We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

AlienVault creates centralised threat detection system

Company claims its cloud-based threat detection solution is more comprehensive than those from other vendors

Open-source security information and event management (SIEM) vendor AlienVault has launched a new system for sharing threat intelligence among users of its OSSIM platform.

SIEM technology provides real-time analysis of security alerts generated by network hardware and applications. While the technology is used widely, OSSIM claims to have the largest number of users - more than 18,000 and to be the only open source-based SIEM platform.

Previously, OSSIM threat intelligence could only be shared within individual organisations. However, AlienVault's new Open Threat Exchange (AV-OTX) system allows intelligence to be shared among all its customers that opt to use the service, meaning that the threat data is far more comprehensive.

"Many of our large customers were coming to us and saying they needed a way to know what was going on in the wider community," said Richard Kirk, Head of Europe for AlienVault. "They could see what was happening in their own network but they knew that they were only a small piece of the global community."

AlienVault customers can opt to use the new service by downloading the latest version of OSSIM for free. The new version of OSSIM uploads a set of data from the local system to AlienVault's secure cloud on an hourly basis. Some of the data will be automatically cleansed and validated, and the rest is reviewed by a group of scientists in AlienVault's Research Lab, to ensure that only the most accurate and actionable intelligence is published.

That intelligence data is then distributed to all of the OSSIM users that have opted to use the service, allowing them to react quickly or take preventative measures against future threats.

AlienVault is not the only security firm to offer a central threat detection system. Symantec, McAfee and Trend Micro also collect intelligence data from their customers in order to detect threats early and respond quickly. However, Kirk claims that these companies are only looking at one small slice of what's going on.

"In the case of McAfee, for example, all they're looking at is anti-virus information," said Kirk. "It's very sophisticated what they do, because they collect and process anti-virus information from all of the clients that they have, but at the end of the day it's only anti-virus. They're not looking at intrusion detection, they're not looking at firewall information, they're not looking at proxy servers, web servers, all those things. Only an SIEM platform can do that."

AlienVault expects the new system to be particularly attractive to telecoms companies, that run networks on behalf of large banks or industrial companies, as it allows them to automate the monitoring and protection of all those systems across the board.

"Internet threats are global by nature and they need to be countered from an equally global perspective," said Jose Luis Gilperez, director of product development and security innovation at Telefonica Digital, a customer of AlienVault.

"With the AlienVault Open Threat Exchange, an attack on any part of our network or on any member of the AV-OTX community alerts everyone in the community and helps us all respond to threats far more effectively."

IDG UK Sites

LG G4 Note UK release date and specification rumours: Samsung Galaxy Note 5 killer could be the LG 3......

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 off Retina iMac with new model