AlienVault Virtual Appliance Detects Threats, Assesses Vulnerabilities

 
 
By Brian Prince  |  Posted 2013-04-17
 
 
 

Security vendor AlienVault released a new product on April 16 combining asset discovery, vulnerability assessment, threat detection and behavioral monitoring into one platform.

AlienVault's Unified Security Management virtual appliance blends these technologies together in a single product. The appliance is compatible with VMware ESXi and Proxmox virtual environments. It also offers customers easier host-based intrusion detection for distributed environments as well as enhanced and centralized administration through a Web-based user interface.

"Security point solutions come with the under-appreciated cost of integration," said Russell Spitler, vice president of product management at AlienVault. "Each capability provides visibility into some aspect of the user's environment, but when implemented in isolation it is hard to piece together the complete picture.  Providing the essential security capabilities in a single system provides the end user with a quick and easy path to getting security visibility without having to spend the time to integrate a number of costly point solutions."

Two key pieces of the product are the vulnerability assessment and network behavioral monitoring. The vulnerability assessment engine is driven by threat intelligence provided by the company, and offers the ability to detect the latest vulnerabilities discovered by the research and vendor communities, Spitler told eWEEK.

"The vulnerabilities discovered in your environment are displayed in-line with the other events and threats observed, providing a view of the vulnerabilities in the context of the threats the environment is facing," he said.

"The behavioral monitoring capabilities of the platform aim to provide the user with the context for investigating potentially malicious behavior," he said. By "gathering data such as the typical bandwidth, protocols and services used by a system, AlienVault provides historical context to users investigating alarms. Providing the context that the Skype protocol is coming from one of your database servers is the difference between catching an intruder and issuing a press release to your customers" about an intrusion.

Calling the midsize market "sometimes underserved," 451 Group analyst Javvad Malik said small to midsize businesses need to have their security requirements filled without being forced to invest significantly in architecture. AlienVault's new appliance can help solve those needs, he said.

"By bundling and integrating security controls such as IDS [Intrusion Detection Systems], IPS [Intrusion Prevention Systems], asset discovery, vulnerability scanners and security intelligence, and supporting both virtual and cloud environments at a competitive price point, AlienVault has the potential to make significant inroads into the midmarket," Malik said in a statement.

Along with the time it takes to integrate individual point solutions, there is also a requirement for subject matter experts to perform that integration, Spitler said.

"Right now the broader security industry is experiencing a substantial shortfall in security experts," he said. "Small businesses often do not have the expertise in-house to even start down the path to achieving visibility into their environment. This offering makes it possible for small businesses to start this journey, but it is made for any security team who needs to get more done with less."

The company is offering free customer support and maintenance as well as a subscription to AlienVault Labs Threat Intelligence for the first year. Pricing for the appliance starts at $3,600. It is available now.

Rocket Fuel