AlienVault

alien_vault

What is AlienVault?

We provide simple, affordable and compete security products to those companies who have been under-served by the current status quo

AlienVault makes hardware, virtual or cloud-based appliances. The product is thought of as a SIEM (security information event management)  technology that provides real-time analysis of security alerts generated by network hardware and applications.  Although there is SIEM-like functionality in the product, AV takes it a step further. The company uses all the detector and security controls that make an SIEM, but the uniqueness comes from detective security controls and vulnerability controls.  Not only does our project bring truth to the detection piece, we make it actionable.

Our product is also used to generate reports for compliance  purposes. The typical users of AlienVault have only 1-5 people working in the Info security operations center (or maybe even a part-time security person). In most cases, security teams are rarely given much budget and must seek other means (compliance) to fund security projects. If we help them with compliance, customer gets security funding at the same time. We sell directly to the practitioner, with prices such that they don’t need executive approval.

Alien Vault Belief system:

We believe this is kind of technology should be available to everyone.  It should be affordable and should be available to be researched.

Inside the AlienVault appliance (Hardware, Virtual or Cloud-based):

  •     Asset inventory
  •     Vulnerability scanning
  •     Intrusion detection
  •     Net flow analysis
  •     Log collection from internal and external sources (Open Threat Exchange – OTX)

Smaller companies have trouble identifying what is really on their network – or do not have the staff to build the reports:

  1.    AV takes an inventory (add a new device to netwrok? – our product informs you)
  2.     Vulnerability scanning – discover information about assets
  3.    Passive scans of network, inspecting host, we can tell you
    •         what kind of software is installed
    •         what the users are doing
  4.     Run intrusion detection at the following levels:
    •         Network
    •         Wireless
    •         Host-based
  5. Build picture with all information

Vulnerability detection is a collection of open source tools:

Inside AlienVault:

  •     OpenVAS – Opensource fork of old Nessus code-base
  •     NMAP – free security scanner
  •     OSSEC – Host intrusion detection
  •     Snort – intrusion detection
  •     Suricata Network IDS, IPS and network monitoring
  •     Wireshark – packet analyser (capture and sniffing)
  •     Nagios – Simple network management protocol – SNMP – infrastructure monitoring solution
  •     Linux Debian – Operating system
  •     OCS – Software inventory
  •    NTOP – Network Status
  •    SIEM – Security Information, Event Management

AlienVault’s contribution to open source community:

1) Identify bugs and file them with different products
2) Give feedback to open source developers
3) Make OSSIM package available to the community
4) (kinda like) alternate source of distribution for the various open source tools

Open source community – assistance AlienVault has received:

  •   Contributor created hadoop-based collection system for AV logger
  •   Various Plugins

AlienVault_Malware_600px

Infographic by AlienVault

– See more at: https://www.alienvault.com/blogs/industry-insights/the-eternal-life-of-malware#sthash.uqxokDrZ.dpuf