incident Response Time to Minimize Data Exposure

  • Respond to incidents quickly with automated response actions
  • Limit potential data exposure by shortening total time to response

Keep Your Security Plan Up-to-Date with Continuous Threat Intelligence Updates

  • Get the latest threat intelligence, curated by the AlienVault Labs Security Research Team
  • Stay up-to-date with threat intelligence updates continuously delivered to your USM deployment

Simplify Security and GDPR Compliance Management with a Unified Platform

Unlike point solutions that address one aspect of GDPR compliance at a time, AlienVault USM supports a range of compliance functions by integrating five essential security capabilities into one unified solution:

  • Asset Discovery
  • Vulnerability Scanning
  • Behavioral Monitoring
  • Intrusion Detection
  • SIEM & Log Management

AlienVault USM's unified approach gives you complete visibility of your security posture within a single pane of glass, making it simple to demonstrate GDPR security compliance.

With AlienVault USM's asset discovery capabilities, you can create and maintain a complete inventory of the critical assets you need to monitor to comply with GDPR requirements, giving you security visibility of your data protection efforts.

Article 32 requires organizations to take technical steps to ensure data protection, including constantly monitoring the effectiveness of your security plan.

Using AlienVault USM, you can schedule regular vulnerability scans of your critical assets to stay on top of essential patches and minimize your attack surface. In the case of the vulnerability exploited by WannaCry ransomware, for example, vulnerability scans within AlienVault USM would help you identify unpatched systems so you could apply patches or isolate them from essential data.

Built-in intrusion detection capabilities for network-, host-, and cloud-based systems allow you to monitor your entire critical infrastructure for data breaches. Behavioral monitoring helps you identify anomalous activity that could affect your stored data.

In case a breach does occur, AlienVault USM's secure log management capabilities ensure you have the event logs you need to meet the level of forensic investigation GDPR regulation requires.

Efficiently Detect, Investigate, and Report on Data Breaches

To achieve GDPR compliance, you need to demonstrate that you have a plan in place to monitor the critical infrastructure housing the personal data of EU citizens. AlienVault USM provides essential security monitoring capabilities to help you detect, investigate, and report on data breaches within your environments.

Network intrusion detection (NIDS) identifies threats using signature-based anomaly detection, collecting data from your on-premises environments to spot malicious attacks, malware intrusions, and other potential threats to your data.

AlienVault USM Anywhere delivers native cloud intrusion detection capabilities for Azure and AWS, allowing you to detect intrusions within your public cloud environments. USM Anywhere provides visibility into your security posture across your on-premises, public cloud, and private cloud environments, as well as cloud applications like Microsoft Office 365 and Google G Suite.

Host intrusion detection (HIDS) and file integrity monitoring (FIM) provide security visibility at the application layer, allowing you to detect activity such as potential system compromise, rogue processes, and changes to critical configuration files.

When AlienVault USM detects a threat within your environments, it creates an alarm to direct your attention to it, allowing you to respond quickly and limit the scope of a potential intrusion. USM intelligently prioritizes alarms based on the severity of threat, so you know which incidents to respond to first.

You can easily search and filter the log data within AlienVault USM to investigate potential intrusions and access all the information you might need for detailed investigation in the wake of a data breach. Granular search and filtering functions allow you to pivot around selected data for deeper analysis.

Reduce Your Incident Response Time to Minimize Data Exposure

To comply with GDPR regulations, organizations should have a plan in place to detect and respond to a potential data breach to minimize its impact on EU citizens. In the case of an attack or intrusion, a streamlined incident response process can help you respond quickly and effectively to limit the scope of the exposure.

AlienVault USM helps security teams respond to threats quickly by delivering a unified view of each organization's security posture. Instead of wasting time piecing together information from multiple systems, you can take swift, confident action with a centralized view of all your assets, their vulnerabilities, any intrusions or attempts to exploit those vulnerabilities, as well as contextual threat intelligence and remediation guidance.

When an incident occurs, prioritized alarms help you focus on the most important threats first. With detailed event data and incident response templates at your fingertips, it's easy to move quickly from detection to response rather than losing time on basic research.

With USM Anywhere, you can receive alerts via email or Amazon SNS to help you respond immediately to threats affecting your sensitive data.

When a potential intrusion occurs, USM Anywhere allows you to automate incident response actions within USM Anywhere as well as with leading third-party security tools like Cisco Umbrella, Palo Alto Networks, and Carbon Black. For example, if USM Anywhere detects evidence of ransomware like WannaCry, you can shut down or isolate the system and pull in additional data to help you investigate.

With USM Anywhere's automated incident response capabilities, you can eliminate time-consuming manual tasks and move swiftly from detection to response. Shortening your total time to respond limits the potential impact of intrusions, helping you minimize data exposure and meet protection requirements.

Discover How AlienVault USM Supports GDPR Compliance


GDRP Article(s) AlienVault USM Capability Examples of How AlienVault USM Helps
Article 24 (Responsibility of the controller)
Article 25 (Data protection by design and by default)
Article 28 (Processor)
Continuous Monitoring
  • Monitor for indicators of malware-based compromise, such as communication to a known Command & Control (C&C) Server.
  • Monitors successful and failed logon attempts to external applications through Azure Active Directory and Okta, and to Office 365 and G Suite.
  • Monitors user and administrator activities, including access and modification of files and content, in cloud applications such as Office 365 and G Suite.
  • Identify which assets have remote access services running.
  • File Integrity Monitoring (FIM) detects access and modification to files and directories on Windows and Linux systems.
  • Runs regularly scheduled scans to identify new and updated assets and to identify any vulnerabilities on each asset.
  • Continuously updated threat intelligence ensures that the USM platform is operating with the latest correlation directives, vulnerability signatures, reports, guided responses, and more.
  • Identifies recommended patches for discovered vulnerabilities.
  Personal Data Security
  • Monitors for communications with known malicious IP addresses, which could identify exfiltration of data.
  • Monitors for changes to Office 365 policies including Data Leakage Protection (DLP), information management, and more.
  • File Integrity Monitoring (FIM) detects and reports on access and changes to system binaries, content locations, and more.
  Incident Detection
  • Aggregates events from across your on-premises and cloud environments and cloud applications, including Office 365 and G Suite.
  • Uses machine learning and state-based correlation capabilities to detect threats.
  • Classifies threats across a kill-chain taxonomy to inform the threat risk level.
  • Monitors public and dark web sources for the trade of stolen credentials.
  • Built-in notification capabilities enable analysts to be alerted to alarms through email, SMS, Datadog, PagerDuty, and Slack.
  • Customizable and searchable alarm and event views enable fast and simple review of events and detected incidents.
  • Continuously updated threat intelligence from AlienVault Labs and the Open Threat Exchange (OTX) delivers the latest correlation rules and Indicators of Compromise (IoCs) to the USM platform.
  Incident Response
  • With the AlienApp for Forensics and Response, enables automatic forensics tasks to be executed in response to a detected threat.
  • Enable forensics investigation with rich filter, search, and reporting capabilities event and log data.
  • With AlienApps, enables orchestration of manual and automated actions to be executed to contain threats, such as isolating systems from the network or blocking communications with known malicious IP addresses.
Articles 33, 34 (Notification of a personal data breach) SIEM Log Management & Reporting
  • Aggregates events from across your on-premises and cloud environments and cloud applications, including Office 365 and G Suite.
  • Enables rich search of up to 90 days of historic log and event data across normalized and enriched data fields.
  • Built-in and customizable dashboards and reports support regular review and report out of typical searches.
  • Securely archives original log and event data for at least 12 months, supporting longer-term investigations as needed.
Article 35 (Data protection impact assessment) Asset Discovery
  • Built-in asset discovery discovers physical and virtual assets running in on-premises and cloud environments (including AWS, Azure, VMware, Hyper-V).
  • Asset Groups deliver dynamic or analyst-defined grouping of assets, such as business-critical assets, HIPAA assets, PCI CDE assets, Windows assets, and more.
  Vulnerability Assessment
  • Identifies systems susceptible to known vulnerabilities or that may not have antivirus installed and/or operational.
  • Continuously updated threat intelligence from the Open Threat Exchange (OTX) and AlienVault Labs Security Research Team ensures that the USM platform has the latest vulnerability signatures.

