Anthony Mack, Systems Engineer Payman Faed, Account Executive “LIVE” PRODUCT DEMO: HOW TO DETECT BRUTE FORCE ATTACKS AND APTS IN UNDER 1 HOUR WITH ALIENVAULT ™
Live Product Demo: How to detect brute force attacks and APTs in under 1 hour with AlienVault
May 19, 2015
Detect Brute Force Attacks & APTs in less than 1 hour with AlienVault.
In this session, our SIEM deployment expert will show you how to quickly and easily:
*Detect brute force attacks with correlation of both Windows & Linux logs
*Detect APTs and zero-day attacks
*Expose network scans or worm behavior with firewall log correlation
*Identify and prioritize vulnerabilities on affected assets
*Customize alerts and reports for PCI, HIPAA and ISO
In this session, our SIEM deployment expert will show you how to quickly and easily:
*Detect brute force attacks with correlation of both Windows & Linux logs
*Detect APTs and zero-day attacks
*Expose network scans or worm behavior with firewall log correlation
*Identify and prioritize vulnerabilities on affected assets
*Customize alerts and reports for PCI, HIPAA and ISO
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Anthony Mack, Systems EngineerPayman Faed, Account Executive
“LIVE” PRODUCT DEMO:HOW TO DETECT BRUTE FORCE ATTACKS AND APTS IN UNDER 1 HOUR WITH ALIENVAULT™
AGENDATodays Threat Landscape: Realities & ImplicationsAdvanced Persistent Threat• What is it and who is at risk?Threat detection through correlation of NIDS, HIDS and IP ReputationUSM at a glanceLive Demo of USM• Data collection and correlation from a Network IDS to detect malicious code• Detection of brute force attack leveraging OSSEC HIDS agent
More and more organizations are finding themselves in the crosshairs of various bad actors for a variety of reasons.
The number of organizations experiencing high profile breaches is unprecedented ~ SMB increasingly become the target.
THREAT LANDSCAPE: OUR NEW REALITY
Despite the
BILLIONSspent every year on IT security
>80% of organizations EXPECT to be breached every year.
~ Gartner 2012
In 2012 (and we expect this to rise in 2013 and into 2014), 50% of all targeted attacks were aimed at businesses with fewer than 2,500 employees. In fact, the largest growth area for targeted attacks in 2013 was businesses with fewer than 250 employees; 31% of all attacks targeted them.
THREAT LANDSCAPE: ADVANCED PERSISTENT THREAT
APT operates by quietly planting malicious code into an organization’s network to be used for reconnaissance and extraction of valuable information.
Average end users are the most common targets for implanting malicious code through various techniques such as:
Social engineeringFishing techniquesZero day vulnerabilities
WHO IS AT RISK: ADVANCED PERSISTENT THREAT
Businesses holding a large quantity of personally identifiable information or intellectual property are at high risk of being targeted by advanced persistent threats.
Some of the world’s most well known organizations have adopted AlienVault USM to combat this threat.
THE ALIENVAULT USM SOLUTION: NETWORK INTRUSION DETECTION
Network IDS is embedded in our platform, giving you the ability to detect network level attacks including identifying network activity originating from malicious code.
Network IDS signatures are updated frequently to keep you on the front lines of advanced detection
THE ALIENVAULT USM SOLUTION: HOST INTRUSION DETECTION
Monitoring your mission critical servers through host IDS agents allow you to detect an APT attempting to spread out and gather sensitive information.
File integrity checking
Registry key integrity
checking
Operating system logging
Centralized management
THE ALIENVAULT USM SOLUTION: IP REPUTATION
Tracking activity from attackers around the world allows AlienVault USM to alert you when bad actors are accessing your network.
Automatically correlates known attackers with detected intrusions and malware activity from both the network and host intrusion detection systems
Figure out what is valuable
Identify ways the target could be compromised
Start looking for threats
Look for strange activity which could
indicate a threat
Piece it all together
AssetDiscovery
VulnerabilityAssessment
ThreatDetection
BehavioralMonitoring
SecurityIntelligence
Asset Discovery• Active Network Scanning• Passive Network Scanning• Asset Inventory• Host-based Software Inventory
Vulnerability Assessment• Network Vulnerability Testing
Threat Detection• Network IDS• Host IDS• Wireless IDS• File Integrity Monitoring
Behavioral Monitoring• Log Collection• Netflow Analysis• Service Availability Monitoring
Security Intelligence• SIEM Correlation• Incident Response
UNIFIED SECURITY MANAGEMENT
“Security Intelligence through Integration that we do, NOT you”
USM Platform• Bundled Products - 30 Open-Source Security tools to plug
the gaps in your existing controls• USM Framework - Configure, Manage, & Run Security
Tools. Visualize output and run reports
• USM Extension API - Support for inclusion of any other data source into the USM Framework
• Open Threat Exchange –Provides threat intelligence for collaborative defense
www.alienvault.com
30-Day Free Trial(Fully featured)
VIEW ON DEMAND
To watch a recorded version of this webcast on demand. Click Here
Related Documents
