Call a Specialist Today! 800-886-5369

AlienVault Unified Security Management (USM) Anywhere
Powerful Threat Detection and Incident Response for All Your Critical Infrastructure


AlienVault Unified Security Management (USM) Anywhere

AlienVault Products
AlienVault USM Anywhere
AlienVault USM Anywhere
Contact us for Pricing!

Click here to jump to more pricing!

Overview:

AlienVault USM Anywhere delivers powerful threat detection, incident response, and compliance management in one unified platform. It combines all the essential security capabilities needed for effective security monitoring across your cloud and on-premises environments: asset discovery, vulnerability assessment, intrusion detection, endpoint detection and response, behavioral monitoring, SIEM log management, and continuous threat intelligence.

Built for today’s resource-limited IT security teams, USM Anywhere is more affordable, faster to deploy, and easier to use than traditional solutions. It eliminates the need to deploy, integrate, and maintain multiple point security solutions in your data center. A cloud-hosted platform delivered as a service, USM Anywhere offers a low total cost of ownership (TCO) and flexible, scalable deployment options for teams of any size or budget.

With AlienVault USM, you can focus on what matters most — protecting your IT infrastructure against today’s emerging threats.

Multiple Essential Security Capabilities in a Single SaaS Platform

AlienVault USM Anywhere provides multiple essential security capabilities in a single SaaS solution, giving you everything you need for threat detection, incident response, and compliance management—all in a single pane of glass. With USM Anywhere, you can focus on finding and responding to threats, not managing software. An elastic, cloud-based security solution, USM Anywhere can readily scale to meet your threat detection needs as your IT environment changes and grows.

Asset Discovery

  • API-powered asset discovery
  • Network asset discovery
  • Software and services discovery

Vulnerability Assessment

  • Network vulnerability scanning
  • Cloud vulnerability scanning
  • Cloud infrastructure assessment

Intrusion Detection

  • Network Intrusion Detection (NIDS)
  • Cloud Intrusion Detection

Endpoint Detection and Response

  • Host-based Intrusion Detection (HIDS)
  • File integrity monitoring
  • Continuous endpoint monitoring & proactive querying

Behavioral Monitoring

  • Asset access logs
  • Cloud access and activity logs (Azure Monitor, AWS: CloudTrail, CloudWatch, S3, ELB)
  • AWS VPC Flow monitoring
  • VMware ESXi access logs

SIEM & Log Management

  • Event correlation
  • Log management, with at least 12 months log retention
  • Incident response
  • Integrated threat intelligence from the AlienVault Labs Security Team and the AlienVault Open Threat Exchange (OTX)


Detect Threats Anywhere, from a Single Cloud Platform

Detect and respond to threats anywhere they appear - public clouds, on-prem networks, endpoints, SaaS apps, even the dark web. Eliminate blind spots and gain control over shadow IT.

Detect Threats Anywhere, from a Single Cloud Platform

Focus on Actual Threats, Starting on Day One.

46% of users get to security alerts within the first hour.

  • Automated Log Collection
    It's simple. Drop a USM Anywhere sensor or AlienVault Agent anywhere you want to monitor. USM Anywhere will instantly begin to collect, normalize, and parse log data from your environment.
  • Continuous Threat Intelligence
    Free your security teams to investigate actual threats, not noise. We automate threat hunting with continuous threat intelligeence from AlienVault Labs, fueled by 20 Million IOCs shared daily in OTX.
  • Orchestration for Faster Response
    Respond to incidents fast and easily with orchestrated and automated actions towards third-party tools like Cisco Umbrella, Service Now, Slack, Palo Alto Networks, JIRA, and more - integrated out of the box.

Audited and Secure Infrastructure and Processes

At AlienVault, we use AlienVault USM Anywhere to demonstrate and maintain our own continuous compliance, working with third-party auditors to regularly test our systems, controls, and processes. AlienVault is attested as compliant for several regulatory and cybersecurity standards, including PCI DSS, HIPAA, and SOC 2.

  • PCI DSS Level 1 Service Provider
  • Attestation of HIPAA Compliance
  • SOC 2 Type 2 Certified Compliant

With AlienVault USM, you can be assured of a secure, compliant product to monitor your cloud and on-premises environments and cloud applications. You can request a copy of our compliance audit reports from your AlienVault sales representative.

