SlideShare a Scribd company logo

Improve Threat Detection with OSSEC and AlienVault USM

Download as PPTX, PDF
AlienVault, profile picture
AlienVault

AlienVault provides mid-sized businesses with unified security products, intelligence, and community resources for modern threat defense. The document details AlienVault's capabilities, including OSSEC features like log analysis and vulnerability assessment, along with an overview of the USM architecture and integrated tools. It also offers insights into event correlation and management through a comprehensive GUI for effective security monitoring.

Related topics:
Threat Detection
1 of 12
Downloaded 113 times
1
2
3
4
5
6
7
8
9
10
11
12
Improve Threat Detection with OSSEC and AlienVault USM
About AlienVault AlienVault has unified the security products, intelligence and community essential for mid-sized businesses to defend against today’s modern threats
Agenda OSSEC capabilities AlienVault USM capabilities Demo – See it in action • Remote OSSEC agent deployment, configuration and management • Behavioral monitoring of servers and workstations • Logging and reporting for PCI compliance • Data correlation with IP reputation data, vulnerability scans and more • Correlating OSSEC events to detect attacks
OSSEC & AlienVault USM Learning the Basics…
OSSEC capabilities Log analysis based intrusion detection File integrity checking Registry keys integrity checking (Windows) Signature based malware/rootkits detection Real-time alerting and active response
OSSEC Architecture Agent components: Logcollectord: Read logs (syslog, WMI, flat files) Syscheckd: File integrity checking Rootcheckd: Malware and rootkits detection Agentd: Forwards data to the server Server components: Remoted: Receives data from agents Analysisd: Processes data (main process) Monitord: Monitor agents
ASSET DISCOVERY • Active Network Scanning • Passive Network Scanning • Asset Inventory • Host-based Software Inventory VULNERABILITY ASSESSMENT • Continuous Vulnerability Monitoring • Authenticated / Unauthenticated Active Scanning BEHAVIORAL MONITORING • Log Collection • Netflow Analysis • Service Availability Monitoring SECURITY INTELLIGENCE/SIEM • SIEM Event Correlation • Incident Response THREAT DETECTION • Network IDS • Host IDS • File Integrity Monitoring USM Platform Integrated, Essential Security Controls
AlienVault USM Architecture Embedded tools: Asset discovery: Nmap, Prads Behavioral monitoring: Netflow, Ntop, Nagios Threat detection: Snort, Suricata, OSSEC Vulnerability assessment: OpenVas External collectors: Syslog WMI SDEE
AlienVault Event Correlation AlienVault USM correlates events from multiple sources, crossing OSSEC alerts with information collected from embedded detectors and external sources.
OSSEC Management Interface • Status monitor • Events viewer • Agents control manager • Configuration manager • Rules viewer/editor • Logs viewer • Server control manager • Deployment manager • Rules viewer/editor AlienVault USM provides a comprehensive GUI for OSSEC alerts management:
Let’s See It In Action
888.613.6023 ALIENVAULT.COM CONTACT US HELLO@ALIENVAULT.COM Test Drive AlienVault USM Download a Free 30-Day Trial http://www.alienvault.com/free-trial Try our Interactive Demo Site http://www.alienvault.com/live-demo-site Now for some Q&A.. Questions? Hello@AlienVault.com Twitter : @alienvault

More Related Content

PPTX
ciberseguridad.pptx
JOSHUAALEXANDEROSORI
 
PDF
Fire Detection System using GSM Module
ijtsrd
 
PDF
Presupuesto a medida. pc componentes PRUEBA
javierperezbueno
 
PPTX
Modelo de proceso especializado
Francisco Arce Garcia
 
PPTX
Smart Home Automation And security System
Amit Kundu
 
PPTX
Togaf
Carlos
 
PPTX
Seguridad Logica.pptx
Mario Andres Ramírez González
 
PPTX
Arquitectura Multiprocesadores
JUANR1022
 
ciberseguridad.pptx
JOSHUAALEXANDEROSORI
 
Fire Detection System using GSM Module
ijtsrd
 
Presupuesto a medida. pc componentes PRUEBA
javierperezbueno
 
Modelo de proceso especializado
Francisco Arce Garcia
 
Smart Home Automation And security System
Amit Kundu
 
Togaf
Carlos
 
Seguridad Logica.pptx
Mario Andres Ramírez González
 
Arquitectura Multiprocesadores
JUANR1022
 

What's hot (20)