HIPAA Compliance:

Simplify and Accelerate HIPAA Compliance and Reporting with One Complete Solution

Any organization that transmits any health information in electronic form, including health plans, healthcare clearing houses, healthcare providers, and business associates of a covered entity, must comply with HIPAA. 

Yet, according to the US Department of Health and Human Services, one of the top issues that organizations have is failure to sufficiently safeguard electronic protected health information. One of the big challenges is the number of security controls that organizations need to deploy, often requiring numerous security point products that are costly to procure and difficult to deploy and manage.

To help you achieve HIPAA compliance, including satisfying the HIPAA Security Rule, you need a HIPAA compliance software solution that is easy to deploy and monitors your critical infrastructure.

AlienVault Unified Security management (USM) delivers a comprehensive threat detection, incident response, and HIPAA compliance management solution for your cloud and on-premises environments that costs less and delivers results in significantly less time than traditional SIEM products.

The AlienVault USM platform delivers multiple security essentials to help you prepare for your next HIPAA audit faster and more easily, and in a single, unified platform:

  • Discover all IP-enabled assets, including OS details, across your on-premises and cloud environments
  • Identify systems with vulnerabilities, understand which assets are high-, medium-, and low risk, and identify any available patches or workarounds
  • Intrusion detection detects threats, including malware and ransomware, that are active in your network with advanced, automatic correlation
  • Identify both successful and failed logon attempts, and monitor user and administrator activities
  • Accelerate incident response with built-in remediation guidance for every alarm, and integrated orchestrated responses that can be manually or automatically executed
  • Collect events from across your on-premises and cloud environments and cloud applications for analysis, and store them for at least 12 months
  • Be assured that you’re protected with continuously updated threat intelligence delivered automatically to the USM platform, including the latest correlation directives, vulnerability assessment signatures, IDS rules, guided threat responses and more
  • Easily report on security controls required for HIPAA requirements with the built-in HIPAA reports, and the ability to create new custom reports and views to meet reporting requirements specific to your organization

Threat Detection for Healthcare Organizations

According to the Identity Theft Resource Center, healthcare organizations suffered 34.5% of breaches identified in 2016. It’s nearly impossible to stop a persistent attacker from penetrating even the most secure environment. Therefore, it’s essential to not only focus on preventing attacks, but also on detecting and responding to attacks as quickly as possible.

AlienVault USM has helped healthcare organizations like Shriners Hospitals, Kaiser Permanente and Novo Nordisk accomplish these key tasks:

  • Identify vulnerabilities on assets that store electronic protected health information (ePHI)
  • Maintain an audit log of who has accessed ePHI, helping meet audit management requirements
  • Identify systems communicating with malicious IPs, a sign of possible compromise
  • Identify and respond to security incidents, including remediation advice for every alert

Threat Detection for Healthcare Organizations

Comprehensive Reporting and Log Management for HIPAA Compliance

HIPAA Part § 164.312 (B) “Audit Controls” states that you must “Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.” AlienVault USM is updated regularly with new compliance reports as these regulatory standards evolve, greatly reducing the time required to assess HIPAA compliance.

HIPAA Part § 164.312 (C) (2) deals with data integrity and requires that any covered organization “Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner.”

The AlienVault USM platform helps entities satisfy this requirement by providing File Integrity Monitoring (FIM) on files as well as Windows registry entries and digitally signed audit logs. The USM platform’s FIM feature performs regular audits on files (ePHI, security configuration, or other sensitive files) to identify any unanticipated or unauthorized changes that could be an attack or create a misconfiguration that opens new vulnerabilities.

To ensure that the logs themselves have not been tampered with, the AlienVault USM platform implements multiple levels of protection of your security data in transit and at rest. This ensures the integrity and confidentiality of your security data, which allows for your logs to be admissible in a court of law.

Comprehensive Reporting and Log Management for HIPAA Compliance

Discover How AlienVault USM Supports HIPAA Requirements


HIPAA Standard HIPAA Requirement Examples of How AlienVault USM Helps
§164.308(a)(1) - Security Management Process
Implement policies and procedures to prevent, detect, contain, and correct security violations.
§164.308(a)(1)(ii)(A) - Risk Analysis

§164.308(a)(1)(ii)(D) - Information System Activity Review
  • Built-in asset discovery discovers assets running on-premises, and in cloud environments (including Azure, VMware, Hyper-V, AWS).
  • Identifies systems susceptible to known vulnerabilities, and ranks them as 'high', 'medium' and 'low' risk to aid prioritization.
  • Identifies patches or workarounds available to vulnerable systems.
  • Identifies where security tools, such as antivirus and firewalls, have been disabled or have failed to start.
  • Monitors access to and attempt to modify system and application binaries, configuration files, log files.
  • Monitors user and administrator activities in cloud environments such as Azure and AWS, and within cloud applications such as Office 365.
  • Continuously updated threat intelligence ensures that USM is operating with the latest correlation directives, vulnerability signatures, IDS rules, reports, guided threat response and more.
  • Aggregates, analyzes and archives logs and events from systems, applications and devices from across your on-premises and cloud environments.
  • Identifies logon success and failures.
  • Identifies privilege escalation attempts.
  • Identifies unauthorized attempts to access or modify key logs.
§164.308(a)(3) - Workforce Security 
Implement policies and procedures to ensure that all members of its workforce have appropriate access to electronic protected health information ..., and to prevent those workforce members who do not have access ... from obtaining access to electronic protected health information.
§164.308(a)(3)(ii)(A) - Authorization and/or Supervision

§164.308(a)(3)(ii)(C) - Termination Procedures
  • Monitor access attempts to critical files and data, and alarm when unauthorized attempts are detected.
  • Capture and monitor all login successes and failures to critical assets, particularly those containing electronic protected health information.
  • Monitor for logon or access attempts from the accounts of users who have been de-provisioned.
§164.308(a)(4) - Information Access Management
Implement policies and procedures to prevent, detect, contain, and correct security violations.
§164.308(a)(4)(ii)(C) - Access Establishment and Modification
  • Captures all user account creation and modification activities.
  • Identifies logon success and failures.
  • Identifies privilege escalation attempts.
§164.308(a)(5) - Security Awareness and Training
Procedures for monitoring log-in attempts and reporting discrepancies
§164.308(a)(5)(ii)(A) - Security Reminders

