AlienVault Industry

Education:

Higher Education Security & Compliance

AlienVault Unified Security Management (USM) delivers an all-in-one solution for higher education security and compliance.

A Comprehensive Threat Detection and Compliance Solution Elegantly Suited for the Higher Education Industry

Higher education institutions are increasingly in the crosshairs of hackers, with security breaches rising dramatically in recent years. Universities and colleges are an enticing target for malicious attacks, given the open nature of campus IT systems and the presence of valuable intellectual property at these institutions.

University information security and compliance presents a difficult challenge for security operators due to the unique nature of universities, with their tradition of openness, their need to maintain the privacy of users, and their particular compliance requirements (such as FERPA compliance).

To address these challenges, you need a security solution that:

• Detects threats quickly
• Gives you complete visibility into your network
• Deploys quickly for fast insights
• Delivers critical compliance capabilities

AlienVault USM is the comprehensive security solution elegantly suited for higher education institutions. USM delivers five essential security capabilities in one platform, giving you everything you need to detect threats, prioritize response, and manage compliance. And with built-in Threat Intelligence delivered by the AlienVault Labs team, USM enables you to detect the latest threats, with AlienVault Labs acting as an extension of your IT team.

AlienVault Unified Security Management (USM) secures your institution with these critical features:

Automated Threat Detection & Response Guidance

• Critical detection capabilities to stay on top of the latest threats
• Dynamic incident response guidance
• Fast deployment enables rapid insights

Comprehensive Compliance Capabilities

• Log retention, management, and analysis for FERPA, HIPAA, and PCI compliance
• Data integration from legacy security tools
• Flexible reporting & dashboard

Integrated Threat Intelligence

• Regular threat intelligence updates accelerate your ability to spot the latest threats
• Pre-built, customizable correlation rules eliminate the need for you to create your own
• Focus on responding to threats rather than researching every alert

Automated Threat Detection & Response

Targeted attacks and security breaches have been rising dramatically at higher education institutions. The presence of valuable intellectual property at these institutions, the high numbers of users bringing their own devices to campus networks, and the susceptibility of student users to phishing scams via social media, all conspire to make higher education an enticing target for bad actors. On top of that, the unique nature of these colleges and universities, with their tradition of openness, their need for international internet connections, and their need to maintain the privacy of users, makes university information security a difficult challenge.

AlienVault USM is the perfect solution to deliver on the security needs of higher education institutions. USM gives you everything you need to monitor your network, detect malicious activity, prioritize risk and respond to threats on day one. USM delivers asset discovery, vulnerability assessment, intrusion detection, behavioral monitoring and security information and event management (SIEM) all in a single application. By building in the essential security capabilities, AlienVault USM significantly reduces complexity and reduces deployment time so that you can go from installation to first insight in about an hour.

Comprehensive Compliance Capabilities

Higher education institutions also need to meet a number of regulatory compliance guidelines, including FERPA, HIPAA, PCI, GLBA and SOX. FERPA compliance is one of the most critical, as it pertains to the privacy of student records. There are a number of elements to FERPA compliance, but a frequently misunderstood area concerns the log requirements. FERPA requires institutions maintain logs of who has authorized access to student records, and mandates requirements around user access to those records. Therefore, as a higher education institution, you need to ensure you have the technologies and procedures in place to provide this log maintenance and access control.

AlienVault USM delivers key capabilities to help you achieve FERPA compliance. USM features a logger as one of its main architectural components which stores log files and other data for extended periods of time. The USM platform also has the ability to digitally sign the logs at the line level, ensuring that the logs you have stored have not been modified since their creation. In addition, USM allows for data integration from legacy security tools to ensure you can meet additional compliance requirements.

USM also offers hundreds of built-in compliance reports for managing your HIPAA, PCI, GLBA, or SOX programs. These reports are automatically updated as asset and vulnerability assessment data changes, and you can quickly customize them based on your own compliance priorities.

Energy Sector Cyber Security & Compliance:

AlienVault Unified Security Management (USM) delivers an all-in-one solution for energy sector cyber security, risk management, and compliance.

