
AlienVault Vulnerability Assessment
Everything You Need to Accelerate Vulnerability Assessment, Threat Detection, and Incident Response
Network Vulnerability Assessment:
Find the Vulnerabilities on Your Network Before Attackers Do
With network vulnerability assessment, you can find the weak spots in your critical assets and take corrective action before attackers exploit them to sabotage your business or steal your confidental data.
Constant application updates and changes to application and system configurations can introduce vulnerabilities and leave you susceptible to an attack, even if you are keeping your security controls up to date. To keep your data secure, you must continuously scan your systems and devices to detect vulnerabilities as they arise.
Once detected, you must assess the potential threat of those vulnerabilities and prioritize your remediation activities to deal with the greatest threats first. This is no small task, as you must consider multiple factors:
- How business-critical or sensitive is the vulnerable asset?
- Have any intrusions or exploits been attempted on the vulnerable asset?
- How is the vulnerability being exploited by attackers in the wild?
AlienVault Unified Security Management (USM) provides all this information in a single pane of glass, so you can easily perform network vulnerability assessment in your cloud, on-premises, and hybrid environments. It brings together essential security capabilities—asset discovery and inventory, vulnerability assessment, intrusion detection, behavioral monitoring, SIEM, and log management—all in a unified, easy-to-use platform. In addition, continuous threat intelligence, including vulnerability signatures, is delivered directly from AlienVault Labs Security Research Team, backed by the AlienVault Open Threat Exchange (OTX).
Continuously Scan and Monitor Your Environments
- Easily set up network vulnerability assessment scans targeting individual assets, asset groups, or even entire networks
- Schedule vulnerability assessment scans to run automatically at regular intervals so you don’t have to manage your scanning routine manually
- Meet security best practices and regulatory requirements for frequent detection of assets and scanning for vulnerabilities
- See all assets in your environments and where they are most vulnerable
Remediate Your Vulnerabilities Faster
- Use graphically-rich dashboards, pre-built reports, and customizable data views to quickly identify where vulnerabilities exist across your environments
- Review vulnerabilities by their severity, so you can better prioritize your response
- Quickly identify the availability of any patches, reducing the time you would typically need to research how to remediate the risk from the vulnerability
Receive Regular Updates to Vulnerability-Related Threat Intelligence
- Receive continuously updated vulnerability signatures from the AlienVault Labs Security Research Team
- Identify the history of vulnerabilities on assets and the availability of any patches
- Investigate vulnerabilities and threats deeper with links to CVE reports in the Open Threat Exchange (OTX)
Continuously Scan and Monitor Your Environments
Effective network vulnerability assessment demands that you continuously scan and monitor your critical assets. For example, virtualization has simplified the process to spin up new assets in public and private cloud environments, and so it’s easier to miss assets that are offline during monthly or quarterly vulnerability scans. If not regularly assessed for vulnerabilities, these assets can drive up your threat exposure and leave you vulnerable to attacks.
AlienVault USM makes continuous network vulnerability assessment a simple yet flexible process. Because the USM platform includes asset discovery and inventory, you always have the most accurate, up-to-date asset inventory against which AlienVault USM can run vulnerability scans.
AlienVault USM supports the following network vulnerability scanning capabilities:
Regularly Scheduled Auto-scanning
Create scans that run daily, weekly, or monthly during your off-peak hours. Automated scanning ensures continuous visibility of your vulnerabilities as your IT landscape changes. You can also re-run scans, modify scanning schedules, or even delete jobs – all from within the AlienVault USM user interface.
Authenticated Scanning
Authenticated scans perform vulnerability assessment by using host credentials to investigate your assets, looking for vulnerable software packages, local processes, and services running on the system. For example, with Windows servers, you can monitor registry keys and files, looking for traces of infiltration.
Remediate Your Vulnerabilities Faster
While standalone vulnerability assessment software scans and detects vulnerabilities, it does not give you all the information you need to efficiently prioritize your response. To assess whether a vulnerability requires urgent action or not, you need to know:
- Is the vulnerable asset business critical or does it contain highly sensitive data?
- Is this vulnerability being exploited actively in the wild?