Certified to Secure Your Public Cloud Environments

AlienVault USM Anywhere is certified for monitoring the security of your AWS and Microsoft Azure cloud environments.

Microsoft Azure customers can be assured that their security management needs are met with USM Anywhere. The USM Anywhere Sensor is Microsoft Azure Certified, and can be quickly installed into an Azure subscription via the Azure Marketplace.

An AWS Advanced Technology Partner, AlienVault has achieved the AWS Security Competency, having met rigorous technical requirements and demonstrating real-world success in enabling customers to secure their AWS environments.

Certified to Secure Your Public Cloud Environments

Designed to Keep Your Monitoring Data Secure

AlienVault USM Anywhere implements multiple mechanisms to assure the confidentiality, integrity, and availability of your security monitoring data, both from external and insider threats, and across your cloud, on-premises , and hybrid environments.

Dedicated, Single-Tenant Data Store

Dedicated, Single-Tenant Data Store

Unlike other SaaS-delivered services that use a multi-tenant architecture, AlienVault uses a single-tenant, dedicated data store architecture to securely store your security monitoring data. This assures that your data is completely isolated from other customers’ data, compared to multi-tenancy misconfigurations or failures that can result in data leakage and breakage, and that can affect multiple customer accounts.

Your Security Data Secured in Transit

Your Security Data Secured in Transit

Every USM Anywhere Sensor uses the Transport Layer Security (TLS) protocol to create a secure connection with the USM Anywhere central service. Both your USM Anywhere Service and each of your USM Anywhere Sensors has a unique digital certificate, which are used to securely authenticate one another. Once authenticated, a unique encryption key is created, which then encrypts all security monitoring data sent from the USM Anywhere Sensor to your USM Anywhere service, maintaining its confidentiality and its integrity.

Maintaining the Confidentiality of Your Security Data at Rest

Maintaining the Confidentiality of Your Security Data at Rest

To assure the confidentiality of your security monitoring data at rest, USM Anywhere encrypts both your hot (online) and cold (long-term) storage data using the Advanced Encryption Standard (AES) with a 256-bit encryption key, which is unique to your USM Anywhere service.

Maintaining Data Integrity in Cold Storage

Maintaining Data Integrity in Cold Storage

Any event and log collected by USM Anywhere is stored within compliant-ready and secure “cold storage.” By default, USM Anywhere enables at least 12 months of cold storage, with the ability to extend the long-term storage capacity as needed.

USM Anywhere uses a “write once, read many” (WORM) approach to log storage to prevent log data from being modified or otherwise tampered with. You can download your raw logs at any time by initiating a request from within USM Anywhere. If you ever decide not to renew your contract, your unique encryption key and data are securely destroyed 90 days after your contract expires.


Features:

An All-in-One Platform


Discover

Know what’s connected to your environment at all times.

  • Network asset discovery
  • Software & services discovery
  • AWS asset discovery
  • Azure asset discovery

Detect

Detect threats and suspicious activities early, no matter where or how they appear in your environment.

  • Cloud intrusion detection (AWS, Azure)
  • Network intrusion detection (NIDS)
  • Host-based intrusion detection (HIDS)
  • File integrity monitoring (FIM)
  • Endpoint Detection and Response (EDR)

Asses

Identify the vulnerabilities and configuration issues that expose your organization to risk.

  • Network vulnerability scanning
  • Cloud infrastructure assessment
  • User & asset configuration assessment
  • Dark web monitoring for stolen user credentials

Analyze

Correlate and analyze security events and behaviors that could indicate a compromise or potential breach.

  • SIEM event correlation, auto-prioritized alarms
  • User activity monitoring
  • Cloud access log monitoring (AWS, Azure)
  • AWS VPC flow monitoring
  • Log management (90 days searchable events)
  • Log retention (12 months raw log storage)

Respond

Act swiftly to contain threats and to mitigate impact.

  • Security orchestration and automation (See Integrations)
  • Forensics and incident response
  • Notification channels: email, Slack, DataDog, and Amazon SNS
  • Ticketing integrations with Jira and ServiceNow

Report

Easily produce rich security reports for management and compliance auditors.

