AlienVault has announced the general availability of AlienVault Unified Security Management (USM) for Amazon Web Services (AWS). AlienVault USM for AWS is an AWS-native solution that delivers built-in security controls and threat intelligence for IT and security teams to accelerate and simplify threat detection and incident response. USM for AWS is available on AWS Marketplace.
The product has been released to help companies manage security in the AWS-based environment. The company points out that AWS supports a “Shared Security Model,” where it secures its underlying AWS infrastructure but relies on users to protect anything they put on the AWS infrastructure, including their own operating systems, applications and data running in their AWS environments.
USM for AWS provides the security capabilities needed to identify and respond to malicious behavior and secure AWS environments. The platform provides cloud-native functionality to get full visibility into an AWS environment using the AWS API and provides analysis of use of built-in security features like CloudTrail and Security Groups to improve an environment’s security.
USM for AWS features include:
- Security Visibility for AWS “Shared Responsibility Model”: Cloud-native security platform maximizes visibility of potential threats or misconfigurations in the AWS environment, making it easier to use Amazon’s built-in features like CloudTrail and Security Groups.
- Built-in Security Capabilities Adapted for AWS: Asset discovery, vulnerability assessment, behavior monitoring, log management, alerting and event correlation enables IT or Security practitioners to quickly update and respond to malicious behavior and unsecure AWS configurations.
- Threat Intelligence and Predictability: Predefined correlation directives and updates to identify the most significant threats targeting an organizations network, with context-specific remediation and threat mitigation guidance, powered by AlienVault Labs and AlienVault Open Threat Exchange (OTX).
The AlienVault USM platform provides five security capabilities in a single console, providing everything needed to manage both compliance and threats.
1) Asset Discovery
- Active Network Scanning
- Passive Network Monitoring
- Asset Inventory
2) Behavioral Monitoring
- Log Collection
- Netflow Analysis
- Service Availability Monitoring
- Full packet capture
3) Vulnerability Assessment
- Network Vulnerability Testing
- Continuous Vulnerability Monitoring
4) Security Intelligence
- SIEM Correlation
- Incident Response
- Reporting and Alarms
5) Threat Detection
- Network IDS
- Host IDS
- File Integrity Monitoring