- Has the vulnerability been exploited in your own environment?
To help you answer these questions, and more, the USM platform delivers information on discovered vulnerabilities, how they affect your environment, and more to help you prioritize and accelerate your response. AlienVault USM incorporates essential security capabilities – asset discovery, vulnerability assessment, intrusion detection, behavioral monitoring, SIEM event correlation, and log management – to help you understand your security posture and risk.
Identify Which Vulnerabilities Present the Greatest Risk
AlienVault USM presents the vulnerabilities discovered alongside the software, services, and more of the affected assets. An interactive dashboard shows your most vulnerable assets, vulnerabilities by asset group, a view into the mix of vulnerabilities by their severity (high, medium, and low).
Review Vulnerability History and Patch Information
The USM platform provides details on the history of a vulnerability against each asset, helping identify when the asset first became available, and if an action re-introduced the vulnerability. In addition, information on available patches is provided, saving you from having to research the fixes needed to remediate the risk.
Unified Security Visibility of Assets, Events, and Vulnerabilities
For every vulnerability discovered by AlienVault USM, you can drill down to see affected assets, related vulnerabilities, events, and much more from a single consolidated view.
Network Vulnerability Scanner:
Everything You Need to Accelerate Vulnerability Scanning, Threat Detection, and Incident Response
The dynamic nature of today’s cloud, on-premises, and hybrid network environments requires continuous network vulnerability scanning to defend against the evolving threat landscape. Constant application updates and changes to application and system configurations can introduce vulnerabilities and leave you susceptible to an attack, even if you are keeping your security controls up to date.
AlienVault Unified Security Management (USM) helps you detect and remediate the vulnerabilities in your environment before attackers exploit them. AlienVault USM delivers vulnerability scanning software as part of a unified platform that also includes asset discovery, intrusion detection, behavioral monitoring, SIEM event correlation, and log management.
Stay on Schedule
Deploying and configuring a traditional security solution for network vulnerability scanning can be difficult and time-consuming. Often, IT teams conduct a scan only as a procedural ‘check the box’ measure, either in reaction to an incident or so infrequently that it has almost no measureable impact.
AlienVault USM addresses this pain point by providing a unified and easy-to-use platform that includes both asset discovery and network vulnerability scanning tools. The USM platform makes it simple to schedule regular asset and vulnerability scans, so you can ensure continuous vulnerability assessment without having to manage the process manually.
AlienVault USM allows you to stay aware of your vulnerabilities with these advanced features:
Easy Configuration and Scheduling of Vulnerability Scans
- Easily set up vulnerability assessment scans targeting individual assets, asset groups, or even entire networks
- Schedule vulnerability assessement scans to run automatically at regular intervals so you don't have to manage your scanning routine manually
Intuitive Dashboard and Analytics Interface
- Leverage at-a-glance analysis of top assets and networks affected by discovered vulnerabilities
- Use pre-built reports and customizable data views to organize threats and vulnerabilities by severity, so you can better prioritize your response
Regular Updates to Vulnerability-related Threat Intelligence Delivered
- Receive continuously updated vulnerability signatures from the AlienVault Labs Security Research Team
- Identify the history of vulnerabilities on assets and the availability of any patches
- Investigate vulnerabilities and threats deeper with links to CVE reports in the Open Threat Exchange® (OTX™)
Easy Configuration and Scheduling of Vulnerability Scans
Traditional approaches to network vulnerability scanning and analysis rarely focus on usability and can seem unapproachable by those in IT wearing multiple hats. This leads to frustration, infrequent and inconsistent analysis, and the risk of total project abandonment. Unfortunately, threat actors are all too familiar with this behavior and use it to their advantage by exploiting flaws in new additions to the victim’s environment.
When time and simplicity are of the essence, you need a security solution that automates your network vulnerability scanning, and that accelerates the time to detect and respond to detected vulnerabilities.
AlienVault USM delivers comprehensive vulnerability scanning software plus asset discovery in a single console. AlienVault USM provides rich context on detected vulnerabilities, including historical data on the asset, available patches, and more.