PPTX
Unidad 3
Yo trabajo en la escuela y si fuera por mi yo renunciaria xD
 
PDF
Arduino Based Home Lighting Control by Android Phone
ijtsrd
 
PPTX
Administración de la función informática: Seguridad fisíca y lógica en el cen...
liras loca
 
PDF
Automatic room temperature controlled fan using arduino uno microcontroller
Mohammod Al Emran
 
ODP
Ambient intelligence
Nikhil Patteri
 
PPT
Metricas de Codigo Fuente y Metricas de Prueba
Kevin Castillo
 
PDF
IOT: Home Automation using Android Application
Nikhil Jadav
 
DOCX
Formato guia de aprendizaje sistemas instalacion de software
ADRIANAESLAVA1982
 
PDF
Seminario 3 reutilización del software
pto0404
 
DOCX
Ubiquitous computing abstract
Priti Punia
 
PPTX
FYP PRESENTATION-ROOM MONITORING SYSTEM USING IOT
inrhumaira
 
PPTX
GEOLOCALIZACION
ariana437
 
PPTX
Atm Security System Using Steganography Nss ptt by (rohit malav)
Rohit malav
 
PPTX
Smart Home / Smart Office
Karl Seiler
 
PPTX
Seguridad de los Sistemas Operativos
steevenjose
 
PPTX
Internet of Things Iot presentation with module
Isp university Multan
 
PPTX
CYBER-PHYSICAL-SYSTEM.pptx
PrasadNagelli
 
PPTX
Terminal Server
cesartg65
 
PPTX
Simulacion y Modelacion
AlbertoVargasCeledon1
 
PPTX
Fuente de alimentacion
paulabmgi38
 
Unidad 3
Yo trabajo en la escuela y si fuera por mi yo renunciaria xD
 
Arduino Based Home Lighting Control by Android Phone
ijtsrd
 
Administración de la función informática: Seguridad fisíca y lógica en el cen...
liras loca
 
Automatic room temperature controlled fan using arduino uno microcontroller
Mohammod Al Emran
 
Ambient intelligence
Nikhil Patteri
 
Metricas de Codigo Fuente y Metricas de Prueba
Kevin Castillo
 
IOT: Home Automation using Android Application
Nikhil Jadav
 
Formato guia de aprendizaje sistemas instalacion de software
ADRIANAESLAVA1982
 
Seminario 3 reutilización del software
pto0404
 
Ubiquitous computing abstract
Priti Punia
 
FYP PRESENTATION-ROOM MONITORING SYSTEM USING IOT
inrhumaira
 
GEOLOCALIZACION
ariana437
 
Atm Security System Using Steganography Nss ptt by (rohit malav)
Rohit malav
 
Smart Home / Smart Office
Karl Seiler
 
Seguridad de los Sistemas Operativos
steevenjose
 
Internet of Things Iot presentation with module
Isp university Multan
 
CYBER-PHYSICAL-SYSTEM.pptx
PrasadNagelli
 
Terminal Server
cesartg65
 
Simulacion y Modelacion
AlbertoVargasCeledon1
 
Fuente de alimentacion
paulabmgi38
 
Ad

Similar to Improve Threat Detection with OSSEC and AlienVault USM (20)

PPTX
Advanced OSSEC Training: Integration Strategies for Open Source Security
AlienVault
 
PPTX
How to Detect a Cryptolocker Infection with AlienVault USM
AlienVault
 
PPTX
Improve Situational Awareness for Federal Government with AlienVault USM
AlienVault
 
PPTX
Watering Hole Attacks: Detect End-User Compromise Before the Damage is Done
AlienVault
 
