improve threat detection for education organizations with alienvault usm
Post on 05-Aug-2015
160 Views
Preview:
TRANSCRIPT
To simplify how organizations detect and mitigate threats
Enable organizations to benefit from the power of crowd-sourced threat intelligence & unified security
AlienVault Vision
Unified Security Management PlatformA single platform for simplified, accelerated threat detection, incident response & policy compliance
AlienVault Labs Threat IntelligenceCorrelation rules and directives written by ourAlienVault Labs team and displayed throughthe USM interface
Open Threat Exchange The world’s largest repository ofcrowd-sourced threat data providing acontinuous view of real time threats that mayhave penetrated the company’s defenses.
Unified Security Management
Customer Success: Council Rock
Matthew Frederickson, Director of Information Technology for Council Rock School District12th largest school district in Pennsylvania (out of 500)
• 11,200 students, 1,300 staff• 2 High Schools, 3 Middle Schools, 10 Elementary Schools• 72 square miles• 10 person IT department
Key challenges:• Similar external threats that everyone else faces, plus…
“Curious” students who like to see what they can get away with Budget constraints Accountable to many stakeholders – school district management,
community, teachers, administrators, parents, etc.
Customer Success: Council Rock
Factors for choosing USM:• Started with SANS 20 Critical Security Controls• High visibility into the network with a tool that doesn’t require a lot
of care & feeding• Scalable• Measures what matters – out of the box
Communications with known malicious IPs (OTX) Not overwhelmed with alerts – built-in correlation directives
filter the signal from the noise Alerts when abnormal trends are observed Weekly threat intelligence updates to alert on emerging threats
Customer Success: Council Rock
Benefits gained using USM:• Identifying scripts brought in via thumb drives to scan network
& other mischief from students• Identifying malware distributed via spear-phishing among staff• Alerts for the things that need attention, not overwhelmed
with false positives• Comprehensive, customizable reporting• Certainty about what is going on in the network
ASSET DISCOVERY• Active Network Scanning• Passive Network Scanning• Asset Inventory
VULNERABILITY ASSESSMENT• Continuous
Vulnerability Monitoring• Authenticated /
Unauthenticated Active Scanning
BEHAVIORAL MONITORING• Log Collection• Netflow Analysis• Service Availability
Monitoring
SECURITY INTELLIGENCE/SIEM• SIEM Event Correlation• Incident Response
THREAT DETECTION• Network IDS• Host IDS• File Integrity Monitoring
USM Platform
Integrated, Essential Security Controls
Headline Avoidance Checklist
Integrate tools into a single operating console or dashboardMaintain a continually updated software inventoryUse continuous vulnerability monitoringComplete a hardware inventoryUse network mappingIncorporate log aggregation and correlationTake threat intelligence feeds for threat identification and prioritization
SANS Report: Practical Threat Management for Education Organizations
Protection on a Budget
Four Valuable Questions for SIEM Vendors
• How quickly can you get meaningful insights from the SIEM?• How much training is required for staff to use the SIEM?• How easily does the SIEM scale as the organization grows?• Does the SIEM integrate host-based agents, or is it limited to receiving logs from syslog or other forwarders?
SANS Report: Practical Threat Management for Education Organizations
888.613.6023
ALIENVAULT.COM
CONTACT US
HELLO@ALIENVAULT.COM
Now for some Questions..
Questions? Hello@AlienVault.comTwitter : @alienvault
Test Drive AlienVault USM Download a Free 30-Day Trialhttp://www.alienvault.com/free-trial
Check out our 15-Day Trial of USM for AWShttps://www.alienvault.com/free-trial/usm-for-aws
Try our Interactive Demo Sitehttp://www.alienvault.com/live-demo-site
top related