§164.308(a)(5)(ii)(B) - Protection from Malicious Software

§164.308(a)(5)(ii)(C) - Log-in Monitoring

§164.308(a)(5)(ii)(D) - Password Management
  • Provision for automated updates of USM infrastructure whenever updates are made available.
  • Continuously updated threat intelligence ensures that USM is operating with the latest correlation directives, vulnerability signatures, IDS rules, reports, guided threat response and more.
  • Identifies systems susceptible to known vulnerabilities, or that may not have antivirus installed and/or operational.
  • Identifies indicators of malware-based compromise, and enables orchestrated responses that can be automated or manually invoked to isolate infected systems and block malicious domains.
  • Monitors and stores events from antivirus solutions that could indicate a compromise, or attempt to disable antivirus software.
  • Monitors for changes to Office 365 policies including Information Management, and more.
  • Continuously updated threat intelligence ensures that USM is operating with the latest correlation directives, vulnerability signatures, IDS rules, reports, guided threat response and more.
  • Captures and enables monitoring of logon success and failures to systems, security devices, cloud environments, and more.
  • Identifies where new user and administrator accounts are created and deleted.
  • Monitors public and dark web sources for the trade or communication of stolen credentials.
  • Identifies use of default system accounts on Windows machines.
  • File Integrity Monitoring can detect changes and access to critical system and application files, and Windows Registry entries.
§1164.308(a)(6) - Security Incident Procedures
Implement policies and procedures to prevent, detect, contain, and correct security violations.
§164.308(a)(6)(ii) - Response and Reporting
  • Correlates events to detects threats
  • Generates alarms on threats, classifying them across a kill-chain taxonomy to inform the risk level of that threat.
  • Enables threat investigation and provides context to determine the nature of the threat.
  • Provides recommended incident response guidance to contain or remediate the threat.
  • Enables labels to be applied to alarms.
  • Security orchestration and response capabilities enable manual or automated incident response, driving actions with leading security and IT operations tools including Cisco Umbrella, Carbon Black, Palo Alto Firewalls, and more.
  • Enables creation of incident tickets within popular solutions like ServiceNow, directly from within the USM Anywhere console.
  • Continuously updated threat intelligence ensures that USM is operating with the latest correlation directives, vulnerability signatures, IDS rules, reports, guided threat response and more.
§164.308(a)(7) - Contingency Plan 
Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information.
§164.308(a)(7)(ii)(E) - Applications and Data Criticality Analysis
  • USM Anywhere provides a fault resilient architecture that assures durability of all captured event and log data from your environments.
§164.312(a) - Access Control
Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights.
§164.312(a)(2)(iii) - Automated Logoff

§164.312(a)(2)(iv) - Encryption and Decryption
  • Monitors for changes to Windows Group Policy and Office 365 policies that define automated logoff, session timeout, and access token timeout parameters.
  • Monitors for changes to Windows Registry or application configuration files that define encryption settings for protected health information.
§164.312(b) - Audit Controls
Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.
 
  • Monitors for changes to Office 365 policies including Data Leakage Protection (DLP), information management, and more.
  • File Integrity Monitoring can detect modification attempts to applications or online storage containing electronic protected health information.
  • Unified log collection, review and analysis, with triggered alarms for high risk systems.
§164.312(c)(1) - Integrity
Implement policies and procedures to protect electronic protected health information from improper alteration or destruction.
§164.312(c)(2) - Audit Controls
  • Monitors for changes to Office 365 policies including Data Leakage Protection (DLP), information management, and more.
  • File Integrity Monitoring can detect modification attempts to applications or online storage containing electronic protected health information.
§164.312(e)(1) - Transmission Security 
Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.
§164.312(e)(2)(i) - Integrity Controls
§164.312(e)(2)(ii) - Encryption
  • Discover unauthorized communications, such as between untrusted networks and systems within the cardholder data environment.
  • Monitors for changes to Office 365 policies including Data Leakage Protection (DLP), information management, and more.
  • File Integrity Monitoring can detect modification attempts to applications or online storage containing electronic protected health information.
  • Monitors for changes to Windows Group Policy and Office 365 policies that define automated logoff, session timeout, and access token timeout parameters.
  • Monitors for changes to Windows Registry or application configuration files that define encryption settings for protected health information.

ISO 27001 Compliance:

Quickly Gain Essential Security Controls You Expect from ISO 27001 Compliance Software in One Powerful Product

ISO/IEC 27001 provides guidance for implementing information security controls to achieve a consistent and reliable security program. The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) developed 27001 to provide a worldwide standard for information security.

Achieving ISO 27001 compliance can be challenging for many organizations because of its broad scope, especially for organizations with limited resources. Yet, you can accelerate ISO 27001 information security compliance by simplifying, consolidating, and automating essential security controls for threat detection and incident response.

AlienVault Unified Security Management (USM) does just that. The unified platform delivers multiple essential security capabilities needed to demonstrate ISO 27001 security compliance as well as out-of-the-box reporting templates specifically for ISO 27001. With AlienVault USM, you can be ready for your compliance audit sooner and with greater confidence.

The AlienVault USM platform delivers the essential security management you need for ISO 27001 security compliance, including

Unified Asset Discovery & Vulnerability Assessment

  • Asset discovery & inventory
  • Vulnerability assessment

Continuous Security Monitoring

  • Automated log collection and storage
  • IDS and file integrity monitoring
  • SIEM event correlation

Flexible Security Analytics Dashboards & Reports

  • Pre-built reporting templates for ISO 27001
  • Flexible, customizable data views accelerate audit responses

Unified Asset Discovery and Vulnerability Assessment

A fundamental component of ISO 27001 compliance is creating and maintaining a comprehensive asset inventory. AlienVault USM includes automated asset discovery capabilities that give you full and always up-to-date visibility of the devices that are on your cloud and on-premises environments.

Using this asset inventory, AlienVault USM performs vulnerability assessment and alerts you to the vulnerabilities on those assets that could be exploited by an attacker. With a unified view of your assets and vulnerabilities prioritize by risk severity, you can prioritize your remediation activities to deal with the most severe vulnerabilities or most business‑critical assets first.

In addition, AlienVault USM correlates intrusion detection data from its built‑in IDS capabilities with asset and vulnerability information, so you know which of your vulnerabilities are actively being exploited in your environment.

Continuous Security Monitoring with AlienVault USM

ISO 27001 compliance requires the aggregation of event data from multiple systems into a single view. AlienVault USM delivers the security visibility you need in a single platform – saving you the time and expense of manually aggregating this data.

Because the AlienVault USM platform combines multiple essential security controls, it provides a consolidated view of the information you need to detect policy violations and to reduce time to compliance.

  • Automated log collection and storage consolidates security events from across your cloud and on-premises environments
  • Built-in Intrusion Detection Systems (IDS) detect malicious activity targeting your assets
  • File Integrity Monitoring (FIM) detects changes in critical files on-premises
  • SIEM event correlation alerts you to the active threats against your critical infrastructure

This unified approach allows you to quickly answer the critical questions that are required for ISO 27001 compliance:

  • What are my critical assets and how are they configured?
  • Where are my critical assets located?
  • How is my environment segmented to limit access to these assets?
  • Who (users and machines) has access to these resources?
  • What are the vulnerabilities that affect my compliance status?
  • What constitutes baseline or “normal” activity in my network?
  • Which users are violating policies?
  • What are my privileged users doing?

Demonstrate ISO 27001 Compliance with Pre-Built Reports & Dashboards

Whether to manage the daily monitoring of your environment, to present the state of your security to your management, or to demonstrate to your auditor that your security controls are in place and fully functional, having reporting and data visualization capabilities can save you significant time and effort.

The rich reporting and data visualization features in AlienVault USM make it simple and fast to get the security visibility you need. The platform delivers pre-built reports that map directly to ISO 27001 requirements. You can easily customize and export any of the compliance reports to satisfy an auditor’s specific request.

AlienVault USM includes the following ISO 27001 reports:

ISO 27001 A.6.1.4 Contact with special interest groups
Appropriate contacts with special interest groups or other specialist security forums and professional associations shall be maintained.