  • Pre-built compliance reporting templates
  • Pre-built security event reporting templates
  • Customizable data views, save and export as reports

Highlights:

Centralized Security Monitoring for Your Cloud & On-Premises Environments

AlienVault USM Anywhere gives you powerful threat detection capabilities across your cloud and on-premises landscape, helping you to eliminate security blind spots and mitigate unmanaged shadow IT activities. Even as you migrate workloads and services from your data center to the cloud, you have the assurance of seamless security visibility.

USM Anywhere natively monitors –

  • AWS and Microsoft Azure public clouds
  • Windows and Linux endpoints in the cloud and on premises
  • Virtual on-premises IT on VMware / Hyper-V
  • Physical IT infrastructure in your data center
  • Other on-premises facilities (e.g., offices, retail stores, etc.)
  • Cloud applications like Office 365 and G-Suite

Automated Response Orchestration

USM Anywhere provides advanced security orchestration rules that automate actions and responses according to your needs, making your work more efficient. You can –

  • Reduce alarm “noise” with suppression rules
  • Generate custom alarms based on any parameter
  • Auto-respond to events with orchestration rules
  • Create orchestration rules for third-party apps

Powerful Security Analytics at Your Fingertips

When you centralize security monitoring of all your cloud and on-premises IT environments, you need a highly efficient way to search and analyze large amounts of data from across a complex and dynamically changing IT infrastructure. USM Anywhere provides an intuitive and flexible interface to search and analyze your securityrelated data. With it, you can –

  • Search and analyze your data to find threats and investigate incidents
  • Pivot between assets, vulnerabilities, and event data to pinpoint the data you need
  • Create and export custom data views for compliance-ready reporting

Built Natively in the Cloud for the Cloud

Unlike other legacy security solutions that have been modified to work in the cloud, USM Anywhere is a truly cloud-native security monitoring solution that leverages the unique security elements of public cloud infrastructure. It uses direct hooks into cloud APIs to give you a richer data set, greater control over the security of your cloud infrastructure and SaaS applications, and more immediate visibility across your entire environment within minutes of installation.

Advanced Graph-based Analytics Engine

USM Anywhere takes an enhanced approach to SIEM event correlation that makes security analysis faster, more flexible, and more effective than ever. With our unique, graph-based approach to correlation, you can:

  • Quickly and efficiently run ad-hoc queries on large and complex data sets
  • Enhance correlation by keying off connections between assets, users, and activities and the changes occurring between them

Extended Security Orchestration with AlienApps

USM Anywhere is a highly extensible platform that leverages AlienApps—integrations with third-party security and productivity tools—to extend your security orchestration capabilities. With AlienApps, you can –

  • Extract and analyze data from third-party security applications
  • Visualize external data within USM Anywhere’s rich graphical dashboards
  • Push actions to third-party security tools based on threat data analyzed by USM Anywhere
  • Gain new security capabilities as new AlienApps are introduced into USM Anywhere

USM Anywhere currently ships with out-of-the-box integration with leading security apps, including Cisco Umbrella and Palo Alto Networks to provide data collection and action response orchestration.

How It Works:

Get Complete Security Visibility in Minutes

AlienVault USM Anywhere provides centralized security monitoring for your cloud, on-premises, and hybrid IT environments, including your endpoints and cloud apps like Office 365 and G Suite. With multiple essential security capabilities in one unified platform, USM Anywhere simplifies and accelerates threat detection, incident response, and compliance management for today’s resource-constrained IT security teams.

Delivered as a cloud service, USM Anywhere deploys rapidly and enables you to start detecting threats within minutes. Because there’s no hardware appliance to install or maintain in your data center, you save significant time, resources, and money for an overall low total cost of ownership.

USM Anywhere uses virtual sensors that run on VMware and Microsoft Hyper-V to monitor your on-premises physical and virtual IT infrastructure. In the cloud, lightweight cloud sensors natively monitor Amazon Web Services and Microsoft Azure Cloud. In addition, you can deploy AlienVault Agents on your Windows and Linux endpoints. Security analysis and log storage are centralized in the AlienVault Secure Cloud and provide you with centralized security visibility of your critical infrastructure.

USM Anywhere also receives a continuous stream of threat intelligence updates from the AlienVault Labs Security Research Team, so you always have the latest security intelligence at your fingertips. AlienVault Labs leverages data from the Open Threat Exchange (OTX) — the world’s largest open threat community—to gain expansive intelligence on threats as they appear in the wild.