A Comprehensive Threat Detection and Compliance Solution for Energy Sector Organizations

Energy sector cyber security & compliance continues to be a challenge for many organizations. Hackers, including both state and non-state actors, are getting more sophisticated in their attacks, making it increasingly difficult to keep up with the latest threats.

Effective energy sector security requires you to protect your critical infrastructure and assets. You need to ensure the uptime of your services, analyze mountains of data, and meet compliance regulations and best practices.

To protect your network, you need a comprehensive security solution that:

• Monitors your assets and infrastructure
• Assesses your vulnerabilities
• Detects threats quickly
• Provides meaningful response guidance
• Deploys quickly for fast insights
• Delivers critical compliance capabilities

AlienVault Unified Security Management (USM) meets all of these needs with five essential security capabilities in one platform. USM provides you with everything you need to detect threats, prioritize response, and manage compliance. Additionally, with built-in Threat Intelligence delivered by the AlienVault Labs team, USM enables you to spend your scarce time mitigating threats instead of researching them.

AlienVault USM secures your energy and utility organization with these critical features:

Complete Visibility Into Your Network

• Critical detection capabilities to stay on top of the latest threats
• Complete vulnerability assessment functionality
• Dynamic incident response guidance

Comprehensive Risk Management and Compliance Capabilities

• Comprehensive security controls and log management for NERC CIP compliance
• Adherence to standard energy sector risk management guidelines
• Flexible reporting & dashboard

Integrated Threat Intelligence

• Regular threat intelligence updates accelerate your ability to spot the latest threats
• Pre-built, customizable correlation rules eliminate the need for you to create your own
• Focus on responding to threats rather than researching every alert

Complete Visibility Into Your Network

Attackers are increasingly targeting the electric grid and other energy sector organizations with new attack methods. These state and non-state actors are often looking for data on electrical grid configurations, or looking to steal user authentication credentials, schematics, or other data about the utility networks. These attackers want to disrupt these operations, steal data, and generally cause damage.

It is difficult for the typical energy sector organization to monitor and defend against these threats, and at the same time ensure the uptime and reliability of services. When managing energy sector security, you are likely dealing with interconnected networks, where one breach can lead to cascading disaster. You need complete visibility into your infrastructure to ensure effective threat detection and response.

AlienVault Unified Security Management (USM) is the ideal solution to deliver energy sector cyber security needs.USM enables you to monitor your network, detect malicious activity, prioritize risk, and respond to threats on day one. USM delivers asset discovery, vulnerability assessment, intrusion detection, behavioral monitoring, and security information and event management (SIEM), all in a single application. By building in the essential security capabilities, AlienVault USM significantly reduces complexity and deployment time so that you can go from installation to first insight in about an hour.

Comprehensive Risk Management and Compliance Capabilities

There are many regulatory mandates for energy sector organizations, ranging from risk management frameworks to specific compliance standards. For example, the National Infrastructure Protection Plan (NIPP) has a risk management framework for organizations across the energy spectrum, with sector-specific plans for each energy sector. In particular, the electricity sector has the Risk Management Process (RMP) Guideline.

Specific to energy utilities, the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standards are specific guidelines to the power industry to ensure reliability and security standards for bulk electric system (BES). Version 5 of the NERC CIP standards has moved this compliance requirement to the front burner for many utility organizations, as virtually all BES facilities are now in scope with at least one of the requirements of NERC CIP.

AlienVault USM delivers critical security capabilities to help you meet standard risk management frameworks. The risk management cycle as defined in the RMP guideline is a comprehensive process that requires organizations to (i) frame risk, (ii) assess risk (including threats and vulnerabilities), (iii) respond to risk once determined, and (iv) monitor risk on an ongoing basis. USM delivers the essential security capabilities to assess and respond to these risks.

AlienVault USM can also help energy utility organizations achieve NERC CIP compliance. USM’s unified approach means you can rely on the built-in security technologies and integrated threat intelligence to help you assess your BES and the impact on each system. USM also offers built-in compliance reports for managing your NERC CIP programs. These reports are automatically updated as asset and vulnerability assessment data changes, and you can quickly customize them based on your own compliance priorities.