In addition, the USM platform provides easy scheduling of vulnerability scans, allowing you to easily manage your network vulnerability scanning program as well as minimize disruption of critical services during peak time.
Intuitive Dashboard and Analytics Interface
Once you’ve scanned your assets for vulnerabilities, you need to develop a response plan that describes the vulnerabilities and their potential impact to your environment, and then decide which issues to remediate first. Doing this efficiently requires expert knowledge of not only the exploit methods but the affected systems as well.
AlienVault USM's web interface provies a rich, graphical display of vulnerabilities discovered as well as the affected services, systems, and environments. An interactive dashboard shows your most vulnerable assets, vulnerabilities by asset group, a view into the mix of vulnerabilities by their severity (high, medium, and low), and a list of the latest scanning jobs. You can also re-run scans, modify scanning schedules, or even delete jobs – all from within the AlienVault USM user interface.
The data and analytics produced from the network vulnerability scanner contain rich, actionable intelligence, including detailed descriptions of vulnerability, the severity of the vulnerability, the affected software, and the availability of any patches. In most cases, links to references are provided to the CVE detail within the Open Threat Exchange (OTX) for continued research.
Vulnerability Management:
AlienVault Unified Security Management (USM) delivers powerful vulnerability management software for your network and public cloud infrastructure, with all-in-one essential security capabilities and continuous threat intelligence updates from the AlienVault Labs Security Research Team.
Discover Vulnerabilities on Your Critical Assets
Vulnerability management software works to identify the vulnerabilities or “holes” in your critical network and cloud assets, so you can fix them before attackers can exploit them to cause damage or to steal your organization’s data.
New vulnerabilities emerge as your IT landscape evolves, often introduced by system flaws, configuration errors, unauthorized software installs, insecure endpoint devices, delayed software or OS updates, and much more. Thousands of vulnerabilities are discovered every year, requiring never-ending security updates, patches, and other fixes throughout your cloud and on-premises environments.
Like most essential network security work, monitoring your organization’s vulnerability management software can quickly become a full-time job. Yet, most IT teams don’t have dedicated resources who can constantly scan and monitor their environments for vulnerabilities, correlate those vulnerabilities with threat intelligence and real-world attacks, and prioritize and manage remediation as part of a larger IT security program.
But, that’s okay.
AlienVault Unified Security Management (USM) is designed to help IT and security teams to run an efficient threat and vulnerability management program with an all-in-one unified security platform that centrally monitors AWS and Azure clouds as well as physical and virtual network infrastructure.
USM combines five essential security capabilities, including asset discovery and inventory, vulnerability assessment, intrusion detection, behavioral monitoring, and SIEM and log management, all on a single, easy-to-use platform. With it, you can easily manage the entire vulnerability lifecycle across your cloud and on-premises environments, rather than adding vulnerability management software to an unwieldy stack of single-point solutions.
With integrated threat intelligence delivered from AlienVault Labs and the AlienVault Open Threat Exchange (OTX), you can view your vulnerability landscape through the lens of real-world attacks and exploits against vulnerabilities on your critical assets. This allows you to make threat-based decisions about how to respond.
Boost Your Vulnerability Management Program with All-in-One Security Essentials
- Identify assets in your cloud and on-premises environments with built-in asset discovery and inventory tools
- Schedule scans and monitor your assets for new vulnerabilities and weaknesses
- Know which vulnerabilities are actually being exploited with built-in intrusion detection
Align Your Response with Real-world Threat Intelligence from AlienVault Labs and OTX
- Know which of your vulnerabilities are being exploited in real-world attacks and how
- Get the assurance of vulnerability signature updates delivered continually as new vulnerabilities are identified
Manage Every Step of the Vulnerability Lifecycle from a Single Pane of Glass
- Establish a baseline of your security posture with regularly scheduled, automated scans
- Prioritize your response plan to deal with the most critical assets and the biggest threats first
- Validate resolution with a continuous cycle of scanning and remediation verification
Boost Your Vulnerability Management Capabilities with All-in-One Security Essentials
AlienVault USM goes beyond traditional security tools to give you the most complete and accurate view of your vulnerability landscape. It combines five essential security capabilities on a unified platform, so you have all the information you need in one location to manage vulnerabilities and prioritize your response.