PPTX
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
AlienVault
 
PDF
Incident Response Whitepaper - AlienVault
Jermund Ottermo
 
PPTX
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
AlienVault
 
PPTX
Improve threat detection with hids and alien vault usm
AlienVault
 
PPTX
How Malware Works
AlienVault
 
PPTX
Alienvault threat alerts in spiceworks
AlienVault
 
PPTX
Spice world 2014 hacker smackdown
AlienVault
 
PDF
USM appliance datasheet 2024 latest 070324
MuhammadAmirulSyazwa2
 
PPTX
How to Solve Your Top IT Security Reporting Challenges with AlienVault
AlienVault
 
PPTX
Best Practices for Configuring Your OSSIM Installation
AlienVault
 
PPTX
Security Operations Center (SOC) Essentials for the SME
AlienVault
 
PPTX
How to Investigate Threat Alerts in Spiceworks!
AlienVault
 
PPTX
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
AlienVault
 
PPTX
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
AlienVault
 
PPTX
SpiceWorks Webinar: Whose logs, what logs, why logs
AlienVault
 
PPTX
The Lazy Attacker: Defending Against Broad-based Cyber Attacks
AlienVault
 
Advanced OSSEC Training: Integration Strategies for Open Source Security
AlienVault
 
How to Detect a Cryptolocker Infection with AlienVault USM
AlienVault
 
Improve Situational Awareness for Federal Government with AlienVault USM
AlienVault
 
Watering Hole Attacks: Detect End-User Compromise Before the Damage is Done
AlienVault
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
AlienVault
 
Incident Response Whitepaper - AlienVault
Jermund Ottermo
 
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
AlienVault
 
Improve threat detection with hids and alien vault usm
AlienVault
 
How Malware Works
AlienVault
 
Alienvault threat alerts in spiceworks
AlienVault
 
Spice world 2014 hacker smackdown
AlienVault
 
USM appliance datasheet 2024 latest 070324
MuhammadAmirulSyazwa2
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
AlienVault
 
Best Practices for Configuring Your OSSIM Installation
AlienVault
 
Security Operations Center (SOC) Essentials for the SME
AlienVault
 
How to Investigate Threat Alerts in Spiceworks!
AlienVault
 
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
AlienVault
 
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
AlienVault
 
SpiceWorks Webinar: Whose logs, what logs, why logs
AlienVault
 
The Lazy Attacker: Defending Against Broad-based Cyber Attacks
AlienVault
 
Ad

More from AlienVault (19)

PDF
Malware Invaders - Is Your OS at Risk?
AlienVault
 
PPTX
Simplify PCI DSS Compliance with AlienVault USM
AlienVault
 
PDF
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
AlienVault
 
PDF
Insider Threat Detection Recommendations
AlienVault
 
PDF
Open Source IDS Tools: A Beginner's Guide
AlienVault
 
PPTX
Malware detection how to spot infections early with alien vault usm
AlienVault
 
PDF
Security operations center 5 security controls
AlienVault
 
PDF
PCI DSS Implementation: A Five Step Guide
AlienVault
 
PDF
The State of Incident Response - INFOGRAPHIC
AlienVault
 
PPTX
Incident response live demo slides final
AlienVault
 
PPTX
Improve Security Visibility with AlienVault USM Correlation Directives
AlienVault
 
PPTX
AWS Security Best Practices for Effective Threat Detection & Response
AlienVault
 
PPTX
IDS for Security Analysts: How to Get Actionable Insights from your IDS
AlienVault
 
PDF
Alien vault sans cyber threat intelligence
AlienVault
 
PPTX
Security by Collaboration: Rethinking Red Teams versus Blue Teams
AlienVault
 
PPTX
Prepare to Be Breached: How to Adapt your Security Controls to the “New Normal”
AlienVault
 
PPTX
How to Detect System Compromise & Data Exfiltration with AlienVault USM
AlienVault
 
PPTX
Demo how to detect ransomware with alien vault usm_gg
AlienVault
 
PPTX
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
AlienVault
 
Malware Invaders - Is Your OS at Risk?
AlienVault
 
Simplify PCI DSS Compliance with AlienVault USM
AlienVault
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
AlienVault
 