Federal:

Unified Security Management for Government

See how AlienVault helps state, local and public sector agencies get full visibility into threats impacting their environment with one simple and affordable solution.

Detect, Analyze & Respond to Today’s Threats

Government cyber security is difficult even in the best of times because of limited budgets, competing priorities, and legacy systems. The AlienVault Unified Security Management™ (USM) platform overcomes these challenges by unifying five essential security capabilities in a single management platform. The AlienVault approach helps your existing IT team secure your networks and improve cyber incident visibility, on day one.

The AlienVault USM platform delivers asset discovery, vulnerability assessment, intrusion detection, behavioral monitoring and security information and event management (SIEM) in a single solution, enabling you to:

• Measure, manage, and report on information security policy and regulatory compliance
• Identify emerging threats targeting your environment quickly and accurately
• Respond faster to incidents and conduct thorough investigations
• Optimize your existing security investments while reducing risk
• Unify essential government network security management

Accelerate threat detection and response

• Detects threats that have evaded perimeter security tools
• Identifies the most significant threats in your network with kill-chain taxonomy

Increase cyber security visibility with integrated threat intelligence

• Extends the security expertise of your IT team
• Delivers context-specific response guidance in every alert

Reduce costs, reduce complexity

• Eliminates need for stand-alone network security products with integrated security controls
• Maximizes effectiveness of existing staff and tools

Improve regulatory and policy compliance

• Monitors continuously for complete security awareness
• Automates and simplifies policy compliance

Accelerate Threat Detection and Response

There is no way to prevent a dedicated, patient attacker from breaching your network. Relying on preventive tools that sit at the network edge is not enough—you need cyber security threat detection inside your network as well.

AlienVault’s USM platform puts built-in, essential security controls and seamlessly integrated threat intelligence, powered by AlienVault Labs, into the hands of government IT teams with limited resources. You can now deploy a single platform that accelerates threat detection and response by showing the most important threats and how to mitigate them, on day one.

AlienVault USM utilizes a Kill Chain Taxonomy, which makes threat detection and prioritization easy. Our Kill Chain Taxonomy allows you to focus your attention on the most important threats by classifying attacks into five categories. It tells your IT team what are the most important threats facing your network right now.

Increase Situational Awareness with Integrated Threat Intelligence

Government agencies with limited IT staff often lack time to research new threats, or access to threat intelligence. This prevents them from being able to keep up with the constantly evolving threat landscape and answer critical questions about threats targeting their network, such as “who, what, why, and how”.

We understand that you lack the budget to hire dedicated security analysts to research data from your point-product security tools. The AlienVault Labs team acts like an extension of your IT team by conducting threat research and publishing weekly updates to the USM correlation rules that sift through the mountains of data in your log files to alert you of critical indicators of compromise.

Reduce Costs, Reduce Complexity

AlienVault USM’s unified approach puts all the security controls you need at your fingertips. Its flexible, open architecture also lets you integrate and correlate events from existing security products into its correlation engine for analysis. This single view accelerates and simplifies your ability to detect and respond to threats while also protecting your investment in legacy security tools.

Eliminating the manual monitoring of security point-products enables you to redeploy personnel to more productive tasks like responding to threats. AlienVault USM lets you make better use of scarce human resources by freeing them from the burden of managing separate security products to execute your cybersecurity strategy.

Improve Regulatory and Policy Compliance

Government agencies must meet a wide array of standards for information security controls and risk management, including DIACAP / DIARMF, DISA STIGs, CNSS 1253, NIST, PCI and more. Your IT team doesn’t have the time or resources to manually manage the network, monitor its security, and measure and report on cyber security policy compliance. USM automates and simplifies these manual processes, putting time back in your team’s day.

AlienVault USM continually monitors and evaluates your security controls, identifies and reports on important audit events, and alerts you to events that require immediate action. You can customize its flexible executive dashboard and reporting engine to demonstrate compliance with the specific standards required for your agency, and built-in reports are provided for many common compliance requirements.

