Open-source security information and event management (SIEM) vendor AlienVault has launched a new system for sharing threat intelligence among users of its OSSIM platform.
SIEM technology provides real-time analysis of security alerts generated by network hardware and applications. While the technology is used widely, OSSIM claims to have the largest number of users - more than 18,000 and to be the only open source-based SIEM platform.
Previously, OSSIM threat intelligence could only be shared within individual organisations. However, AlienVault's new Open Threat Exchange (AV-OTX) system allows intelligence to be shared among all its customers that opt to use the service, meaning that the threat data is far more comprehensive.
“Many of our large customers were coming to us and saying they needed a way to know what was going on in the wider community,” said Richard Kirk, Head of Europe for AlienVault. “They could see what was happening in their own network but they knew that they were only a small piece of the global community.”
AlienVault customers can opt to use the new service by downloading the latest version of OSSIM for free. The new version of OSSIM uploads a set of data from the local system to AlienVault's secure cloud on an hourly basis. Some of the data will be automatically cleansed and validated, and the rest is reviewed by a group of scientists in AlienVault's Research Lab, to ensure that only the most accurate and actionable intelligence is published.
That intelligence data is then distributed to all of the OSSIM users that have opted to use the service, allowing them to react quickly or take preventative measures against future threats.
AlienVault is not the only security firm to offer a central threat detection system. Symantec, McAfee and Trend Micro also collect intelligence data from their customers in order to detect threats early and respond quickly. However, Kirk claims that these companies are only looking at one small slice of what's going on.
“In the case of McAfee, for example, all they're looking at is anti-virus information,” said Kirk. “It's very sophisticated what they do, because they collect and process anti-virus information from all of the clients that they have, but at the end of the day it's only anti-virus. They're not looking at intrusion detection, they're not looking at firewall information, they're not looking at proxy servers, web servers, all those things. Only an SIEM platform can do that.”
AlienVault expects the new system to be particularly attractive to telecoms companies, that run networks on behalf of large banks or industrial companies, as it allows them to automate the monitoring and protection of all those systems across the board.
“Internet threats are global by nature and they need to be countered from an equally global perspective,” said Jose Luis Gilperez, director of product development and security innovation at Telefonica Digital, a customer of AlienVault.
“With the AlienVault Open Threat Exchange, an attack on any part of our network or on any member of the AV-OTX community alerts everyone in the community and helps us all respond to threats far more effectively.”