USM Anywhere Secure Cloud


USM Anywhere Secure Cloud

AlienVault USM Anywhere centralizes threat detection, incident response, and compliance management across all of your environments. A cloud-hosted service, USM Anywhere collects and analyzes log data transferred through the USM Anywhere Sensors and AlienVault Agents over an encrypted connection. Log data is stored long-term in the AlienVault Secure Cloud for compliance and forensics requirements, eliminating the challenges and expense of on-premises log storage.

USM Anywhere Sensors & AlienVault Agents


USM Anywhere Sensors & AlienVault Agents

AlienVault USM Anywhere uses lightweight sensors and endpoint agents deployed in your cloud and on-premises environments to collect and normalize log data and other security-related data. This data is sent to the USM Anywhere service, hosted in the AlienVault Secure Cloud. Each sensor is purpose-built to fully leverage the native data collection methods of each environment: AWS, Azure, and on-premises physical and virtual infrastructure deployed on Hyper-V or VMware. AlienVault Agents collect data from your Windows and Linux endpoints. These are the only components deployed in your environment.

Continuous Threat Intelligence


Continuous Threat Intelligence

AlienVault USM Anywhere receives the latest threat intelligence from the AlienVault Labs Security Research Team. This team constantly analyzes emerging threats and delivers continuous threat intelligence updates automatically to your USM platform, including IDS signatures, correlation rules, endpoint queries, remediation guidance, and more. With integrated threat intelligence, USM Anywhere stays up to date as you monitor your environment for emerging threats — zero effort required.

Flexible Deployment Options for Any Organization

Every organization deserves a strong security posture, regardless of the size of your IT environment or the size of your IT security budget. That’s why AlienVault offers flexible deployment options and pricing that spans the SMB to the Enterprise.

With multiple editions, you can choose the right deployment model to fit your unique requirements. Whether you are a small business starting a security program, a mid-size organization with a mix of on-premises and cloud infrastructure, or a geographically distributed enterprise with multiple sites, AlienVault USM Anywhere provides the flexibility you need.

USM Anywhere’s subscription-based pricing making it affordable for even small IT security teams to get started with a with a low-risk, minimal investment. There’s no need to spend heavily upfront or to oversize the solution for future growth. The platform and pricing tiers readily scale as you grow. Our pricing model is straight forward and gradual, so you can be confident that USM Anywhere will continue to meet your needs as you grow without any sudden or unexpected price spikes.

Deploying AlienVault USM Anywhere is Fast and Easy

USM Anywhere consists of a highly scalable, two-tier architecture to manage and monitor every aspect of your cloud and on-premises security. USM Anywhere Sensors and AlienVault Agents collect and normalize data from your cloud and on-premises environments and securely transfers that data to USM Anywhere for centralized collection, security analysis, threat detection, and compliance-ready log management. The only thing you deploy in your enviroment are Sensors and Agents. AlienVault maintains, secures, and updates USM Anywhere automatically.

From Installation to Security Insights in 3 Simple Steps

  1. Deploy a USM Anywhere Sensor in your cloud or on-premises environment. Enter the first sensor authorization code provided by AlienVault, and then point the sensor to your dedicated USM Anywhere URL.
  2. Log into your USM Anywhere account to deploy and manage AlienVault Agents, run asset discovery and vulnerability scans, and much more.
  3. Start monitoring for threats and malicious activities. From USM Anywhere, you can search and analyze your data, and orchestrate your security responses and alarms.

From Installation to Security Insights in 3 Simple Steps

Data Storage in USM Anywhere

Dedicated, Single-Tenant Data Store
When you send sensitive security-related data to a security monitoring solution in the cloud, you want to ensure that your data is protected and leak-proof. That’s why AlienVault uses a single-tenant data store architecture to securely manage all of our customers’ accounts.

With USM Anywhere, your data is stored in its own dedicated container, which is completely isolated from other customers’ data. Whereas multi-tenancy is prone to data leakage and breakage that can affect multiple customer accounts, especially as SaaS providers scale, single-tenancy ensures that all customers’ data is kept separate and leak-proof. It’s a better architecture for you and for us.