ISO 27001 A.8.1.1 Inventory of assets
Assets associated with information and information processing facilities shall be identified and an inventory of these assets shall be drawn up and maintained.

ISO 27001 A.8.1.2 Ownership of assets
Assets maintained in the inventory shall be owned.

ISO 27001 A.8.2.1 Classification of information
Information shall be classified in terms of legal requirements, value, criticality and sensitivity to unauthorised disclosure or modification.

ISO 27001 A.8.2.2 Labeling of information
An appropriate set of procedures for information labelling shall be developed and implemented in accordance with the information classification scheme adopted by the organization

ISO 27001 A.11.2.6 Security of equipment and assets off‑premises
Security shall be applied to off-site assets taking into account the different risks of working outside the organization’s premises.

ISO 27001 A.12.2.1 Controls against malware
Detection, prevention and recovery controls to protect against malware shall be implemented, combined with appropriate user awareness.

ISO 27001 A.12.4.1 Event logging
Event logs recording user activities, exceptions, faults and information security events shall be produced, kept and regularly reviewed.

ISO 27001 A.12.4.2 Linux: Protection of log information
Logging facilities and log information shall be protected against tampering and unauthorized access.

ISO 27001 A.12.4.2 Windows: Protection of log information
Logging facilities and log information shall be protected against tampering and unauthorized access.

ISO 27001 A.12.7.1 Information systems audit controls
Audit requirements and activities involving verification of operational systems shall be carefully planned and agreed to minimize disruptions to business processes.

ISO 27001 A.16.1.2 Reporting information security events
Information security events shall be reported through appropriate management channels as quickly as possible.

ISO 27001 A.16.1.4 Assessment of and decision on information security events
Information security events shall be assessed and it shall be decided if they are to be classified as information security incidents.

ISO 27001 A.18.2.2 Compliance with security policies and standards
Managers shall regularly review the compliance of information processing and procedures within their area of responsibility with the appropriate security policies, standards and any other security requirements.

ISO 27001 A.18.2.3 Technical compliance review
Information systems shall be regularly reviewed for compliance with the organization’s information security policies and standards.

Areas Where AlienVault USM Can Support Adoption of ISO 27001


ISO 27001 Control Objective ISO 27001 Control Examples of How the USM Platform Helps
A.8 - Asset Management
A.8.1 - Responsibility for assets A.8.1.1 - Inventory of Assets
  • Discovers and supports review of changes to asset inventory, including physical and virtual assets running on-premises, and in cloud environments (including Azure, VMware, Hyper-V, AWS)
  • Inventories and support review of changes to the operating systems, software applications, and services running within discovered assets
  • Asset Groups deliver dynamically- or analyst-defined grouping of assets, such as business critical assets, HIPAA assets, PCI assets, Windows assets, and more
A.9 - Access Control
A.9.2 - User Access Management A.9.2.2 - User access provisioning
  • Monitors and logs the provisioning and de-provisioning of user accounts on endpoints, in Office 365 (Azure Active Directory), in G Suite, and in authentication products like Okta
  A.9.2.3 - Management of privileged access rights
  • Monitors and logs successful and failed logon events to assets across your on-premises and cloud environments, as well as to cloud applications including Office 365 and G Suite
  • Monitors and logs successful and failed logon attempts to external applications through Azure Active Directory and Okta, and to Office 365 and G Suite
  • Monitors public and dark web sources for the trade or communication of stolen organizational and select personal credentials (e.g. of key individuals within the organization) that could be used for malicious intent
A.12 - Operations Security
A.12.2 - Protection from malware A.12.2.1 - Controls against malware
  • Identify systems susceptible to known vulnerabilities, or that may not have antivirus installed and/or operational
  • Monitor for indicators of malware-based compromise, such as communication to a known Command & Control (C&C, or C2) Server
  • Continuously updated threat intelligence from the AlienVault Labs Team, and from the AlienVault Open Threat Exchange (OTX), ensures that AlienVault USM has the latest correlation directives and IDS rules to detect malware, and guided threat response to provide context on the attack - saving analysts precious time and allowing them to focus on detecting and responding
A.12.4 - Logging and monitoring A.12.4.1 - Event logging
  • Aggregates events and log data, including user and administrator activity, from across your on-premises and cloud environments, and cloud applications including Office 365 and G Suite
  • File Integrity Monitoring can detect and log access and changes to critical system and application data and configuration files, and to the Windows Registry
  • AlienVault USM Anywhere stores alarms and events in 'hot storage' for up to 90-days, enabling rapid search and inspection, and raw events in 'cold', long-term storage for at least 365 days for offline investigation and evidence
  A.12.4.2 - Protection of log information
  • AlienVault USM Anywhere is attested compliant with PCI DSS, HIPAA, SOC 2, and ISO 27001, demonstrating the necessary controls to assure the confidentiality, integrity, and availability of the service and data
  • File Integrity Monitoring can detect and log access and changes to critical system and application configuration and log files, and to the Windows Registry, detecting any attempt to delete or prevent the processing of log data
  A.12.4.3 - Administrator and operator logs
  • Monitors and logs successful and failed logon events to assets across your on-premises and cloud environments, as well as to cloud applications including Office 365 and G Suite
  • Monitors and logs successful and failed logon attempts to external applications through Azure Active Directory and Okta, and to Office 365 and G Suite
  • Monitor for changes to Office 365 policies such as Data Leakage Protection (DLP), information management, and more
  • Monitors user and administrator activities, including access and modification of files and content, in on-premises and cloud-hosted assets, and in cloud applications such as Office 365 and G Suite
  A.12.4.4 - Clock synchronization
  • Monitor and alarm on Group Policy errors, which could indicate issues or attempts to disable clock synchronization
  • File Integrity Monitoring can detect changes and access to critical system and application configuration files, and Windows Registry entries, which could indicate issues or attempts to disable clock synchronization
A.12.6 - Technical Vulnerability Management A.12.6.1 - Management of technical vulnerabilities
  • Regularly scheduled vulnerability scans Identify known vulnerabilities on assets across your environments, identifying the respective CVE code for the vulnerability, and using the corresponding CVSS score to rank the vulnerability as high, medium or low priority
  • Continuously updated threat intelligence from AlienVault Labs and the AlienVault Open Threat Exchange (OTX) ensures that USM is operating with the latest correlation directives, vulnerability signatures, IDS rules, reports, and guided threat responses
  • Outlines recommended patches for discovered vulnerabilities
A.13 - Communications Security
A.13.1 - Network security management A.13.1.1 - Network controls
  • Monitors and correlates events gathered from network traffic (network IDS, cloud IDS) and network devices (routers, switches, firewalls, and more) to identify anomalous network traffic, such as communication to a known malicious server
  • Classifies threats across a kill-chain taxonomy to inform the risk level of that threatMonitors public and dark web sources for the trade or communication of stolen credentials
  • Continuously updated threat intelligence from AlienVault Labs and the AlienVault Open Threat Exchange (OTX) ensures that AlienVault USM is operating with the latest correlation directives, IDS rules, Indicators of Compromise, guided threat responses and more - saving analysts precious time and allowing them to focus on detecting and responding
A.13.2 - Information transfer
A.13.2.3 - Electronic messaging
  • Monitors for phishing or malware attacks against email services, including Office 365 and G Suite
  • Audit administrator actions, including mailbox creation and deletion, or changing configurations that could disable protection mechanisms such as encryption or data leakage protection
  • Know when users access mailbox folders, purse deleted items, access other mailbox accounts, and more
  • Be alerted to changes to Exchange policies that could let in malware
A.14 - System acquisition, development and maintenance
A.14.1 - Security requirements of information systems A.14.1.2 - Security application services on public networks
  • Monitor and alarm on Group Policy errors, which could indicate attempts to disable local security services and introduce misconfigurations that compromise asset integrity and security
  • File Integrity Monitoring can detect changes and access to critical system and application configuration files, and Windows Registry entries, which could indicate installation of malware or disabling protection mechanisms like two-factor authentication or encryption
  A.14.1.3 - Protection application services transactions
  • Monitors and correlates events gathered from network traffic (network IDS, cloud IDS) and network devices (routers, switches, firewalls, and more) to identify anomalous network traffic, such as communication of transactions and data to a known malicious server
A.16 - Information security incident management
A.16.1 - Management of information security incidents and improvements A.16.1.2 - Reporting information security events
  • Enables creation of different user accounts that grant access the USM console for inspection and review of alarms, events, and reports
  • Built-in notification capabilities enable analysts to be alerted to alarms through email, SMS, DataDog, Slack, and PagerDuty
  • Using the AlienApp for ServiceNow or AlienApp for JIRA, provides ability to manually or automatically generate a ticket within ServiceNow in response to a detected alarm
  A.16.1.4 - Assessment of and decision on information security events
  • Uses machine learning and state-based correlation capabilities to detects threats, and then classifies alarms using a kill-chain taxonomy to inform the risk level of that threat
  • Continuously updated threat intelligence from the AlienVault Labs Team, and from the AlienVault Open Threat Exchange (OTX), ensures that USM is operating with the latest correlation directives and context on those threats to support comprehension and incident response decision making
  A.16.1.5 - Response to information security incidents
  • Continuously updated threat intelligence from the AlienVault Labs Team, and from the AlienVault Open Threat Exchange (OTX), provides recommendations on how to respond to different incident types guided threat response and more
  • With AlienApps, enables orchestrated manual and automated actions to be executed to contain threats, such as open incident tickets in ticketing systems like Jira and ServiceNow, isolating systems from the network using solutions like Carbon Black, and more.
  A.16.1.6 - Learning from information security incidents
  • With the AlienApp for Forensics and Response, enables forensics tasks to be executed manually or automatically in response to a detected threat
  • Provides forensics investigation using rich filter and search capabilities, and reporting, against event and log data that is centrally aggregated and retained from across your on-premises and cloud environments and applications
  A.16.1.7 - Collection of evidence
  • Aggregates events and log data from across your on-premises and cloud environments, and cloud applications including Office 365 and G Suite, into long term log storage
  • Maintains searchable database of events for up to 90-days, with long-term storage of at least 365 days.
A.17 - Information security assets of business continuity management
A.17.1 - Information security continuity A.17.1.2 - Implementing information security continuity
  • AlienVault USM Anywhere is a SaaS service, offered with high availability, to ensure continuity of service that is completely separate from a customer's environment
  • AlienVault utilizes a mix of disaster-tolerant architectures and processes including deployment across availability zones, being hosted in multiple, geographically-separate data centers, and using highly durable storage (99.999999999% durability) for event and log data.
A.18 - Complianc
A.18.1 - Compliance with legal and contractual requirements A.18.1.3 - Protection of records
  • AlienVault USM Anywhere is a SaaS service, offered with high availability, to ensure continuity of service that is completely separate from a customer's environment
  • AlienVault utilizes a mix of disaster-tolerant architectures and processes including deployment across availability zones, being hosted in multiple, geographically-separate data centers, and using highly durable storage (99.999999999% durability) for event and log data.
  • AlienVault USM Anywhere is attested as compliant against several regulatory and cybersecurity standards, including PCI DSS, HIPAA, SOC 2, and ISO 27001.