Healthcare Security and Compliance:

AlienVault Unified Security Management (USM) Closes the Gaps in Your Healthcare Security.

Healthcare providers and insurers are faced with a range of challenges when it comes to healthcare data security. Complex regulations such as the Healthcare Insurance Portability and Accountability Act of 1996 (i.e. HIPAA Privacy Rule) and the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009, combined with under-resourced IT teams relying on legacy systems and manual processes, can make compliance with these healthcare information security regulations a seemingly endless struggle.

In addition, because the threat landscape is constantly evolving, healthcare IT security teams must keep up with the latest changes to know of any threats targeting their users, applications, or devices that can ultimately lead to ePHI loss.

Unfortunately, many healthcare organizations assume incorrectly that they are too small to be targeted. However, the range of organizations that fell victim to security breaches in healthcare in the last year demonstrates that organizations of any size are targets.

The threats to healthcare data security are not just external--Verizon’s 2016 Data Breach Incident Report describes healthcare as one of the most affected industries by insider and privilege misuse.

AlienVault’s unified approach provides a unique way to address the challenges of healthcare security and compliance. It helps IT teams with limited resources tackle the lack of security controls, manual monitoring process, and lack of threat intelligence.

AlienVault USM delivers the essential capabilities you need to reduce the cost and frustration of meeting regulatory requirements like HIPAA in the US and Data Protection Directive in the EU.

Essential Security Controls

• Built-in security controls eliminate the need for additional staff to deploy, configure, and maintain separate security controls
• Single console for configuring and managing all security controls

Continuous Monitoring & Analytics

• Correlates and analyzes security events automatically
• Eliminates manual monitoring and analysis

Built-In Threat Intelligence & Response Guidance

• Continuous threat research and updates to security controls
• Response guidance included in every alarm to improve incident response process

Essential Security Controls

The first step for organizations to gain better visibility of their network activity is to deploy additional security controls. There is no single technology that will improve healthcare information security.

Instead, it is a range of technologies deployed on the network and on specific devices that will provide the detailed insight into malicious activity and help achieve regulatory compliance. Unfortunately, IT teams often lack the budget or staff to deploy, configure, and maintain the diverse controls they need, leaving sizeable gaps in their security strategy.

AlienVault’s focus on ease of use and deployment makes it the perfect fit for those healthcare organizations with limited budget and few in-house resources.

AlienVault USM builds in five essential security technologies into the USM platform, all configured and managed from a single console:

• Asset Discovery
• Vulnerability Assessment
• Intrusion Detection
• Behavioral Monitoring
• SIEM (Security Information and Event Management)

Continuous Monitoring and Analytics

Effectively monitoring network activity to detect malicious content and behavior is another essential aspect of healthcare data security, yet many organizations lack the resources to monitor their network and analyze the results.

One obstacle is simply the enormous volume of diverse event data generated in real-time by devices and applications across the network. Manual analysis of the gigabytes of log data for Indicators of Compromise (IoCs) is virtually impossible, yet many healthcare IT teams have no other means with which to try to link events from across the network.

Logs include critical information such as user behavior, data access, system performance, as well as evidence of system compromise and data exfiltration. However, logs vary from system to system or even from version to version on the same system. They are difficult to interpret and are static, fixed points in time, without the full context or sequence of related events.

The AlienVault USM platform solves these problems with its automatic, continuous monitoring and analysis. Its powerful correlation engine is able to link seemingly unrelated events from across your network and tell you what are the most significant threats in your network right now.

The USM platform contains thousands of pre-built correlation directives that continuously analyze event data to identify potential security threats in your network. USM automatically detects and links behavior patterns found in disparate yet related events generated across different types of assets, putting the critical information you need at your fingertips.

MSSP Program:

The AlienVault MSSP partner program is ideal for partners that deliver managed security solutions to SMB and mid-enterprise markets. With its simplicity, reliability, and value, hundreds of MSSPs and MSPs worldwide select AlienVault as the technology of choice to power their managed security offering.