Compliance-Ready Cold Storage
USM Anywhere supports long-term log retention, known as “cold storage.” By default, USM Anywhere enables 12 months of cold storage with the ability to extend your long-term storage capacity. In addition, USM Anywhere supports a “write once, read many” (WORM) approach to prevent log data from being modified. Logs can be readily requested for a specific date range from within USM Anywhere as needed.

Integrated Threat Intelligence for the Best Protection

AlienVault USM Anywhere receives continuous threat intelligence updates from the AlienVault Labs Security Research Team. This dedicated team spends countless hours researching and analyzing the different types of attacks, emerging threats, vulnerabilities, and exploits—so you don’t have to

AlienVault Labs leverages community-sourced threat intelligence from the AlienVault Open Threat Exchange (OTX). OTX is the largest and most authoritative crowd-sourced threat intelligence exchange in the world, providing security for you that is powered by all. Over 80,000 participants from more than 140 countries contribute 20 million threat indicators daily to OTX. AlienVault Labs analyzes raw OTX data with a powerful discovery engine that is able to granularly analyze the nature of the threat, and a similarly powerful validation engine that continually curates the database and certifies the validity of those threats. The result—your USM Anywhere environment uses the the latest emerging threat intelligence to keep your organization secure.

Integrated Threat Intelligence for the Best Protection

Immediate Scalability. No Forklift Upgrades.

USM Anywhere scales with your business needs. You can add or remove software Sensors and Agents, bring on additional cloud services, and scale central log management as your business needs change. The USM Anywhere subscription is based on the monthly raw log ingestion capacity. All of the essential security capabilities are included in the subscription and scale with the system’s capacity.

  • Maximum raw data ingestion per month subscription
  • Subscription tiers for all environment sizes starting at 250GB per month › Support and maintenance included
  • Integrated AlienVault Labs Threat Intelligence included
  • 12 months of cold storage included, with the ability to extend your storage capacity

Steps:

Start Detecting Threats in 5 Easy Steps


Step One: Deploy Lightweight Sensors in Your Environment

To get started with AlienVault Unified Security Management (USM) Anywhere, simply download and deploy a cloud of virtual sensor in your cloud or on-premises environments.

USM Anywhere cloud sensors natively monitor Amazon Web Services and Microsoft Azure Cloud. On-premises, virtual sensors run on VMware and Microsoft Hype-V to monitor your physical and virtual IT infrastructure.

Step One: Deploy Lightweight Sensors in Your Environment

Step Two: Scan Your Environment for Assets & Vulnerabilities

Once your USM sensors are installed and configured, you can begin to monitor your cloud and on-premises environments. From your USM Anywhere account, you can deploy and manage AlienVault Agents, lanuch and schedule regular scans to discover assets, and identify any vultnerabilities on those assets that could be exploited by attackers.

Step Two: Scan Your Environment for Assets & Vulnerabilities

Step Three: Monitor for Threats & Malicious Behavior

As soon as you log in to your USM Anywhere account, you see trends, dashboards, and alarms that simplify and accelerate your threat detection and incident response activities across your critical infrastructure.

USM Anywhere provides centralized security monitoring of your network and endpoints in the cloud and on-premises, so all your security-related data is readily available in a single pane of glass.

Step Three: Monitor for Threats & Malicious Behavior

Step Four: Analyze & Store Log Data in USM Anywhere

USM Anywhere collects, analyzes, and stores security-related log data from your cloud and on-premises infrastructure, including cloud access logs, VPC flow logs, asset access logs, and VMware access logs.

USM Anywhere's advanced Search and Analysis interface allows you to quickly search and filter security-related data in highly granular ways, to pivot on selected data, and to generate compliance-ready custom report views. This makes it faster and easier to investigate incidents and to manage your overall security and compliance needs.

Step Four: Analyze & Store Log Data in USM Anywhere

Step Five: Take Action to Defend Against Emerging Threats

USM Anywhere provides a single point of advanced security analysis, threat detection, incident investigation, and security orchestration.

With built-in Automated Action Response, you can automate your investigation and response activities by launching application actions based on threat data analyzed in USM Anywhere, create custom alarms, and decide when to supress noisy or false-positive alarms.

