Call a Specialist Today! 800-886-5369

AlienVault Unified Security Management (USM) Appliance
Powerful Threat Detection & Response for On-Premises Environments


AlienVault Unified Security Management (USM) Appliance

AlienVault Products
AlienVault USM Appliance
AlienVault USM Appliance
Contact us for Pricing!

Click here to jump to more pricing!

Overview:

AlienVault USM ApplianceAlienVault USM Appliance accelerates and simplifies threat detection, incident response and compliance management for IT teams with limited resources, starting on Day One. With essential security controls and integrated threat intelligence built-in, AlienVault USM Appliance puts complete security visibility of threats affecting your network and how to mitigate them within fast and easy reach.

Whether large or small, all organizations need complete visibility to:

  • Detect emerging threats across their environments
  • Respond quickly to incidents and conduct thorough investigations
  • Measure, manage, and report on compliance (PCI, HIPAA, ISO, and more)
  • Optimize existing security investments and reduce risk

USM Appliance delivers this complete security visibility by providing the five essential security capabilities in a unified platform, controlled by a single management console:

  • Asset Discovery - active and passive network discovery
  • Vulnerability Assessment – active network scanning, continuous vulnerability monitoring
  • Intrusion Detection - network and host IDS, file integrity monitoring
  • Behavioral Monitoring - netflow analysis, service availability monitoring
  • SIEM - log management, event correlation, analysis, and reporting

Integrated Threat Intelligence

AlienVault’s Threat Intelligence subscription maximizes the effectiveness of any security monitoring program by providing regularly updated correlation directives, intrusion detection signatures, response guidance, and much more. These constant updates enable the USM platform to analyze the mountain of event data from all of your data sources, and tell you exactly what are the most important threats facing your network right now, and what to do about them. Our threat experts spend countless hours researching the latest exploits, malware strains, attack techniques, and malicious IPs, so you don’t have to. We incorporate this expertise into our extensive and growing library of customizable correlation directives that ship with the USM platform, eliminating the need for you to conduct your own research and write your own correlation rules, giving you the ability to detect and respond to threats on day one.

The AlienVault Labs Security Research Team also curates the Open Threat Exchange (OTX), the world’s first truly open threat intelligence community that enables collaborative defense with open access to collaborative research on emerging threats. OTX integrates with USM Appliance and enables everyone in the OTX community to actively collaborate, strengthening their own defenses while helping others do the same.

Get Complete Security Visibility on Day One

AlienVault USM Appliance is an all-in-one platform designed and priced to accelerate and simplify threat detection, incident response, and compliance management for resource-constrained IT security teams so they can effectively defend themselves against today's advanced threats — starting on Day One.

USM Appliance includes the essential security capabilities and continuously delivered threat intelligence needed to quickly and easily identify and respond to threats in your physical and virtual infrastructure. This unified security management approach delivers everything needed in a single, easy-to-deploy, cost-effective solution to detect threats to on-premises infrastructure, data, and users without the headache involved in purchasing and deploying several expensive, difficult-to-deploy point solutions.

Unlike traditional SIEM or security point products, AlienVault’s USM Appliance provides:

  • Multiple Essential Security Monitoring Capabilities Without Multiple Consoles
  • Unified Security Monitoring Across On-Premises Environments
  • Simple Security Event Management and Reporting
  • Continuous Threat Intelligence to Keep You Aware of Threats
  • Fast and Easy Deployment

Accelerate Threat Detection

AlienVault Unified Security Management: Better Threat Detection for Effective Response

The AlienVault USM Appliance is a unified threat detection and compliance management solution for all of your on-premises environments that is both easy-to-use and affordable. We’ve built all of the essential security capabilities you need into one Unified Security Management platform, which is then powered by up-to-the-minute threat intelligence from the AlienVault Labs Security Research Team and our Open Threat Exchange (OTX)— the world’s first truly open threat intelligence community that enables collaborative defense with actionable community-powered threat data.