PCI DSS Compliance:

Simplify and Accelerate PCI DSS Compliance with One Powerful Product

PCI DSS compliance software is a must-have for any organization that handles credit card data or other types of payment card data. Failure to comply can result in PCI DSS penalties and fines imposed daily, and a data breach resulting from non-compliance could cost millions in settlements, legal fees, and loss of reputation.

Yet, many IT security teams struggle to meet the many security technology requirements defined by PCI DSS 3.2. It can be difficult to know which security tools you need to achieve PCI DSS compliance. It doesn’t help that organizations are often racing to get ready for their next, fast-approaching PCI audit.

AlienVault Unified Security Management (USM) delivers everything you need to get ready for your next PCI DSS audit in one affordable, easy-to-use solution. It combines the essential security technologies you need to demonstrate compliance, including asset discovery, vulnerability assessment, log management, file integrity monitoring, and others. It also provides predefined compliance reports out of the box and automatic threat intelligence updates, helping you to stay in compliance with continuous security monitoring.

Unlike other PCI compliance software, it can take as little as one day to fully deploy the AlienVault USM platform for compliance management. You can centralize monitoring of all your on-premises, AWS or Azure cloud, and cloud applications, helping you to achieve PCI DSS compliance faster and ensure continuous security and compliance monitoring of all your environments. The AlienVault USM platform is also certified as PCI DSS compliant, giving you the assurance you need in a security monitoring platform for cloud, on-premises, and hybrid environments.

The AlienVault USM platform delivers multiple security essentials to help you to prepare for your next PCI audit faster and more easily.

Multiple PCI DSS Compliance Must-Haves in One Solution 

  • Asset Discovery and Inventory
  • Vulnerability Assessment
  • Intrusion Detection (IDS)
  • File Integrity Monitoring (FIM)
  • SIEM Event Correlation
  • Log Management & Monitoring
  • PCI DSS Compliance Reporting

Address the Most Challenging PCI DSS Requirements

  • PCI Requirement 5: Protect all systems against malware
  • PCI Requirement 6: Develop and maintain secure systems and applications
  • PCI Requirement 10: Track and monitor all access to network resources and cardholder data
  • PCI Requirement 11: Run vulnerability scans at least quarterly, and after any significant change in your network
  • PCI Requirement 12: Implement an Incident Response Plan

Everything You Need to Demonstrate PCI DSS Compliance in One Solution

The AlienVault USM platform delivers all of the following essential security capabilities in one unified solution for security and compliance management.

Asset Discovery & Inventory

PCI DSS requires you to identify all systems that are in scope of your cardholder data environment (CDE). The AlienVault USM platform automatically discovers and inventories all your critical on-premises and cloud assets. You can define custom PCI asset groups that you can use to run vulnerability scans and reports.

Vulnerability Assessment

A key PCI DSS Control Objective is to 'Maintain a Vulnerability Management Program,' and vulnerability scans are called out in several PCI DSS requirements. The AlienVault USM platform provides internal PCI compliance vulnerability scan capabilities, so you can readily detect vulnerabilities as part of your compliance and security program.

Intrusion Detection

Another PCI requirement is to implement an intrusion detection system (IDS) to monitor traffic at the perimeter of your CDE and at critical points within the CDE. AlienVault takes a multi-layered approach to intrusion detection, providing out-of-the-box network intrusion detection (NIDS), host intrusion detection (HIDS), and cloud intrusion detection.

File Integrity Monitoring

File Integrity Monitoring is called out as a best practice control across several PCI DSS requirements, and is deemed necessary to pass your audit. That’s because changes on critical servers often signal a breach, or a change that could open your system to compromise. The AlienVault USM platform includes file integrity monitoring software (FIM) as part of the unified solution.