Insider Threat Detection Recommendations
AlienVault
 
Open Source IDS Tools: A Beginner's Guide
AlienVault
 
Malware detection how to spot infections early with alien vault usm
AlienVault
 
Security operations center 5 security controls
AlienVault
 
PCI DSS Implementation: A Five Step Guide
AlienVault
 
The State of Incident Response - INFOGRAPHIC
AlienVault
 
Incident response live demo slides final
AlienVault
 
Improve Security Visibility with AlienVault USM Correlation Directives
AlienVault
 
AWS Security Best Practices for Effective Threat Detection & Response
AlienVault
 
IDS for Security Analysts: How to Get Actionable Insights from your IDS
AlienVault
 
Alien vault sans cyber threat intelligence
AlienVault
 
Security by Collaboration: Rethinking Red Teams versus Blue Teams
AlienVault
 
Prepare to Be Breached: How to Adapt your Security Controls to the “New Normal”
AlienVault
 
How to Detect System Compromise & Data Exfiltration with AlienVault USM
AlienVault
 
Demo how to detect ransomware with alien vault usm_gg
AlienVault
 
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
AlienVault
 

Improve Threat Detection with OSSEC and AlienVault USM

  • 2. About AlienVault AlienVault has unified the security products, intelligence and community essential for mid-sized businesses to defend against today’s modern threats
  • 3. Agenda OSSEC capabilities AlienVault USM capabilities Demo – See it in action • Remote OSSEC agent deployment, configuration and management • Behavioral monitoring of servers and workstations • Logging and reporting for PCI compliance • Data correlation with IP reputation data, vulnerability scans and more • Correlating OSSEC events to detect attacks
  • 4. OSSEC & AlienVault USM Learning the Basics…
  • 5. OSSEC capabilities Log analysis based intrusion detection File integrity checking Registry keys integrity checking (Windows) Signature based malware/rootkits detection Real-time alerting and active response
  • 6. OSSEC Architecture Agent components: Logcollectord: Read logs (syslog, WMI, flat files) Syscheckd: File integrity checking Rootcheckd: Malware and rootkits detection Agentd: Forwards data to the server Server components: Remoted: Receives data from agents Analysisd: Processes data (main process) Monitord: Monitor agents
  • 7. ASSET DISCOVERY • Active Network Scanning • Passive Network Scanning • Asset Inventory • Host-based Software Inventory VULNERABILITY ASSESSMENT • Continuous Vulnerability Monitoring • Authenticated / Unauthenticated Active Scanning BEHAVIORAL MONITORING • Log Collection • Netflow Analysis • Service Availability Monitoring SECURITY INTELLIGENCE/SIEM • SIEM Event Correlation • Incident Response THREAT DETECTION • Network IDS • Host IDS • File Integrity Monitoring USM Platform Integrated, Essential Security Controls
  • 8. AlienVault USM Architecture Embedded tools: Asset discovery: Nmap, Prads Behavioral monitoring: Netflow, Ntop, Nagios Threat detection: Snort, Suricata, OSSEC Vulnerability assessment: OpenVas External collectors: Syslog WMI SDEE
  • 9. AlienVault Event Correlation AlienVault USM correlates events from multiple sources, crossing OSSEC alerts with information collected from embedded detectors and external sources.
  • 10. OSSEC Management Interface • Status monitor • Events viewer • Agents control manager • Configuration manager • Rules viewer/editor • Logs viewer • Server control manager • Deployment manager • Rules viewer/editor AlienVault USM provides a comprehensive GUI for OSSEC alerts management:
  • 11. Let’s See It In Action
  • 12. 888.613.6023 ALIENVAULT.COM CONTACT US HELLO@ALIENVAULT.COM Test Drive AlienVault USM Download a Free 30-Day Trial http://www.alienvault.com/free-trial Try our Interactive Demo Site http://www.alienvault.com/live-demo-site Now for some Q&A.. Questions? Hello@AlienVault.com Twitter : @alienvault