The result is a powerful solution, available in a virtual or physical appliance form factor, that delivers on its promise of complete security visibility.

AlienVault Unified Security Management

Actionable Threat Intelligence Delivered Directly to You

Most teams don’t have unlimited resources to research the latest threats in the wild. That’s why the AlienVault Labs Security Research Team works on your behalf to scour the global threat landscape for emerging latest attack methods, bad actors, and vulnerabilities that could impact your security. This team analyzes hundreds of thousands of threat indicators daily and delivers continuous threat intelligence updates automatically to your USM environment, in the form of actionable IDS signatures, correlation rules, remediation guidance, and more. With this integrated threat intelligence subscription, you always have the most up-to-date threat intelligence as you monitor your environment for emerging threat.

To provide deeper and wider insight into attack trends and bad actors, the AlienVault Labs Security Research Team leverages the power of the Open Threat Exchange® (OTX™)—the world’s first truly open threat intelligence community. This community of security researchers and IT professionals collaborate and share millions of threat artifacts as they emerge “in the wild,” so you get global insight into attack trends and bad actors that could impact your operations.

Actionable Threat Intelligence Delivered Directly to You

Get Visibility Across Your Entire On-premises Environment

Achieving complete security visibility can be time-consuming, expensive, and complex. Collecting the right data, aggregating it, normalizing it, and correlating disparate technologies to get a complete view of your security posture isn’t a trivial effort. Ownership of the built-in data sources and management platform, coupled with unmatched security expertise delivered by the AlienVault Labs Security Research Team, provides effective security controls and seamlessly integrated threat intelligence for your on-premises environment.

Within minutes of installing the USM Appliance, our asset discovery features - Active Network Scanning, Passive Network Monitoring, Asset Inventory - will provide you visibility into the assets on your network, what software and services are installed on them, how they’re configured, and any potential vulnerabilities and active threats being executed against them.

Get Visibility Across Your Entire On-premises Environment

Maintain Control Over Your Infrastructure

AlienVault USM Appliance is designed to help you monitor your physical and virtual infrastructure. It is designed for organizations that need something you can install, manage, and fully control in your own data center.

USM Appliance Sensors are deployed to your offices, data centers, and other on-premises locations to scan, monitor, and collect data from your network to provide you the visibility needed to monitor your on-premises environment effectively.

Maintain Control Over Your Infrastructure

CertificateAchieve Comprehensive Compliance Management without the Headaches

IT compliance management is often a manual process that requires knowledge of your assets, log data collection, data centralization, intrusion detection, log analysis and reporting. USM Appliance delivers a single platform to help you manage compliance initiatives – saving you from the time, cost, and complexity of integrating multiple disparate technologies.

Quickly get answers to critical IT compliance management questions such as:

  • Where do your critical assets live, how are they configured, and how are they segmented from the rest of your network?
  • Who accesses these resources?
  • What are the vulnerabilities on my assets, have they been resolved, and how important are they?
  • What constitutes your network baseline and what is considered normal or acceptable?

Features:

The Unified Security Management Difference

5 Essential Security Capabilities in a Single Console

The AlienVault USM Appliance provides five essential security capabilities in a single console, giving you everything you need to manage both compliance and threats. Understanding the sensitive nature of IT environments, we include active, passive, and host-based technologies so that you can match the requirements of your particular on-premises environment.


Asset Discovery

Know who and what is connected to your on-premises environments at all times

  • Active Network Scanning
  • Passive Network Monitoring
  • Asset Inventory
  • Services Inventory

Behavioral Monitoring

Identify suspicious behavior and potentially compromised systems

  • Netflow Analysis
  • Service Availability Monitoring
  • Full Packet Inspection

Vulnerability Assessment

Know where the vulnerabilities are on your assets to avoid easy exploitation and compromise

  • Authenticated/ Unauthenticated Vulnerability Scans
  • Continuous Vulnerability Monitoring

SIEM

Correlate and analyze security event data from across your network and respond

  • Log Management
  • Event Correlation
  • Incident Response
  • Reporting and Alarms

Intrusion Detection

Know when suspicious activities happen in your environment

  • Network IDS
  • Host IDS
  • File Integrity Monitoring (FIM)

How It Works:

Detect Threats Within Minutes

As soon as AlienVault USM Appliance is installed within your network, it starts collecting data. Moments later, you’ll start to see important information about devices, applications, user activity, and network traffic.