As an AlienVault MSSP Partner, you can:

• Easily and affordably expand your security services portfolio to include Managed Detection and Response (MDR), Threat and Malware Detection, Compliance Management and more—all from a single platform
• Always stay up to date with the latest threat intelligence from AlienVault Labs delivered automatically, continuously to the USM platform
• Drive up profitability with attractive, subscription-based pricing and a “pay-as-your-grow” licensing model
• Tailor your service offerings for your customers’ needs with flexible, scalable deployment options, across cloud and on-premises infrastructures
• Save time and reduce overhead with centralized monitoring and alarm investigation across federated customer deployments
• Accelerate compliance management with pre-built compliance reports for PCI DSS, HIPAA, and more

Increase the Value of Your MSSP Program with AlienVault USM

With AlienVault’s high-value platform, you can deliver critical security services faster and with fewer headcount to realize a rapid ROI, higher margins, higher Average Revenue Per User (ARPU), and a lower TCO. Designed for today’s resource-constrained IT security teams, AlienVault USM is fast to deploy, affordable, and easy to use. With it, you can detect, prioritize, and respond to threats quickly to exceed customer expectations and deliver substantial return on investment.

Common Security Service Offerings from AlienVault MSSPs:

• Managed Detection and Response (MDR)
• Managed SIEM or SIEM-as-a-Service
• Cloud Security Monitoring
• Compliance Management
• Vulnerability Assessment and Remediation
• Log Management, Monitoring, and Archiving

Expand Your Services Catalog with AlienVault

Managed Services

• Managed Detection and Response (MDR)
• SIEM-as-a-Service / Security-as-a-Service
• Cloud Security Monitoring
• Compliance Management
• Vulnerability Assessment and Remediation
• Log Management, Monitoring, and Archiving
  • Security Devices
  • Network Infrastructure
  • Servers & Applications
• Threat Intelligence

Security Device Management Service

• Network Intrusion Detection System (NIDS)
• Host Intrusion Detection System (HIDS)
• Host Configuration Management
• Endpoint Detection and Response (EDR)
• File Integrity Monitoring

Professional Services

• Threat and Malware Detection
• Vulnerability Assessment and Remediation

The Unified Platform that Powers Your Managed Security Offering: AlienVault USM

The AlienVault Unified Security Management (USM) platform is the only security platform that combines essential security capabilities for asset discovery, vulnerability assessment, intrusion detection, incident response, endpoint detection and response, SIEM, and log management. Designed from the ground up to support managed service use cases, AlienVault provides a reliable, highly flexible, scalable deployment models to help managed service providers quickly deploy and centrally monitor their customer environments.

If you are a managed service provider looking for a single unified security solution to offer to your customers as a hosted solution or as a managed service, AlienVault has the right options for you. Ready to get started? See how AlienVault can expand and enhance your service offerings today.

MSSP Program Details

AlienVault Managed Security Service Providers (MSSPs) are granted access to AlienVault’s special subscription-based pricing, allowing you to offer a competitive service to your customers while maintaining low risk and high margins. Our “pay as you grow” licensing model helps you to earn margins sooner on the managed security service(s) you offer to end users. Deploy AlienVault USM in the cloud or on virtual or physical systems, and leverage AlienVault’s federation architecture to deliver the complete security coverage your customers need for continuous security and compliance.

What’s included

• One license to use AlienVault MSSP products as a Managed Service
• One license for USM Central (federation)
• A Not-For-Resale license for one USM Anywhere instance & four USM Anywhere Sensors
• AlienVault Threat Intelligence subscription
• Ongoing Support & Maintenance
• 24x7 Support for Platinum Partners
• Subscription-based licensing model
• An AlienVault Account Manager
• Access to Sales, Marketing, and Educational Resources in the AlienVault Partner Portal

Retail:

Streamlining Retail Cyber Security

AlienVault Unified Security Management (USM) Helps Retailers Detect Cyber Attacks Before Damaged Caused by a Breach

Data breaches continue to occur in the retail industry, in spite of the focus on retail cyber security in recent years. Even with specific data privacy requirements like PCI DSS (Payment Card Industry Data Security Standard) and greater awareness of the need for information security, retailers continue to be targeted.

