AlienVault Advances Open-Source SIEM

 
 
By Sean Michael Kerner  |  Posted 2014-02-20
 
 
 

Security vendor AlienVault released a milestone update on Feb. 19 for both its open-source and commercial Security Information and Event Management (SIEM) solutions, aiming to provide an improved user experience and enhanced security visibility.

SIEM technology plays a pivotal role in the modern security landscape, enabling organizations to log and monitor security events. The Open Source Security Information Management (OSSIM) 4.5 and AlienVault Unified Security Management (USM) 4.5 releases both debuted this week with new capabilities. AlienVault is the lead commercial sponsor of the OSSIM open-source project.

OSSIM contains all of the new features found in USM v4.5, Russell Spitler, vice president of product management at AlienVault, told eWEEK.

"As always, we work to make security possible for everyone," Spitler said. "However, in USM we add some additional features to make it possible for organizations to meet regulatory requirements, and provide the rules and configuration to detect the latest threats through our AlienVault Labs Threat Intelligence Subscription."

A key attribute of the new 4.5 update is improved visibility and user experience. Spitler explained that a substantial amount of effort was put into the release to work with AlienVault's open-source and commercial install base in order to identify places where users were working too hard to get answers to questions about their environment.

"Through user testing and interviews, we identified places where we could provide simplified workflows or visualizations to make their lives easier and the time spent more efficient," he said.

One of the visibility changes is a consolidated search feature across all security and asset data that AlienVault collects. Users can now run simple queries such as identifying all of a user's database servers that have critical vulnerabilities, Spitler said.

The new update also benefits from a dynamic deployment feature. Spitler noted that new assets and services can come online without any prior notice, which can cause substantial issues for security teams. Dynamic deployment monitors the environment for changes using asset discovery capabilities, including periodic network scans and passive network monitoring.

"Once a new asset is identified, deployment suggestions are made through the user interface to help the security team integrate new data sources as they come online," he said.

In September 2013, AlienVault raised $26.5 million in a Series D round of funding, bringing total funding for the company to $62 million. At that time, AlienVault CEO Barmak Meftah told eWEEK that his company was gearing up to meet the requirements of the Payment Card Industry Data Security Standards (PCI-DSS) version 3. PCI-DSS 3 formally went into effect on Jan. 1, 2014.

A number of the features in the 4.5 release, such as the dynamic deployment, make it easier to be in compliance in the environments, which are subject to regulation, Spitler said. However, he added that AlienVault has not yet released explicit PCI v3 support in its USM product.

Moving forward, Spitler said a number of features in the USM 4.5 release, such as the dynamic deployment and the user interface enhancements, are setting the stage for some major compliance-related improvements over the next few months.

"We are working hard to make the life of those on the front lines of security easier," Spitler said.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Rocket Fuel