Step Five: Take Action to Defend Against Emerging Threats


System Requirements:

USM Anywhere Sensors and AlienVault Agent

The AlienVault Agent is a lightweight, adaptable endpoint agent based on osquery that extends the powerful threat detection capabilities of USM Anywhere to the endpoint. It enables endpoint detection and response (EDR), file integrity monitoring (FIM), and rich endpoint telemetry capabilities that are essential for complete and effective threat detection, response, and compliance. You can deploy the AlienVault Agent on your Windows and Linux endpoints in the cloud, on premises, and remote.

AlienVault USM Anywhere Sensors give you deep security visibility into your cloud and on-premises environments. The sensors conduct scans, monitor packets on the networks, and collect logs from assets, the host hypervisor, and cloud environments. This data is normalized and securely sent to USM Anywhere for analysis and correlation.

Sensor Type System Requirements
AWS Sensor t2.large instance in Amazon VPC or m3.large instance in EC2-Classic
12 GB EBS volume for short-term storage as data is processed
Azure Sensor D2 Standard or DS2 Standard
12 GB Data volume
VMware Sensor Total Cores: 4
Ram: 12 GB of memory dedicated to VMware
Storage: 100 GB data device and 50 GB root device (150 GB total) VMware ESXi 5.1 or later
Hyper-V Sensor Total Cores: 4
Ram: 12 GB of memory dedicated to the Hyper-V virtual machine
Storage: 100 GB data device and 50 GB root device (150 GB total) 2012 R2 OS with Hyper-V Manager or System Center Virtual Manager (SCVMM) 2012
Sensor Performance
IDS Throughput (Mbps)2,3 600

Additional sensors can be added to your USM Anywhere by retrieving additional sensor authorization codes from the Deployment UI page. You cannot exceed number of sensors that are included in your subscription, however you are not restricted on which mix of sensors that you use. You can purchase additional sensor licenses as you need.

1 In each environment listed above, internet connectivity to your USM Anywhere instance is required.
2 Actual sensor performance may vary depending on environment, configuration, etc.
3 IDS throughput relates to on-premises network-based IDS. It applies to the VMware and Hyper-V sensor types only.

Editions:


Essentials

Provides the essential security capabilities needed for effective threat detection and response, enabling small IT teams to establish a security and compliance program quickly, easily, and affordably.


  • 15 days of real-time event search
    Search, investigate, and report on your most recent of security data with immediate results.
  • Asset discovery & inventory
    Continually scan your environments to identify all connected assets, software, services and configurations.
  • Vulnerability assessment
    Be alerted to the weak points in your environments that could be exploited, prioritized by potential risk level.
  • Intrusion detection
    Detect anomalous or suspicious activities in your environments that may indicate an intrusion or attack.
  • SIEM event correlation
    Analyze your security events and log data against the latest correlation rules from AlienVault Labs to detect emerging threats.
  • Incident response
    Quickly investigate and respond to threats with critical threat data plus remediation guidance—all in a single pane of glass.
  • Endpoint detection and response
    Detect and respond to advanced endpoint threats, including those designed to evade traditional antivirus tools.
  • Log management
    Securely store your raw log data for compliance and forensics in cold storage for 12 months (extensions available.)
  • Compliance reports
    Easily demonstrate compliance with pre-built compliance reports for PCI, HIPAA, ISO 27001, and NIST CSF. Customize and export with ease.
  • Email alerts
    Never miss another critical security alert with automatic email notifications.
  • Federation ready
    Centralizes security monitoring for distributed architectures with multiple USM Anywhere deployments. (USM Central add-on).

Standard

Ideal for IT security teams that are looking to gain operational efficiency and significantly reduce their time to response through advanced security orchestration, automated incident response, and deep security analysis.

