Product Review: USM Anywhere

There are so many threats in our modern age of connectivity, but is there an easy way to stay on top of them? Thanks to software as a service (SaaS) USM Anywhere™ from AlientVault®,  the only company called “visionary” in the Gartner SIEM (security information and event management) Magic Quadrant in 2013, 2014, 2015 and 2016, your security protection will be more comprehensive and simpler.


AlienVault - Security Intel 4.3
AlienVault: USM Anywhere’s dashboard displays the type of threats your company faces in an easy-to-read interface.


USM Anywhere is a unified security management (USM) SaaS that provides comprehensive security monitoring in just one solution. It covers five essential security capabilities: asset discovery for hardware and software, vulnerability assessment to scan the cloud and network, intrusion detection on the host, network and file level, behavioral monitoring of what users are doing online and SIEM log management for correlation, analysis and response to security event data.


The first typical use case for USM Anywhere is threat detection to look at what is coming through like malware, multiple admin accounts, hacking or vulnerabilities that need patching. The second use case is incident response to provide guidance, a threat detection service that updates intelligence, rules and the reason why the alert or alarm is triggered, where it was coming from, what was attacked and the guidance to remediate. The third use case is compliance management of regulations and policies that ensure that no one changes controls and that organizations follow compliances like HIPAA, GLBA or PCI.


USM Anywhere’s threat intelligence uses correlation rules that continuously analyze threats and automatically detect and link behavior patterns from disparate but related events to alert you of the most dangerous ones. This is useful for companies with small or nonexistent IT teams who are either not aware of or have little time to mitigate attacks. Attacks can stem from malicious actors like malware, brute force authentication, phishing attempts and infected sites, insiders like privilege escalation, employees sharing content outside of the organization or downloading it to a thumb drive and vulnerabilities in operating systems.


AlientVault: You can set up and see your data in USM Anywhere in less than an hour
AlienVault: You can set up and see your data in USM Anywhere in less than an hour.


To implement USM Anywhere takes under an hour, an asset for a resource-strapped company. Using your on-premises computer or server, you download one USM Anywhere sensor in an environment that you want to monitor. It connects to AlienVault’s cloud services to monitor the sensor’s API and understand its traffic. In thirty minutes, the system is fully functional so you can look at and take advantage of the data you want. USM Anywhere is single tendency so every customer’s account is isolated from other customers’ and tight internal security and compliance regulations mean that only those AlienVault employees who need access to customers’ data can. Should you run into any problems, there are documentation, a community forum and a support team. The process is simple enough for you to set up yourself, but if you want extra help AlienVault has training and certified implementation partners who can deploy, configure or customize your solution.


You can hook up the sensors for cloud monitoring of Amazon Web Services (AWS) or Microsoft Azure Cloud. On your office or retail store premises, virtual sensors are available for Microsoft Hyper-V and VMware that monitor your physical and virtual IT infrastructure with event forwarding or agent installation. For instance, you can install USM Anywhere’s OS query on desktops with Unix or Windows systems which forward the events to your dashboard. It comes with one sensor, but additional can purchased for $150 monthly.


The user-friendly, graphical dashboard provides a single view of all of your critical infrastructure and the ability to compare different time periods. Information goes through the network as logged activities so USM Anywhere knows when events violate policy and set off event alerts. Alarms are immediately emailed and available for instant investigation in the cloud dashboard for you to view on a mobile device without having to be at your servers. The alarms describe the who, what, why, when and how of the attack with the option to analyze greater detail, such as exact log entries. They also contain next steps to manage the attacks; for example, the ability to send the IP address of malicious servers or domains to Cisco Umbrella, which will block employee and system access of those IP addresses. The data is sent to the AlienVault Cloud for security analysis and goes into hot storage to be searchable for 90 days, then for one year is in cold storage to prevent modification. Companies that need to store their data for multiple years as part of HIPAA or other compliances can optionally purchase more.


AlienVault: Drill down to search for and view the time and types of specific security attacks.


No security system is going to provide absolute safety for your IT systems, however, USM Anywhere is close by staying in step with threats. The AlienVault Labs Security Research Team looks for and delivers updated threat detection to customers every 30 minutes. Its Open Threat Exchange® (OTX®) is an open source community of over 50,000 participants from more than 140 countries that gather over ten million threat indicators daily. A good example is the Google Docs phishing scam on May 3, 2017. What looked like a shared document coming from a personal contact actually was a malicious actor, but the OTX team delivered an updated rule for all users to detect it and alerted them before most knew they had been attacked.


USM Anywhere also stays on top of the bad guys with AlienApps™. In the past, your company may have bought a solution that provides specific security but as threats continuously evolve it forces you to pay a lot to constantly update it. AlienApps is an agile framework that wraps new security capabilities around your company’s existing tools and displays the data from their APIs in USM Anywhere’s dashboard. There are current AlienApps for Google G Suite, Office 365 and Cisco Umbrella.


Other competitors can complete each essential security capability, but AlienVault’s USM Anywhere will provide your company with the most comprehensive security monitoring within a single SaaS solution which saves you time, money and resources. As your hybrid cloud environment changes and grows, USM Anywhere’s Open Threat Exchange and AlienApps continuously check for threats and solutions to ensure your company stays protected even as things constantly change ensuring that it scales to match your threat detection needs. Pricing is based on your data usage and starts at $1,575 per month for 250GB. For more information, contact AlienVaults, sign up for a demo, read user reviews on TrustRadius or chat with them at the upcoming Gartner Summit, Automation Nation, BSides Chicago or Black Hat conferences.

Additional Resources