Detect Brute Force Attacks & APTs in less than 1 hour with AlienVault.
In this session, our SIEM deployment expert will show you how to quickly and easily:
*Detect brute force attacks with correlation of both Windows & Linux logs
*Detect APTs and zero-day attacks
*Expose network scans or worm behavior with firewall log correlation
*Identify and prioritize vulnerabilities on affected assets
*Customize alerts and reports for PCI, HIPAA and ISO
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Live Product Demo: How to detect brute force attacks and APTs in under 1 hour with AlienVault
1. “LIVE” PRODUCT DEMO:
HOW TO DETECT BRUTE FORCE ATTACKS AND APTS IN UNDER 1 HOUR W ITH ALIE NVAULT ™
Anthony Mack, Systems Engineer
Payman Faed, Account Executive
2. AGENDA
Todays Threat Landscape: Realities & Implications
Advanced Persistent Threat • What is it and who is at risk?
Threat detection through correlation of NIDS, HIDS and IP Reputation
USM at a glance
Live Demo of USM • Data collection and correlation from a Network IDS to detect malicious code •
Detection of brute force attack leveraging OSSEC HIDS agent
3. THREAT LANDSCAPE: OUR NEW REALITY
More and more organizations are finding
themselves in the crosshairs of various bad actors
for a variety of reasons.
The number of organizations experiencing high
profile breaches is unprecedented ~ SMB
increasingly become the target.
In 2012 (and we expect this to rise in 2013 and into 2014),
50% of all targeted attacks were aimed at businesses
with fewer than 2,500 employees. In fact, the largest
growth area for targeted attacks in 2013 was businesses
with fewer than 250 employees; 31% of all attacks targeted
them.
4. THREAT LANDSCAPE: ADVANCED PERSISTENT THREAT
APT operates by quietly planting malicious code
into an organization’s network to be used for
reconnaissance and extraction of valuable
information.
Average end users are the most common
targets for implanting malicious code through
various techniques such as:
Social engineering
Fishing techniques
Zero day vulnerabilities
5. WHO IS AT RISK: ADVANCED PERSISTENT THREAT
Businesses holding a large quantity of personally identifiable information or intellectual
property are at high risk of being targeted by advanced persistent threats.
Some of the world’s
most well known
organizations have
adopted AlienVault
USM to combat this
threat.
6. THE ALIENVAULT USM SOLUTION: NETWORK INTRUSION DETECTION
Network IDS is embedded in our platform, giving you the ability to detect network level
attacks including identifying network activity originating from malicious code.
Network IDS
signatures are
updated frequently to
keep you on the front
lines of advanced
detection
7. THE ALIENVAULT USM SOLUTION: HOST INTRUSION DETECTION
Monitoring your mission critical servers
through host IDS agents allow you to
detect an APT attempting to spread out
and gather sensitive information.
File integrity checking
Registry key integrity
checking
Operating system logging
Centralized management
8. THE ALIENVAULT USM SOLUTION: IP REPUTATION
Tracking activity from attackers around the world allows AlienVault USM to alert you when bad
actors are accessing your network.
Automatically
correlates known
attackers with
detected intrusions
and malware activity
from both the
network and host
intrusion detection
systems
9. Security
Asset Discovery
Piece it all
Intelligence
together
Look for strange
Behavioral
activity which could
Monitoring
indicate a threat
•
•
•
•
Active Network Scanning
Passive Network Scanning
Asset Inventory
Host-based Software Inventory
Vulnerability Assessment
Figure out what
Asset
is valuable
Discovery
• Network Vulnerability Testing
Threat Detection
•
•
•
•
Network IDS
Host IDS
Wireless IDS
File Integrity Monitoring
Behavioral Monitoring
Threat
Start looking
for threats
Detection
Identify ways the
Vulnerability
target could be
Assessment
compromised
• Log Collection
• Netflow Analysis
• Service Availability Monitoring
Security Intelligence
• SIEM Correlation
• Incident Response
10. UNIFIED SECURITY MANAGEMENT
“Security Intelligence through Integration that we do, NOT you”
USM Platform
•
•
Bundled Products - 30 Open-Source Security tools to plug
the gaps in your existing controls
•
•
USM Framework - Configure, Manage, & Run Security
Tools. Visualize output and run reports
USM Extension API - Support for inclusion of any other
data source into the USM Framework
Open Threat Exchange –Provides threat intelligence for
collaborative defense
12. VIEW ON DEMAND
To watch a recorded version
of this webcast on demand.
Click Here
Notes de l'éditeur
\
Who do we sell toHow to find themHow to engageEmphasis on categories in which we play (e.g. IDS, Vuln Assessment, Asset Discovery...)Quick market/vendor overview of these categories (high level competitive)
Most organizations look like this… there’s a myriad of security solutions in their environment all promising to deliver greater visibility.
Most organizations look like this… there’s a myriad of security solutions in their environment all promising to deliver greater visibility.
Most organizations look like this… there’s a myriad of security solutions in their environment all promising to deliver greater visibility.
Most organizations look like this… there’s a myriad of security solutions in their environment all promising to deliver greater visibility.
Most organizations look like this… there’s a myriad of security solutions in their environment all promising to deliver greater visibility.
Most organizations look like this… there’s a myriad of security solutions in their environment all promising to deliver greater visibility.
So how do we do this ? We’ve pieced together all of the necessary security tools to feed the correlation engine, provide meaningful data, and manage entire networks from a single-pane-of-glass. -The essential elements of a SIEM are the ability to capture events and pull these into an engine that can parson, normalize, correlate, and log them.-What most folks in the security world will tell you is that in order to have a battle tested security solution – you need to extend the capabilities of that SIEM to take other information than just the logs. And we’ve done just that.-First, we realize folks need to know what assets are on their system to protect. We do that by building in Asset Discovery Tools, where we can automatically populate a database of assets on your network by scanning both passively and actively, identifying hosts and installed software packages.-Once we’ve identified what’s on your networks at all times, we’ve built in the ability to find out where your system might be vulnerable. Vulnerability assessment tools allow us to cross correlate vulnerability information with up to date detection rules to identify the weaknesses that hackers exploit. -On top of that, our built in Threat detection tools are actively searching for breaching attempts. Our aim is to cover all of your bases to include Host based IDS, Network IDS, File Integrity Monitoring and even Wireless IDS. -The 4th piece is behavioral monitoring. Security teams need to track user behavior that will give you the coverage you need for unknown threats – typically exemplified by strange or anomalous network or system behavior – this includes netflow analysis, service availability and of course log collection and analysis for in-depth forensic investigations.-Finally, aggregatiing these security controls altogether for correlation and analysis provides the intelligence you need in order to stay ahead of the bad guys and be pro-active instead of reactive in your security approach.
In fact, AlienVault offers the only unified security management solution to unify the five essential security capabilities you need for complete security visibility. This translates into rapid time to value – faster and easier audits, targeted remediation, and more seamless incident response.
As you know, it’s never easy to fight for budget, especially when that budget is shrinking. We hear from many customers who say that they’re looking to achieve more with less – less people, less time, less budget. The respondents in our survey echoed this refrain. Thanks to AlienVault, they’re getting a better handle on their environment, our solution was easy to deploy and more than half agreed that they’re now able to do more with less.