  • 30 days of real-time event search
    Search, investigate, and report on your most recent of security data with immediate results.
  • Asset discovery & inventory
    Continually scan your environments to identify all connected assets, software, services and configurations.
  • Vulnerability assessment
    Be alerted to the weak points in your environments that could be exploited, prioritized by potential risk level.
  • Intrusion detection
    Detect anomalous or suspicious activities in your environments that may indicate an intrusion or attack.
  • SIEM event correlation
    Analyze your security events and log data against the latest correlation rules from AlienVault Labs to detect emerging threats.
  • Incident response
    Quickly investigate and respond to threats with critical threat data plus remediation guidance—all in a single pane of glass.
  • Endpoint detection and response
    Detect and respond to advanced endpoint threats, including those designed to evade traditional antivirus tools.
  • Log management
    Securely store your raw log data for compliance and forensics in cold storage for 12 months (extensions available.)
  • Compliance reports
    Easily demonstrate compliance with pre-built compliance reports for PCI, HIPAA, ISO 27001, and NIST CSF. Customize and export with ease.
  • Email alerts
    Never miss another critical security alert with automatic email notifications.
  • Federation ready
    Centralizes security monitoring for distributed architectures with multiple USM Anywhere deployments. (USM Central add-on).
  • Integrated ticketing & alerting (Service Now, Jira, Slack, Datadog)
    Automate notifications and ticketing workflows with leading third-party software to quickly respond to threats.
  • Orchestration with security tools (such as Palo Alto Networks, Carbon Black, Cisco Umbrella)
    Respond quickly to threats by orchestrating actions with multiple security tools to block malicious IPs, isolate infected endpoints, and more—all from one centralized location.
  • Automated incident response & forensics
    Reduce the time between detection and response by automating repetitive, investigative, and stop-gap incident response actions.
  • Dark web monitoring
    Be alerted to any stolen user credentials discovered on the dark web, indicative of a compromised account or breach.
  • Support for higher data volumes

Premium

Ideal for IT security teams looking to meet specific PCI DSS audit requirements. Along with powerful threat detection, incident response, and compliance management capabilities, it includes 90 days of real-time event storage and enhanced support case response times.

  • 90 days of real-time event search
    Search, investigate, and report on your most recent of security data with immediate results.
  • Asset discovery & inventory
    Continually scan your environments to identify all connected assets, software, services and configurations.
  • Vulnerability assessment
    Be alerted to the weak points in your environments that could be exploited, prioritized by potential risk level.
  • Intrusion detection
    Detect anomalous or suspicious activities in your environments that may indicate an intrusion or attack.
  • SIEM event correlation
    Analyze your security events and log data against the latest correlation rules from AlienVault Labs to detect emerging threats.
  • Incident response
    Quickly investigate and respond to threats with critical threat data plus remediation guidance—all in a single pane of glass.
  • Endpoint detection and response
    Detect and respond to advanced endpoint threats, including those designed to evade traditional antivirus tools.
  • Log management
    Securely store your raw log data for compliance and forensics in cold storage for 12 months (extensions available.)
  • Compliance reports
    Easily demonstrate compliance with pre-built compliance reports for PCI, HIPAA, ISO 27001, and NIST CSF. Customize and export with ease.
  • Email alerts
    Never miss another critical security alert with automatic email notifications.
  • Federation ready
    Centralizes security monitoring for distributed architectures with multiple USM Anywhere deployments. (USM Central add-on).
  • Integrated ticketing & alerting (Service Now, Jira, Slack, Datadog)
    Automate notifications and ticketing workflows with leading third-party software to quickly respond to threats.
  • Orchestration with security tools (such as Palo Alto Networks, Carbon Black, Cisco Umbrella)
    Respond quickly to threats by orchestrating actions with multiple security tools to block malicious IPs, isolate infected endpoints, and more—all from one centralized location.
  • Automated incident response & forensics
    Reduce the time between detection and response by automating repetitive, investigative, and stop-gap incident response actions.
  • Dark web monitoring
    Be alerted to any stolen user credentials discovered on the dark web, indicative of a compromised account or breach.
  • Support for higher data volumes
  • Supports PCI log storage requirements
  • Enhanced support case response times

Screenshots:

Take a Closer Look at Unified Security

Centralize and simplify your security monitoring with everything you need for complete security visibility in a single pane of glass.

Asset Discovery

Asset Discovery

Know who and what is connected to your environments at all times.

Vulnerability Assessment

Vulnerability Assessment

Identify vulnerabilities on your assets to avoid exploitation and compromise.

Intrusion Detection

Intrusion Detection

Detect and respond to threats faster with built-in host, network, and cloud intrusion detection technologies.


Behavioral Monitoring

Behavioral Monitoring

Identify suspicious behavior, user activities, and potentially compromised systems.

SIEM and Log Management

SIEM and Log Management

Correlate, analyze, and securely store security event data from across your environments.


Documentation:

Download the AlienVault USM Anywhere Datasheet (.PDF)

Pricing Notes:

AlienVault Products
AlienVault USM Anywhere
AlienVault USM Anywhere
Contact us for Pricing!