About AlienVault

“There are two types of companies that use

computers. Victims of crime that know they are

victims of crime and victims of crime that don’t

have a clue yet.”

- James Routh (CISO

Depository Trust Clearing Corporation)

“In today’s modern world, technology alone is not enough to

combat the threats that now face organizations of all types and

sizes. With the integration of continuous threat intelligence

updates from OTX and AlienVault Labs, we can now provide

millions of Spiceworks users with insight into the threats that

could impact their business, and the guidance they need to take

preventative measures.”

- Russ Spitler

What is this SpiceWorks / AlienVault Integration?

Where does the threat data come from?

What should I do when I get an AlienVault alert in SpiceWorks?

Introduction to AlienVault USM.

Demo with Victor Obando, systems engineer.

Agenda

AlienVault Threat Alerts in Spiceworks

Alerts in Spiceworks:Dashboard & Device Details Page

“SpiceWorks has found a connection with a potentially suspiciousIP Address 77.240.191.89 on device tmg-mbh.“

Investigating You Threat Alert

Threat Details

Remediation Advice

False Positives… The Root Cause

IPs ChangeIPs may be assigned to a different server, owner

Threats Get RemediatedIn the case of compromised/slaved servers, system owners may

remediate threat

Threats Naturally ExpireCampaigns and targeted attacks end per orchestrator’s plans

windows.update.nsatc.net

safe.happy.unicorns.malware.hackyou.com

The world’s largest crowd-sourced

threat repository

Provides access to real-time,

detailed information about threats

and incidents

Enables security professionals to

share threat data and benefit from

data shared by others

Powers the AlienVault Threat Alerts

in SpiceWorks

What is Open Threat Exchange (OTX)?

OTX + AlienVault LabsThreat Intelligence Powered by Open Collaboration

Updates every30 minutes200,000 – 350,000 IP addresses validated daily8,000 Collection Points140 Countries and growing

Threat Types Detected

Malware DomainDistributing malware or hosting exploit code

Malware IPInstrumental in malware, including malicious redirection

Command and ControlSending command and control instructions to malware or a botnet

Scanning HostObserved repeatedly scanning or probing remote systems

APTObserved to be actively involved in an APT campaign

Spamming HostActively propagating or instrumental in the distribution of spam

Malicious HostEngaged in malicious but uncharacterized activity

Data Expiry & Privacy

122.225.118.219 # Scanning Host

CN,Hangzhou,30.2936000824,120.161399841

122.225.118.66 # Scanning Host

CN,Hangzhou,30.2936000824,120.161399841

188.138.100.156 # Malware IP;Scanning Host DE,,51.0,9.0

211.87.176.197 # Scanning Host CN,,35.0,105.0

95.163.107.201 # Spamming RU,,60.0,100.0

188.138.110.48 # Malicious Host;Scanning Host DE,,51.0,9.0

72.167.131.220 # Malware IP US,Scottsdale,33.6119003296,-

111.890602112

174.120.172.125 # Malware IP US,Houston,29.7523002625,-

95.3669967651

210.148.165.67 # Malware IP JP,,36.0,138.0

75.75.253.84 # Spamming US,Henderson,36.0312004089,-115.073898315

What OTX CollectsExternal IPs connecting to system

Traffic Patterns (Timestamps)

What OTX Does NOT CollectSystem data

System information

Internal IP traffic

Any personally identifiable

information

Contributed Data

Expires after 30 Days

Scanning

Expires after 30 Days without

additional evidence

Contributed Data

Expires after 30 Days

Scanning

Expires after 30 Days without

additional evidence

August 7thAugust 28th

September 4th

August 20th

Aug 7, 2014

September 2nd

September 10th

August 15th

August 27th

Recent Breach Disclosures

More and more organizations are finding

themselves in the crosshairs of various bad

actors for a variety of reasons.

The number of organizations experiencing

high profile breaches is unprecedented.

The “security arms race” cannot continue

indefinitely as the economics of securing your

organization is stacked so heavily in favor of

those launching attacks that incremental

security investments are seen as impractical.

Threat Landscape: Our New Reality

84% of organizations breached

had evidence of the

breach in their log files…

Source: 2012 Verizon Data Breach Investigations Report

OR

UNIFIED SECURITY

MANAGEMENT

You’ve Got Options: Many Point Solutions… Integration Anyone?

Asset Discovery• Active Network Scanning

• Passive Network Scanning

• Asset Inventory

• Host-based Software

Inventory

Vulnerability Assessment• Network Vulnerability Testing

• Remediation Verification

Threat Detection• Network IDS

• Host IDS

• Wireless IDS

• File Integrity Monitoring

Behavioral Monitoring• Log Collection

• Netflow Analysis

• Service Availability Monitoring

Security Intelligence• SIEM Event Correlation

• Incident Response

Unified, Coordinated Security Monitoring in a single console

Simple Security Event Management and Reporting

Cutting edge, crowd-sourced threat intelligence from

AlienVault Labs and Open Threat Exchange™ (OTX)

SIEM, Network IDS, Host IDS, Wireless IDS, File Integrity

Monitoring, Vulnerability Assessment and more.

Full suite of compliance reporting

Fast Deployment – Be up and running in 1 hour

Designed and Priced for the Midmarket – Starts at $3600!

Why AlienVault for Your Environment

AlienVault Labs Threat Intelligence:Coordinated Analysis, Actionable Guidance

Weekly updates that cover all your coordinated rule sets:

• Network-based IDS signatures

• Host-based IDS signatures

• Asset discovery and inventory database updates

• Vulnerability database updates

• Event correlation rules

• Report modules and templates

• Incident response templates / “how to” guidance for each alarm

• Plug-ins to accommodate new data sources

Fueled by the collective power of AlienVault’s Open Threat Exchange (OTX)

Award-Winning Solution Used by 10,000+ for Threat Detection,

Incident Response and Compliance Management

Now Lets SeeIt In Action

More Questions?

Email Hello@AlienVault.com

Thank You! Any Questions?

Test Drive AlienVault USM

Download a Free 30-Day

Trialhttp://www.alienvault.com/free-trial

Try Our Product Sandboxhttp://www.alienvault.com/live-demo-site