Threat Intelligence


In today’s dynamic and evolving threat environment, busy IT security teams don’t have the time or resources to do threat analysis of emerging threats on their own. Instead, they turn to AlienVault Labs Security Research Team to do the research for them with continuous Threat Intelligence updates that are fully integrated into the AlienVault® Unified Security Management® (USM) platform for threat assessment, detection, and response.

Your AlienVault USM platform receives updates every 30 minutes from the AlienVault Labs. This dedicated team spends countless hours analyzing the different types of attacks, emerging threats, suspicious behavior, vulnerabilities and exploits they uncover across the entire threat landscape.

AlienVault USM also enables you to centralize the storage of all your log data in the AlienVault Secure Cloud, a certified compliant environment. This alleviates the burden of having to manage and secure logs on-premises, while providing a compliance-ready log management environment.

The AlienVault Advantage:

Ownership of both the built-in data sources and the management platform that make up the USM platform gives AlienVault a unique advantage over other security point products. Providing predictable data sources enables our threat research team to have a comprehensive understanding of the interactions between the different data types being collected, correlated and analyzed. This in-depth knowledge enables us to engineer the USM platform to provide effective security controls and seamlessly integrated threat intelligence for any environment.

AlienVault Labs Threat Intelligence drives the USM platform’s threat assessment capabilities by identifying the latest threats, resulting in the broadest view of threat vectors, attacker techniques and effective defenses. Unlike single-purpose updates focused on only one security control, AlienVault Labs regularly delivers eight coordinated rule set updates to the USM platform. These updates eliminate the need for you to spend precious time conducting your own research on emerging threats, or on alarms triggered by your security tools. These rule sets maximize the efficiency of your security monitoring program by delivering the following updates directly to your AlienVault USM™ installation:

  • Correlation directives – USM ships with an extensive and growing library of pre-defined rules that translate raw events into specific, actionable threat information by linking disparate events from across your network
  • Network IDS signatures – detect the latest malicious traffic on your network
  • Host IDS signatures – identify the latest threats targeting your critical systems
  • Asset discovery signatures – detect the latest operating systems, applications, and device information
  • Vulnerability assessment signatures – uncover the latest vulnerabilities on your systems
  • Reporting modules – receive new views of critical data about your environment to management and satisfy auditor requests
  • Dynamic incident response templates – customized guidance on how to respond to each alert
  • Newly supported data source plugins – expand your monitoring footprint by integrating data from legacy security devices and applications