AlienVault’s USM Appliance is composed of a modular, scalable, three-tier architecture. There are three core components: a Sensor, a Server, and a Logger. You can deploy them as stand-alone products or integrated in an All-in-One device.

All AlienVault USM Appliance products include these three core components available as hardware or virtual appliances:

USM Appliance Sensor

USM Appliance Sensor

Deployed throughout your network to collect logs and provide the five essential security capabilities you need for complete visibility.

USM Appliance Logger

USM Appliance Logger

Securely archives raw event log data for long-term storage, investigations, and compliance mandates.

USM Appliance Server

USM Appliance Server

Aggregates and correlates information gathered by the Sensors, and provides single pane-of-glass management, reporting, and administration.

USM Appliance All-in-One

USM Appliance All-in-One

Combines a Sensor, Server, and Logger components into a single appliance to deliver all USM Appliance functionality in a single device.


AlienVault USM Appliance Deployment

Deployment Options That Fit Your Unique Network

All of the AlienVault USM Appliance products are available in various models, based on size, scale, and configuration requirements. To make things even easier, no matter what deployment option you choose, every USM Appliance component works the same way and is fully interoperable with all other models, minimizing the training costs. For example, you can deploy an AlienVault USM Appliance Server as a hardware appliance, USM Appliance Sensors as virtual appliances, and a USM Appliance Logger as a hardware appliance, if that is what your business requires. The important thing is that no matter where your assets are and what your network looks like, you have full security visibility – all managed in one place.

Additionally, you can instantly upgrade each of our USM Appliance products as your environment changes and your needs evolve. Start out small and quickly expand your deployment, leveraging the power of USM Appliance from Day One.

Immediate Scalability. No Forklift Upgrades.

Our USM Appliance All-in-One products combine our Sensor, Logger, and Server. You can quickly expand these installations to become USM Appliance Standard or USM Appliance Enterprise products, where dedicated systems perform these functions. Additionally, USM Central™, a federation console is available to provide a centralized view of your data in a distributed environment.

The following deployment and configuration information will help you find the right USM Appliance deployment for you.

Deployment Options Hardware Appliance Virtual Appliance Cloud Service
USM Appliance All-in-One1  
USM Appliance Standard2  
USM Appliance Enterprise2    
USM Central3    

1 The AlienVault USM Appliance All-in-One products combine the Server, Sensor, and Logger components onto a single system.
2 The AlienVault USM Appliance Standard and USM Appliance Enterprise product lines offer increased scalability and performance by provisioning dedicated systems for each component (Server, Sensor, and Logger).
3 AlienVault USM Central provides a centralized view of your data in a distributed environment, including USM Appliance and USM Anywhere instances. Requires USM Appliance 5.4.3 or later.

Extend Detection Capability To Your Existing Applications

In addition to the built-in asset discovery, vulnerability assessment, intrusion detection, and behavioral monitoring controls, USM Appliance also includes hundreds of Plugins available for you to integrate data from the existing applications, systems, and devices on your network. AlienVault partners with leading security and networking vendors to extend the effectiveness of your USM Appliance platform to detect, prioritize, and respond to threats.

The AlienVault USM Appliance Plugin library provides source-optimized data collection for a complete range of technologies, making it easy for you to get complete visibility into your entire network.

See the most recent list of plugins for the USM Appliance platform. AlienVault will build a plugin for most commercially available products at no additional charge, so if you don’t see the device on this list, submit a request and we will build it for you.