SIEM Event Correlation

SIEM event correlation in USM captures all user activities on critical systems, as well as collection and correlation of valid and invalid authentication attempts, so you always know who is trying to access your CDE.

Log Management & Monitoring

Log management, monitoring, and retention are pillars of the AlienVault USM platform. It collects, parses, and analyzes log data from your PCI systems, alerting you to any threats facing your environment and helping you to demonstrate compliance of PCI Requirement 10.

PCI DSS Compliance Reporting

The reporting features in the AlienVault USM platform make it simple and fast to get the visibility you need to demonstrate compliance to an auditor and to maintain continuous security monitoring afterwards. The platform delivers predefined PCI DSS reports out of the box that map directly to common PCI DSS requirements. You can easily customize any of the predefined compliance reports to tailor it to an auditor’s specific request.

PCI DSS Compliance Reporting

Support for Even the Most Challenging PCI DSS Requirements

Malware Protection: PCI DSS Requirement 5
The AlienVault USM platform helps you identify systems susceptible to known vulnerabilities, or that may not have antivirus software installed or operational. Its network, host, and cloud intrusion detection capabilities monitor for indicators of malware-based compromise. When malware is detected, the AlienVault USM platform enables the orchestration of manual or automated responses to isolate infected systems and block malicious domains.

Vulnerability Assessment: PCI DSS Requirements 6 and 11
Out of the box, the AlienVault USM platform provides vulnerability assessment that enables you to find and fix weak spots in your cloud and on-premises environments. Together, AlienVault USM’s asset discovery and vulnerability scanning tools simplify security visibility by unifying the data gathered in asset and vulnerability scans with known vulnerability information. Built-in file integrity monitoring alerts users to changes to critical files that may indicate a breach.

Incident Response Planning: PCI DSS Requirement 12
When an incident happens, make sure the correct response actions happen and that the right people get notified quickly and efficiently. The AlienVault USM platform provides the alerting and notifications you need to stay informed of your security posture 24 x 7 as well as all the relevant security data you need in one location to respond quickly and to mitigate the potential damage of a breach.

In addition, it delivers advanced security orchestration and automated incident response capabilities as a first line of defense. When an incident occurs, orchestration rules can be automatically triggered to take some action to gather additional data to help expedite your investigation and response activities.

Logging and Reporting: PCI DSS Requirement 10
The AlienVault USM platform helps you collect and protect your log records, as well as prove that you’ve done so.

PCI Requirements 10.1 - 10.4 deal with collecting audit logs, tracking access to cardholder systems and data (including failed logon attempts), monitoring actions taken by admins, and identifying any manipulation of audit logs.

The AlienVault USM platform collects log data from your applications, systems, devices, and cloud accounts. The data is parsed and immediately available to search on and run reports to evaluate what actions individual users are taking in your CDE. The AlienVault USM platform timestamps the data, which addresses section 10.4.

Requirement 10.5 requires that audit trails be secured so they cannot be altered.

The AlienVault USM platform supports a “write once, read many” (WORM) approach to prevent raw log data from being modified once they’re written to cold storage.

Requirement 10.6 mandates that you review logs and security events to identify anomalies or suspicious activity.

The AlienVault USM platform aggregates events from your applications, servers, and devices from across your on-premises and cloud environments. Customizable views, built-in and customizable PCI DSS reports, and advanced correlation capabilities simplify the ability to review data, and enable you to regularly monitor for and report out on threats and anomalies. 

Requirement 10.7 mandates that you retain audit history for at least one year, with a minimum of three months immediately available for analysis.

The AlienVault USM platform stores data online for 90 days, so you can easily search and report on it per PCI compliance needs. It provides 12 months of cold storage with the ability to extend your long-term storage capacity.

Activity Alarms Create Rule Cisco Umbrella

Discover How AlienVault USM Supports PCI DSS Requirements


PCI Requirement PCI Sections AlienVault USM Addresses How AlienVault USM Helps
1. Install and maintain a firewall configuration to protect cardholder data. 1.1, 1.2, 1.3
  • Built-in asset discovery provides a dynamically updated inventory of assets across your cardholder data environment, ensuring only authorized endpoints are deployed.
  • Capture events relating to configuration changes on firewalls and routers, including when user accounts get updated.
  • Discover unauthorized communications, such as between untrusted networks and systems within the cardholder data environment.
2. Do not use vendor-supplied defaults for system password and other security parameters. 2.1, 2.2, 2.3, 2.4, 2.6
  • Identify use of default system accounts on Windows machines.
  • File Integrity Monitoring can detect changes and access to critical system and application files, and Windows Registry entries.
  • Identify vulnerabilities such as where an application may have a cryptographic algorithm vulnerability, and recommend if patches or workarounds are available.
  • Identify what services are running, and what ports are open, on systems.
  • Built-in asset discovery provides a dynamically updated inventory of what systems are operational in your environment, and what software is running on each.
  • Discover and monitor assets running on-premises and in cloud environments (including Azure, VMware, Hyper-V, AWS)
3. Protect stored cardholder data 3.6, 3.7
  • Monitor for changes to Office 365 policies, including Data Leakage Protection (DLP), information management, and more.
  • File Integrity Monitoring can detect when SSH or similar cryptographic keys are modified.
  • Unified log review and analysis, with triggered alarms for high risk systems.
4. Encrypt transmission of cardholder data across open, public networks 4.1, 4.3
  • Identify when network traffic goes to unauthorized networks.
  • Identify systems using compromised or insecure protocols that may increase their risk of being attacked.
  • Monitor for changes to Office 365 policies, including Information Management and more.
5. Protect all systems against malware and regularly update antivirus software or programs 5.1, 5.2, 5.3, 5.4
  • Identify systems susceptible to known vulnerabilities, or that may not have antivirus installed and/or operational.
  • Identify for indicators of malware-based compromise, and orchestrate manual and automated actions to isolate infected systems and block malicious domains.
  • Monitor and store events from antivirus solutions that could indicate a compromise, or attempt to disable antivirus software.
  • Monitor for changes to Office 365 policies, including Information Management and more.
6. Develop and maintain secure systems and applications 6.1, 6.2
  • Identify systems susceptible to known vulnerabilities, with systems ranked as 'high,' 'medium,' and 'low' risk vulnerabilities.
  • Identify patches or workarounds available to vulnerable systems.
7. Restrict access to cardholder data by business need to know 7.1, 7.3
  • Identify attempts to access systems using privileged accounts.
  • Identify escalation of privilege attempts.
  • Monitor for changes to Office 365 policies, including Information Management and more.
8. Identify and authenticate access to system components 8.1, 8.2, 8.5
  • Aggregate logs and events from systems, applications, and devices from across your on-premises and cloud environments.
  • Identify attempts to use retired or default user credentials.
  • Monitor and alarm on Group Policy errors.
9. Restrict pysical access to cardholder data N/A
  • Not applicable.
10. Track and monitor all access to network resources and cardholder data 10.1, 10.2, 10.3, 10.4, 10.5, 10.6, 10.7, 10.8
  • Aggregate, analyze, and archive logs and events from systems, applications, and devices from across your on-premises and cloud environments.
  • Identify logon success and failures.
  • Identify privilege escalation attempts.
  • Identify where systems are out of sync with the current time and/or Domain Controller, or for non-typical traffic on port 123.
  • Identify unauthorized attempts to access or modify key logs.
  • Identify where security tools, such as antivirus and firewalls, have been disabled or have failed to start.
  • Captures all user account creation and modification activities.
11. Regularly test security systems and processes 11.1, 11.2, 11.4, 11.5, 11.6
  • Assess systems for vulnerabilities, and where found rank them as 'high', 'medium,' and 'low' risk.
  • Monitor access to and attempt to modify system and application binaries, configuration files, and log files.
  • Monitor user and administrator activities in cloud environments such as Azure and AWS, and within cloud applications such as Office 365.
  • Apply labels to alarms.
  • Generate incident tickets within popular solutions like ServiceNow, directly from within the USM Anywhere console.
12. Maintain a policy that addresses information security for all personnel 12.1, 12.5, 12.8
  • Monitor for changes to Office 365 policies, including Data Leakage Protection (DLP), information management, and more.
  • Monitor all administrative activities through popular authentication and authorization solutions like Azure Active Directory.
  • Monitor network traffic for violations of policy, such as communications that cross your cardholder data environment perimeters.

