We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

AlienVault creates centralised threat detection system

Company claims its cloud-based threat detection solution is more comprehensive than those from other vendors

Open-source security information and event management (SIEM) vendor AlienVault has launched a new system for sharing threat intelligence among users of its OSSIM platform.

SIEM technology provides real-time analysis of security alerts generated by network hardware and applications. While the technology is used widely, OSSIM claims to have the largest number of users - more than 18,000 and to be the only open source-based SIEM platform.

Previously, OSSIM threat intelligence could only be shared within individual organisations. However, AlienVault's new Open Threat Exchange (AV-OTX) system allows intelligence to be shared among all its customers that opt to use the service, meaning that the threat data is far more comprehensive.

"Many of our large customers were coming to us and saying they needed a way to know what was going on in the wider community," said Richard Kirk, Head of Europe for AlienVault. "They could see what was happening in their own network but they knew that they were only a small piece of the global community."

AlienVault customers can opt to use the new service by downloading the latest version of OSSIM for free. The new version of OSSIM uploads a set of data from the local system to AlienVault's secure cloud on an hourly basis. Some of the data will be automatically cleansed and validated, and the rest is reviewed by a group of scientists in AlienVault's Research Lab, to ensure that only the most accurate and actionable intelligence is published.

That intelligence data is then distributed to all of the OSSIM users that have opted to use the service, allowing them to react quickly or take preventative measures against future threats.

AlienVault is not the only security firm to offer a central threat detection system. Symantec, McAfee and Trend Micro also collect intelligence data from their customers in order to detect threats early and respond quickly. However, Kirk claims that these companies are only looking at one small slice of what's going on.

"In the case of McAfee, for example, all they're looking at is anti-virus information," said Kirk. "It's very sophisticated what they do, because they collect and process anti-virus information from all of the clients that they have, but at the end of the day it's only anti-virus. They're not looking at intrusion detection, they're not looking at firewall information, they're not looking at proxy servers, web servers, all those things. Only an SIEM platform can do that."

AlienVault expects the new system to be particularly attractive to telecoms companies, that run networks on behalf of large banks or industrial companies, as it allows them to automate the monitoring and protection of all those systems across the board.

"Internet threats are global by nature and they need to be countered from an equally global perspective," said Jose Luis Gilperez, director of product development and security innovation at Telefonica Digital, a customer of AlienVault.

"With the AlienVault Open Threat Exchange, an attack on any part of our network or on any member of the AV-OTX community alerts everyone in the community and helps us all respond to threats far more effectively."


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

LED vs Halogen: Why now could be the right time to invest in LED bulbs

IDG UK Sites

Christmas' best ads: See great festive spots studios have created to promote themselves and clients

IDG UK Sites

Stop running out of cellular data on your iPhone, see which apps use the most data