Steps:

Start Detecting Threats in 5 Easy Steps


Step One: Connect to the network

Step Two: Scan your network

Step Three: Monitor servers & networks

Step Four: Collect logs

Step Five: Detect & respond to threats


Specifications:


  USM Appliance All-in-One USM Appliance Standard USM Enterprise USM Central
  AIO 25A AIO 75A AIO 150A AIO UA3 Remote Sensor4 Server Logger Sensor Server5 Logger Sensor6 AlienVault-hosted Cloud Service
Device Performance
Max Assets 25 75 150
Max Events in Database (Millions)1 200 200 200 200 200 200 200
Max Data Collection (EPS)1 1,000 1,000 1,000 1,000 500 15,000 1,100 15,000
Max Data Correlation (EPS)1 1,000 1,000 1,000 1,000 4,000 4,000
IDS Throughput (Mbps)1 100 100 100 100 100 1,000 5,000
Max Connections to AIO’s / Servers2
Hardware Specifications
Form Factor 1U 1U 2 x 1U 1U
Length x Width x Height (In) 23.9 x 17.11 x 1.69 15.05 x 17.11 x 1.69 23.9 x 17.11 x 1.69 23.9 x 17.11 x 1.69
Weight (lb) 37.44 (max) 19.14 (max) 37.44 (max) 37.44 (max)
Power Supply 2 x 800W 1 x 290W 2 x 800W 2 x 800W
Network Interfaces 6 x 1GbE 2 x 1GbE 2 x 1GbE 6 x 1GbE 2 x 10GbE (option) 2 x 1GbE 6 x 1GbE 2 x 10GbE (option)
CPU 1 x Intel Xeon
E5-2630 v4 2.2GHz
10 Cores
1 x Intel Xeon
E3-1220 v5, 3.0GHz
4 Cores
1 x Intel Xeon E5-2630 v4 2.2GHz 10 Cores 1 x Intel Xeon
E5-2620 v4 2.1GHz.
8 Cores
1 x Intel Xeo
E5-2630 v4 2.2GHz
10 Cores
Storage Capacity (TB) Compressed7 / Uncompressed 9.0 /1.8 5.0 / 1.0 6.0 / 1.2 9.0 / 1.8 6.0 /1.2 6.0 / 1.2 11.0 / 2.2 6.0 / 1.2
Disk Array Configuration RAID 10 No RAID 10 RAID 10
Memory (GB) 32 8 32 32
Redundant Power Supply Yes No Yes Yes
iLO Dedicated Interface / Shared interface No / Yes No / Yes No / Yes
Max Heat Dissipation (BTU/hr) 691.45 400.57 733.65 691.45 733.65 733.65 837.71 733.65
Max Power Consumption (W) 202.77 117.47 215.15 202.77 215.15 215.15 245.66 215.15

1 Device performance may vary depending on environment, configuration, etc.
2 Assumes average usage of AIO’s with default settings. Max connections may vary depending on alarms, events, etc.
3 If you disable certain Sensor collection functions on the AIO appliance, you can collect up to 2,500 EPS from connected Sensors.
4 Remote Sensor device ships with feet for desktop deployment. Rack mount not required.
5 Enterprise Server ships with 2 x 1U devices. One device is the Enterprise Server and one is the Enterprise DB.
6 Enterprise Sensor provides IDS capabilities only. It does not include data collection capabilities.
7 5:1 compression ratio is the average experienced by our customers. Actual compression may be higher or lower depending on specific log data.
8 USM Central supports federation for USM Anywhere and USM Appliance 5.4.3 or later

  USM Appliance All-in-One USM Appliance Standard USM Central
  AIO 25A AIO 75A AIO 150A AIO UA Remote Sensor Server Logger Sensor AlienVault-hosted Cloud Service
Device Performance
Total Cores 8 4 8
RAM (GB) 16 8 24
Storage Capacity1 (TB) Compressed / Uncompressed 5.0 / 1.0 or 2.5 / 0.52 5.0 / 1.0 or 1.25 / 0.253 6.0 / 1.2 9.0 / 1.8 6.0 / 1.2
Virtual Interfaces 6 x 1GbE 2 x 1GbE 2 x 1GbE 2 x 1GbE 6 x 1GbE
Virtualization Support VMware ESXi 4.0+
Hyper-V v3.0+ (Windows Server 2008 SP2 and later)
VMware ESXi 4.0+
Hyper-V v3.0+ (Windows Server 2008 SP2 and later)