Retailers face several challenges when attempting to improve their retail cyber security. One of the most significant is the lack of budget to deploy diverse security controls. Smaller retailers usually have the bare minimum: firewalls and anti-virus technologies. These preventative technologies provide limited ability to detect malicious activity within their network.

For retailers, more detection capability is necessary. They need access to more diverse, detection-based security controls to give them broader visibility of malicious activity in their network.

A second challenge is that smaller retailers often also incorrectly assume that because they are not a national or international chain, they are too small to be targeted for attack. Unfortunately, the exact opposite is true—because they are smaller and therefore less likely to have deployed advanced breach detection tools and have large IT teams to monitor those tools, they are actually an easy target. They lack access to enterprise-class technologies like threat intelligence to improve their ability to detect sophisticated cyber attacks.

A third challenge that many retailers face is the misperception that compliance with a standard like PCI DSS means that their networks are secure. Unfortunately, many of the retail networks that suffered data breaches in the last few years have been compliant with industry guidelines or passed audits. Retail IT teams need to monitor their network continuously to detect suspicious or malicious activity before a breach can occur.

AlienVault USM delivers the essential capabilities you need to help you overcome the challenges of retail cyber security. The USM platform is purpose-built to help IT teams with limited resources detect, prioritize, and respond to threats targeting your retail network.

Unifies Essential, Built-in Security Controls

• Contains the built-in security controls you need to detect, prioritize, and respond to malicious activity in your sensitive cardholder or retail network
• Single console provides network-wide visibility and configuration of all security controls
• Eliminates hiring additional staff to deploy, configure, and maintain separate security controls

Acts Like an Extension of Your IT team with Threat Intelligence & Response Guidance

• Continuous threat research and updates to security controls
• Response guidance included in every alarm to improve your team’s incident response process

Delivers Continuous Monitoring & Analytics

• Correlates and analyzes security events from across your network automatically
• Eliminates manual monitoring and analysis, which can cause you to miss sophisticated threats

Unifies Essential, Built-in Security Controls

You can’t rely on just firewalls and anti-virus to provide needed visibility into your network activity. You need to deploy a range of security controls to detect cyber attacks, because there is no single technology that can detect all of the threats targeting your retail network.

We designed the USM platform to give you detailed insight into malicious activity across your network without breaking your budget. It unifies diverse security controls deployed in the network and on specific systems.

This unified approach overcomes the challenge of lack of resources to deploy, configure, and maintain the diverse controls you need. AlienVault’s focus on ease of use and deployment makes it the perfect fit for IT teams to deploy retail cyber security threat detection capabilities.

AlienVault USM builds in five essential security technologies into the USM platform, all configured and managed from a single console:

• Asset Discovery
• Vulnerability Assessment
• Intrusion Detection
• Behavioral Monitoring
• SIEM (Security Information and Event Management)

Delivers Continuous Monitoring & Analytics

Many retail organizations lack the resources or understanding of the need to regularly monitor their network and analyze the results. Yet, because of the highly valuable data within your network, you need to continuously monitor your network activity to detect malicious content and behavior.

The enormous volume of security event data generated in real-time by devices and applications across the network can quickly overwhelm any IT organization. Manual analysis of the gigabytes or terabytes of log data for Indicators of Compromise (IoCs) is virtually impossible, yet many retail data security teams have no way to try to link events from across their network.

The AlienVault USM platform solves this problem with its automatic, continuous monitoring and analysis. Its powerful correlation engine links seemingly unrelated events from across your retail network and alerts you to what the most significant threats are in your retail network, right now.

The USM platform contains thousands of pre-built correlation directives that continuously analyze event data to identify potential security threats in your network. USM automatically detects and links behavior patterns found in disparate yet related events generated across different types of assets, putting the critical information you need at your fingertips.