Small and midsized businesses (SMBs) today face many of the same data security challenges as larger enterprises, but typically without an army of dedicated IT staffers.
To level the playing field, AlienVault, a San Mateo, Calif.-based security and threat intelligence specialist, today launched USM Anywhere. This new software-as-a-service security monitoring platform, inspired by the company's USM (Unified Security Management) Appliance for on-premises deployments, offers threat detection, compliance management and incident response capabilities that stretch across cloud, hybrid-cloud and in-house IT environments.
USM Anywhere can start delivering security insights within minutes of deployment. Better still, said Denny LeCompte, senior vice president of products at AlienVault, it drastically reduces the time and effort required by overworked IT administrators to maintain their security setups.
"As a one-man security team, the last thing you want to do is manage an appliance," LeCompte said. With USM Anywhere, IT pros can focus on the well-being of their environments instead of deploying, configuring and upgrading systems.
Cloud computing has allowed countless startups and SMBs to flourish and serve customer bases that would have overwhelmed the server rooms of yesteryear. The problem with the cloud is that traditional security tools often don't cross the on-premises/cloud divide, forcing businesses to cobble together multiple, siloed solutions for a full picture of their organization's security posture.
And lowering one's guard in respect to the cloud is not an option, asserted LeCompte.
"Ransomware can happen the same on a cloud infrastructure as it can on-premises," he warned. Nowadays, attackers employ malware-as-a-service techniques to continually probe cloud environments, looking to vulnerabilities in hastily-deployed services and applications. It's a frightening prospect considering that businesses are increasingly entrusting the cloud with their sensitive data.
USM Anywhere provides end-to-end security visibility in one product, eliminating blind spots for IT personnel tasked with managing their organization's local and cloud security. Resource-sipping sensors allow customers to monitor their Amazon Web Services (AWS) and Microsoft Azure cloud infrastructure assets. Similarly, virtual sensors for VMware and Microsoft Hyper-V extends visibility into physical and virtual infrastructures back home.
The key, explained LeCompte in a Feb. 7 blog post, is that each sensor is tailored to the environment on which it's running.
"Each sensor has some common functionality to talk to the USM Anywhere Secure Cloud, but mostly it leverages specific knowledge about the infrastructure it was built to monitor," he wrote. "For instance, USM Anywhere 'knows' about AWS CloudTrail—just allow the sensor to access it, and it starts looking for threats in your AWS environment." AWS CloudTrail provides users with a log of API (application programming interface) calls made to their accounts, enabling threat analysis and compliance auditing, among other activity-tracking capabilities.
"The same is true for Azure. On premises, USM Anywhere's virtual sensors take advantage of the unique attributes of VMware and Hyper-V," continued LeCompte.
Cutting-Edge Threat Intelligence
To help root out advanced security threats, USM Anywhere uses intelligence gleaned by the company's machine-learning technologies, the experts that make up AlienVault Labs Security Research Team and the Open Threat Exchange (OTX) community. The latter is a "big clearinghouse [of] information about malware and bad IP addresses" shared by 53,000 threat researchers and IT professionals that keep their fingers on the pulse of the cybersecurity scene, said LeCompte.
AlienVault's own security researchers continually analyze these community contributions, separating "the good info from the noise," he added. Finally, this threat intelligence is continually delivered to customers, helping them avoid the pitfalls of an ever-evolving threat landscape.
And USM Anywhere is extensible, allowing organizations to connect their tried-and-true security tools. With AlienApps, businesses can integrate Cisco Umbrella and McAfee ePO, with more integrations on the way, according to the company.