1 5:1 compression ratio is the average experienced by our customers. Actual compression may be higher or lower depending on specific log data.
2 All-In-One virtual appliances available in two storage capacities: 1TB or 500GB.
3 Remote Sensor virtual appliances available in two storage capacities: 1TB or 250GB.

Compare:

More Than Just a SIEM: It’s Unified Security Management!

Traditional SIEM solutions promise to provide what you need to detect threats – but the path to get there is one most resource-constrained IT teams can’t afford. Traditional SIEM solutions integrate and analyze the data produced by other security technologies that are already deployed, but unfortunately, many mid-market enterprise organizations don’t have those other technologies deployed yet!

AlienVault provides a different path. In addition to the functionality of a traditional SIEM, the AlienVault USM Appliance includes the essential security capabilities needed to effectively monitor your on-premises network in a single, unified platform. And AlienVault’s focus on ease of use and ease of deployment makes it the perfect fit for resource-constrained organizations.

See how USM Appliance compares to traditional SIEM!

  USM Appliance Traditional SIEM
Standard SIEM Capabilities
Log Management
Event Correlation
Incident Response Ticketing
Reporting
Essential Security Capabilities
Asset Discovery
Vulnerability Assessment
Network IDS
Host IDS
File Integrity Monitoring
Netflow
Full Packet Capture
Additional Capabilities
Continuous Threat Intelligence
Single, Unified Console

Screenshots:


Targeted guidance eliminates the guesswork associated with integrating data sources and provides precise suggestions for improving visibility.

Targeted guidance eliminates the guesswork associated with integrating data sources and provides precise suggestions for improving visibility.

Built-in network flow analysis provides all the data you need for in-depth investigations - including packet capture.

Built-in network flow analysis provides all the data you need for in-depth investigations - including packet capture.

Secure storage of raw event data satisfies regulatory compliance requirements while an easy-to-use interface allows for quick searches.

Secure storage of raw event data satisfies regulatory compliance requirements while an easy-to-use interface allows for quick searches.


Identify malicious actors attempting to interact with your network using our dynamic IP reputation data.

Identify malicious actors attempting to interact with your network using our dynamic IP reputation data.

Centralized, integrated "how to" documentation for all you need to know about USM.

Centralized, integrated "how to" documentation for all you need to know about USM.

Built-in network IDS and host IDS results in more accurate threat detection and event correlation, faster deployment and simpler management.

Built-in network IDS and host IDS results in more accurate threat detection and event correlation, faster deployment and simpler management.


Built-in vulnerability assessment simplifies security monitoring and speeds remediation.

Built-in vulnerability assessment simplifies security monitoring and speeds remediation.

Real-time threat intelligence utilizes kill-chain taxonomy to identify attackers, their victims, their methods and their intents.

Real-time threat intelligence utilizes kill-chain taxonomy to identify attackers, their victims, their methods and their intents.

Each alarm provides detailed and customized instructions on how to investigate and respond to malicious activity.

Each alarm provides detailed and customized instructions on how to investigate and respond to malicious activity.


Customizable executive dashboards provide overviews and click-through details about your security and compliance posture.

Customizable executive dashboards provide overviews and click-through details about your security and compliance posture.

All you need to know about an asset for incident investigation and response - in one window.

All you need to know about an asset for incident investigation and response - in one window.

Automated asset discovery provides granular details on all devices in your network.

Automated asset discovery provides granular details on all devices in your network.


Documentation:

Download the AlienVault USM Appliance Datasheet (.PDF)

Pricing Notes:

AlienVault Products
AlienVault USM Appliance
AlienVault USM Appliance
Contact us for Pricing!