SOC 2 Compliance:

Streamline Your Audit with One Unified Solution for SOC 2 Compliance

The Service Organization Controls 2 (SOC 2) is a highly-desired certification for any organization that delivers services, including SaaS-delivered solutions. The certification attests that an organization has implemented security controls in line with one or more of the following principles: security, availability, processing integrity, confidentiality, and privacy.

Many IT security teams find it difficult to successfully implement the many IT security controls required to comply with the SOC 2 Security Principle. Procuring each technology can be costly, and then successfully deploying, configuring, and then performing the daily management and monitoring of all the security controls can overwhelm even large security teams. This results in SOC 2 certification being out of reach for many organizations or a very long road (and time) to satisfy each of the Common Criteria.

AlienVault Unified Security Management (USM) is a SOC 2 certified solution that helps you check many of the SOC 2 compliance requirements off your list as you work towards your next SOC 2 audit. In one affordable, easy-to-use solution, AlienVault USM combines the essential security controls you need to demonstrate compliance, including asset discovery, vulnerability assessment, log management, file integrity monitoring, and others. It also provides predefined compliance reports out of the box and automatic threat intelligence updates, helping you to stay in compliance with continuous security monitoring.

Unlike the effort to deploy and manage multiple other security controls solutions, it can take as little as one day to fully deploy the AlienVault USM platform for compliance management. You can centralize monitoring of all your on-premises, AWS or Azure cloud, and cloud applications, helping you to satisfy the common criteria required for SOC 2 compliance faster and ensure continuous security and compliance monitoring of all your environments. In addition to SOC 2, the AlienVault USM platform is also certified as PCI DSS and HIPAA compliant, giving you the assurance you need in a security monitoring platform for cloud, on-premises, and hybrid environments.

AlienVault USM delivers multiple SOC 2 compliance must-have security essentials in one unified solution, to help you to prepare for your next SOC 2 audit faster and more easily.

  • Asset Discovery and Inventory
  • Vulnerability Assessment
  • Threat and Intrusion Detection (IDS) across host, network, and cloud environments
  • File Integrity Monitoring (FIM)
  • Orchestrated Incident Response
  • Log Management
  • Security & Compliance Reports & Views
  • Integrated Threat Intelligence

Everything You Need to Demonstrate SOC 2 Compliance in One Solution
The AlienVault USM platform delivers all of the following essential security capabilities in one unified solution for security and compliance management.

Asset Discovery & Inventory
Understanding what physical and virtual assets exist across your on-premises and cloud environments (including Azure, AWS, VMware and Hyper-V) is the first step to understanding your risk and is recommended to achieve compliance with Common Criteria Controls 3.2 and 4.1 of the SOC 2 Security Principle. The AlienVault USM platform automatically discovers and inventories all your critical on-premises and cloud assets. You can define custom asset groups that you can use to run vulnerability scans and reports.

Vulnerability Assessment
The ability to run quarterly (or more) vulnerability assessments is called out across Common Criteria Controls 3.2, 4.1, 5.8, 6.1 and 7.3 of the SOC 2 Security Principle. The AlienVault USM platform provides internal compliance vulnerability scan capabilities, so you can readily and regularly detect vulnerabilities as part of your compliance and security program.

Threat Detection
Knowing the presence of threats across your infrastructure is a requirement across several Common Criteria Controls. AlienVault takes a multi-layered approach to intrusion detection, providing out-of-the-box network intrusion detection (NIDS), host intrusion detection (HIDS), and cloud intrusion detection. Advanced event correlation compares anomalies and detected threats against the known state of your environment to generate relevant alarms while reducing false positives.

File Integrity Monitoring
File Integrity Monitoring is a best practice control to identify changes that are unauthorized or that may introduce vulnerabilities and risk to your organization. FIM is a best practice to meet Common Criteria Controls CC5.1, CC6.1, and CC7.4. As part of its host-intrusion detection system, the AlienVault USM platform includes file integrity monitoring (FIM) capabilities that can monitor changes to files, directories, and the Windows Registry.

Orchestrated Incident Response
With cybersecurity, time is not on your side, and with the proliferation of single-point security solutions in the marketplace today, it’s no surprise that IT teams struggle to efficiently monitor the security of their environments and to effectively respond to incidents. The need for an efficient incident response process is outlined in Common Criteria controls CC3.2, CC5.4 and CC6.2 to expedite the mitigation of identified threats and risks to your organization. The AlienVault USM platform integrates orchestrated security response across both internal and external IT security and management tools, such as isolating a system infected by malware from the network. These responses can be initiated manually or automatically in response to detected threats, dramatically reducing the time to respond and minimizing any risk exposure.

Log Management
The ability to collect events and logs from across your servers, services, and applications, and to consolidate them centrally for storage and analysis is a security best practice and is central to the log management capability of the AlienVault USM platform. It collects, parses, and analyzes log data from your on-premises and cloud environments, facilitates analysis and correlation to detect threats, and dramatically simplifies trend analysis and forensics investigations.

Security & Compliance Reports & Views
Reports, dashboards, and views are key components to performing day-to-day monitoring of your environment, presenting status to your management, and demonstrating to an auditor that your security controls are implemented and working. The AlienVault USM platform provides numerous security event, compliance, and security framework reports to support your efforts. Available reports include those for the NIST Cybersecurity Framework (NIST CSF), to which the AICPA has published a mapping that demonstrates how you can adopt NIST CSF to demonstrate SOC 2 Compliance.

Integrated Threat Intelligence
The SOC 2 Security Principle focuses on risk identification and remediation. Yet, to successfully identify and mitigate the risks from cybersecurity threats and vulnerabilities, any security tool (or security professional) needs to know what to look for and then how to mitigate that risk. The AlienVault USM platform is continuously updated with threat intelligence, including correlation directives, threat and vulnerability assessment signatures, report updates, and incident response templates, from AlienVault Labs Security Research Team, backed by the AlienVault Open Threat Exchange (OTX). This ensures that you can detect the latest cybersecurity threats and vulnerabilities quickly, and that the guidance on how to contain and remediate the risk is available to you automatically so that you don’t have to do the research yourself.