Discover What’s Connected to Your Environments
Vulnerability management best practices begin with asset discovery and inventory, one of the five essential security capabilities in USM. Before you can identify the vulnerabilities in your environments, you must look at what’s connected to your infrastructure at any given moment. USM uses multiple advanced technologies to identify your connected assets, as well as the operating systems and services installed on them. Because assets may periodically connect and disconnect from an environment, USM continuously scans for assets, giving you a complete and accurate view of your asset inventory at all times.
Asset discovery and inventory creates a foundation for a solid vulnerability management process and ensures that you can run vulnerability scans on all the discoverable assets in your environments, including network devices, virtualized assets, and even rogue assets that you are not aware of.
Continuously Scan and Monitor Your Assets for Vulnerabilities
AlienVault USM continuously scans and monitors your assets to look for misconfigured or unpatched systems and software, policy violations, malware, and other security issues that can leave your network vulnerable to attacks. With USM, you can easily customize your vulnerability scans in a point-and-click way, selecting the scan frequency, network segments or locations, asset groups, scanning methods, depth of probe, and more. You can schedule scans to run automatically as well as on demand, for example, to validate a recent fix or patch.
Know Which Vulnerabilities are Being Exploited with Intrusion Detection Tools
AlienVault USM leverages a built-in network intrusion detection system (NIDS) and a host intrusion detection system (HIDS) that identify malicious traffic and patterns of behavior in your network environments. In addition, AlienVault USM Anywhere delivers purpose-built cloud intrusion detection, enabling you to detect threats and vulnerabilities in your AWS and Azure cloud environments.
On their own, NIDS, HIDS, and cloud IDS tools work effectively to get your attention when something suspicious or anomalous occurs. But, when used as part of a unified security solution like USM, these tools give you critical information about the vulnerabilities in your environments that are actually under attack. With it, you can take swift action to mitigate the threat and prevent further exploitation of highly targeted vulnerabilities on your critical systems and services.
Manage Every Step of the Vulnerability Lifecycle from a Single Pane of Glass
Attackers look for the easiest way possible to enter your environments. Most often, that entrance is through a known vulnerability that was never properly patched or fixed, effectively leaving the door wide open to intruders.
When a threat occurs, IT and security professionals must look at every step in the vulnerability lifecycle to understand where and why the process failed. There are many reasons why smart organizations fail to fix a vulnerability before it’s exploited –
- The vulnerability emerged between quarterly scans and wasn’t discovered until after it was exploited.
- They did not consider the significance of the vulnerable asset and did not prioritize its remediation accordingly.
- The lag time between the discovery of the vulnerability and the remediation action was too great, allowing an attacker to infiltrate.
- They did not have a way to verify that the patch was completed by a different team responsible for it.
- They did not have a way to validate that the patch correctly resolved the vulnerability.
With AlienVault USM, you can address these challenges and manage every step of the vulnerability lifecycle from a single pane of glass.
USM takes an asset-oriented approach to vulnerability lifecycle management. The all-in-one platform constantly scans your critical infrastructure to identify new assets, so you always have the most complete and accurate asset inventory available for your vulnerability scans. You can run vulnerability scans on specific asset groups, such as assets in scope of compliance requirements or all assets in your home office.
Because USM combines all asset and vulnerability information with threat intelligence from the AlienVault Labs Security Research Team, you can prioritize your vulnerability response activities according to the significance of the vulnerable assets and any real-world exploits, rather than relying solely on a static high-to-low vulnerability scoring system.
For many reasons, it’s not always a best practice to respond immediately to your known vulnerabilities. For example, systems with high availability or low latency requirements cannot readily be taken offline to install a patch. Instead, mitigation becomes the best practice. With USM’s asset-oriented security, you gain the assurance of having complete visibility of the vulnerable asset, so you can monitor it closely from all angles to mitigate exploits until a resolution is available.
Finally, USM’s continuous vulnerability scanning capabilities enable you to verify and validate your vulnerability remediation activities in a simple and productive way.