Live Product Demo: How to detect brute force attacks and APTs in under 1 hour with AlienVault

Anthony Mack, Systems EngineerPayman Faed, Account Executive

“LIVE” PRODUCT DEMO:HOW TO DETECT BRUTE FORCE ATTACKS AND APTS IN UNDER 1 HOUR WITH ALIENVAULT™

AGENDATodays Threat Landscape: Realities & ImplicationsAdvanced Persistent Threat• What is it and who is at risk?Threat detection through correlation of NIDS, HIDS and IP ReputationUSM at a glanceLive Demo of USM• Data collection and correlation from a Network IDS to detect malicious code• Detection of brute force attack leveraging OSSEC HIDS agent

More and more organizations are finding themselves in the crosshairs of various bad actors for a variety of reasons.

The number of organizations experiencing high profile breaches is unprecedented ~ SMB increasingly become the target.

THREAT LANDSCAPE: OUR NEW REALITY

Despite the

BILLIONSspent every year on IT security

>80% of organizations EXPECT to be breached every year.

~ Gartner 2012

In 2012 (and we expect this to rise in 2013 and into 2014), 50% of all targeted attacks were aimed at businesses with fewer than 2,500 employees. In fact, the largest growth area for targeted attacks in 2013 was businesses with fewer than 250 employees; 31% of all attacks targeted them. 

THREAT LANDSCAPE: ADVANCED PERSISTENT THREAT

APT operates by quietly planting malicious code into an organization’s network to be used for reconnaissance and extraction of valuable information.

Average end users are the most common targets for implanting malicious code through various techniques such as:

Social engineeringFishing techniquesZero day vulnerabilities

WHO IS AT RISK: ADVANCED PERSISTENT THREAT

Businesses holding a large quantity of personally identifiable information or intellectual property are at high risk of being targeted by advanced persistent threats.

Some of the world’s most well known organizations have adopted AlienVault USM to combat this threat.

THE ALIENVAULT USM SOLUTION: NETWORK INTRUSION DETECTION

Network IDS is embedded in our platform, giving you the ability to detect network level attacks including identifying network activity originating from malicious code.

Network IDS signatures are updated frequently to keep you on the front lines of advanced detection

THE ALIENVAULT USM SOLUTION: HOST INTRUSION DETECTION

Monitoring your mission critical servers through host IDS agents allow you to detect an APT attempting to spread out and gather sensitive information.

File integrity checking

Registry key integrity

checking

Operating system logging

Centralized management

THE ALIENVAULT USM SOLUTION: IP REPUTATION

Tracking activity from attackers around the world allows AlienVault USM to alert you when bad actors are accessing your network.

Automatically correlates known attackers with detected intrusions and malware activity from both the network and host intrusion detection systems

Figure out what is valuable

Identify ways the target could be compromised

Start looking for threats

Look for strange activity which could

indicate a threat

Piece it all together

AssetDiscovery

VulnerabilityAssessment

ThreatDetection

BehavioralMonitoring

SecurityIntelligence

Asset Discovery• Active Network Scanning• Passive Network Scanning• Asset Inventory• Host-based Software Inventory

Vulnerability Assessment• Network Vulnerability Testing

Threat Detection• Network IDS• Host IDS• Wireless IDS• File Integrity Monitoring

Behavioral Monitoring• Log Collection• Netflow Analysis• Service Availability Monitoring

Security Intelligence• SIEM Correlation• Incident Response

UNIFIED SECURITY MANAGEMENT

“Security Intelligence through Integration that we do, NOT you”

USM Platform• Bundled Products - 30 Open-Source Security tools to plug

the gaps in your existing controls• USM Framework - Configure, Manage, & Run Security

Tools. Visualize output and run reports

• USM Extension API - Support for inclusion of any other data source into the USM Framework

• Open Threat Exchange –Provides threat intelligence for collaborative defense

sales@alienvault.com

www.alienvault.com

30-Day Free Trial(Fully featured)

VIEW ON DEMAND

To watch a recorded version of this webcast on demand. Click Here