Integrated Threat Intelligence

Discover How AlienVault USM Supports SOC 2 Compliance


Control ID and Description Relevant AlienVault Capabilities Examples of How AlienVault USM Helps
CC3.2
The entity designs, develops, and implements controls, including policies and procedures, to implement its risk mitigation strategy
  • Asset Discovery
  • Vulnerability Assessment
  • Threat Detection (Network, Host & Cloud)
  • Incident Response
  • Threat Intelligence
  • Built-in asset discovery discovers physical and virtual assets running on-premises, and in cloud environments (including Azure, VMware, Hyper-V, AWS)
  • Regularly scheduled vulnerability scans identify vulnerabilities on assets across your on-premises and cloud environments
  • Vulnerabilities are ranked as high, medium or low priority to support prioritization for mitigation of risk
  • Uses machine learning and state-based correlation capabilities to detects threats
  • Classifies threats across a kill-chain taxonomy to inform the risk level of that threat
  • Monitors public and dark web sources for the trade or communication of stolen credentials
  • Provides information on recommended patches to identified vulnerabilities
  • AlienApps enables orchestrated manual and automated response actions to be executed to mitigate risks, such as blocking access to and from malicious domains with Cisco Umbrella (formerly OpenDNS), and blocking malicious IP addresses with Palo Alto firewalls
  • Continuously updated threat intelligence from AlienVault Labs and the AlienVault Open Threat Exchange (OTX) ensures that the latest vulnerability detection and remediation information is available within the USM platform
CC4.1
The design and operating effectiveness of controls are periodically evaluated against the Security Principle commitments and requirements, corrections and other necessary actions relating to identified deficiencies are taken in a timely manner
  • Asset Discovery
  • Vulnerability Assessment
  • Threat Intelligence
  • Asset discovery gathers information on deployed assets and controls, including what services are running and ports exposed, and helping to drive insights and monitoring of any shifts from baselines
  • Regularly scheduled vulnerability scans identify where deployed assets, systems, and software may be exposed to increased risk
  • Vulnerabilities are ranked as high, medium or low priority to support prioritization for mitigation of risk
  • Provides information on recommended patches to identified vulnerabilities
  • Continuously updated threat intelligence from AlienVault Labs and the AlienVault Open Threat Exchange (OTX) ensures that the latest vulnerability detection and remediation information is available within the USM platform
CC5.1
Logical access security software, infrastructure, and architecture have been implemented to support
(1) identification and authentication of authorized users;
(2) restriction of authorized user access to system components, or portions thereof, authorized by management, including hardware, data, software, mobile devices, output, and offline elements; and
(3) prevention and detection of unauthorized access
  • Threat Detection (Network, Host & Cloud)
  • File Integrity Monitoring
  • Log Management & Reporting
  • Threat Intelligence
  • Network-, host-, and cloud-intrusion detection to provide continuous monitoring of your on-premises and cloud environments (AWS, Azure, Office 365, G Suite) to detect threats and anomalies, including ransomware and malware
  • Monitors successful and failed logon events to assets across your on-premises and cloud environments, as well as to cloud applications including Office 365 and G Suite
  • Identify changes to Office 365 policies including Data Leakage Protection (DLP), Information Management, Password Management, and more
  • As part of host-intrusion detection, File Integrity Monitoring detects and alerts you to changes and access to critical system and application binaries, configuration files, and Windows Registry entries on your mission critical servers.
  • Continuously updated threat intelligence from AlienVault Labs and the AlienVault Open Threat Exchange (OTX) ensures that the latest threat detection knowledge and correlation rules are available within the USM platform
CC5.3
Internal and external system users are identified and authenticated when accessing the system components (for example, infrastructure, software, and data)
  • Log Management & Reporting
  • Monitors successful and failed logon events to assets by internal and external users, including where authentication and authorization is handled by services like Okta or Azure Active Directory
  • Monitors user and administrator activities, including access and modification of files and content, in cloud applications such as Office 365 and G Suite
CC5.6
Logical access security measures have been implemented to protect against Security Principle threats from sources outside the boundaries of the system
  • Threat Detection (Network, Host, Cloud)
  • Incident Response
  • Threat Intelligence
  • AlienVault USM includes network-, host-, and cloud-intrusion detection to provide continuous monitoring of your on-premises and cloud environments - including AWS, Azure, Office 365, and G Suite - to detect threats and anomalies, including ransomware and malware
  • AlienApps enables orchestrated manual and automated response actions to be executed to mitigate risks, such as blocking access to and from malicious domains with Cisco Umbrella (formerly OpenDNS), and blocking malicious IP addresses with Palo Alto firewalls
  • Continuously updated threat intelligence from AlienVault Labs and the AlienVault Open Threat Exchange (OTX) ensures that the latest vulnerability detection and remediation information is available within the USM platform
CC5.8
Controls have been implemented to prevent or detect and act upon the introduction of unauthorized or malicious software
  • Vulnerability Assessment
  • Threat Detection (Host, Network, Cloud)
  • Threat Intelligence
  • Identify systems susceptible to known vulnerabilities, or that may not have antivirus installed and/or operational.
  • Monitor for indicators of malware-based compromise, such as communication to a known Command & Control (C&C, or C2) Server
  • Continuously updated threat intelligence from AlienVault Labs and the AlienVault Open Threat Exchange (OTX) ensures that the latest vulnerability detection and remediation information is available within the USM platform
CC6.1
Vulnerabilities of system components to security breaches and incidents due to malicious acts, natural disasters, or errors are monitored and evaluated and countermeasures are implemented to compensate for known and new vulnerabilities
  • Asset Discovery
  • Vulnerability Assessment
  • File Integrity Monitoring
  • Threat Intelligence
  • Asset discovery identifies assets, and Asset Groups dynamically group assets, such as all Windows assets, as well as allowing users to define their own asset groups
  • Regularly scheduled vulnerability scans identify vulnerabilities on assets across your on-premises and cloud environments
  • Vulnerabilities are ranked as high, medium or low priority to support prioritization for mitigation of risk
  • Presents availability of recommended patches for discovered vulnerabilities
  • As part of host-intrusion detection, File Integrity Monitoring detects and alerts you to changes and access to critical system and application binaries, configuration files, and Windows Registry entries on your mission critical servers
  • Continuously updated threat intelli
CC6.2
Security incidents, including logical and physical security breaches, failures, concerns, and other complaints, are identified, reported to appropriate personnel, and acted on in accordance with established incident response procedures
  • Threat Detection (Host, Network, Cloud)
  • Incident Response
  • Log Management
  • Uses machine learning and state-based correlation capabilities to detects threats
  • Classifies threats across a kill-chain taxonomy to inform the risk level of that threat
  • Monitors public and dark web sources for the trade or communication of stolen credentials
  • Security analysts can be notified of alarms through email or SMS, or through other applications including ServiceNow, Pager Duty, Slack, and Datadog
  • Alarms can be labelled to help avoid conflicts across teams, and to help identify status of an alarm
  • AlienApps enables orchestrated manual and automated response actions to be executed to mitigate risks, such as blocking access to and from malicious domains with Cisco Umbrella (formerly OpenDNS), and blocking malicious IP addresses with Palo Alto firewalls
  • Powerful search and analysis capabilities permit forensic analysis of aggregated log and event data from a central location
CC7.3
Change management processes are initiated when deficiencies in the design or operating effectiveness of controls are identified during system operation and monitoring
  • Vulnerability Assessment
  • Threat Intelligence
  • Regularly scheduled vulnerability scans identify vulnerabilities on assets across your on-premises and cloud environments
  • Highlights the availability of any recommended patches for discovered vulnerabilities
  • Continuously updated threat intelligence from AlienVault Labs and the AlienVault Open Threat Exchange (OTX) ensures that the latest vulnerability detection and remediation information is available within the USM platform
CC7.4
Changes to system components are authorized, designed, developed, configured, documented, tested, approved, and implemented in accordance with Security Principle commitments and requirements
  • File Integrity Monitoring
  • File Integrity Monitoring capabilities detect and alert you to changes and access to critical system and application binaries, configuration files, and Windows Registry entries on your mission critical servers, so you can verify if a change was authorized or not