Cool Startup AlienVault

AlientVault, the leading cyber security startup offering an open source SIEM and IDS has raised more than $66M to date, from the likes of Intel Capital and Kleiner Perkins. The co-founders of AlienVault, Julio Casal and Dominique Karg, originally developed OSSIM, the most widely used open source SEIM on the market today. The platform includes Snort and Suricata IDS. Creating a commercial offering of the product was an excellent move, that will attract a larger customer base to the platform.

Deploying a commercial security product, as opposed to an open source application is orders of magnitude better in a production environment. In this case, OSSIM has been hardened, and thoroughly vetted, eliminating all security vulnerabilities within the application code. The commercial version is competitively priced, and comes with all the bells and whistles that you would expect,  including the support for wireless IDS. The AlienVault security platform is the perfect fit for the mid-market and SMB market.

The AlienVault platform comes fully loaded with SIEM correlation and reporting, IDS, asset and network discovery, network security monitoring, and  full packet inspection engine. If there are any anomalies in the traffic, packets are captured, and events are created and mapped to the packets. In addition, AlienVault has developed a first class research and development arm that is active in the global community, detecting malware variants, and collaborating with government agencies, security researchers and academia. Their R&D is on the same level Panda Security, Kaspersky and Webtrends.

Company Background
  • Started: 2007
  • Raised: $66.4M in Funding
  • Linkedin Employee Count: 103
  • Executives: Julio Casal (Co-founder), Dominique Karg (Co-founder), Bermak Meftah (CEO), Roger Thorton (CTO)
  • Product: SIEM (Security Info & Event Mgmt), Log Management, IDS and Network Security Monitoring
  • Value Prop: Security Platform with SIEM correlation & reporting, advanced threat and malware detection, 3 types of IDS, behavioral monitoring and vulnerability assessment/remediation
  • Customers: Education, Cities, Mid-market and Large Enterprise
Platform Features
  • First Class R&D: Global honeypot deployments with 8,000 collection points in 140 countries, daily malware analysis of 500,000 samples per day, continuous monitoring hacker forums, and global collaboration with government agencies and security researchers
  • Asset and network discovery tool
  • Three intrusion detection systems: network IDS, host-based IDS, and wireless IDS
  • Host-based IDS: analyzes system behavior, user access and user activity
  • Wireless IDS: identifies rogue access points and unauthorized login attempts
  • Network IDS: Includes open source Snort & Suricata for signature-base anomaly protection and protocol analysis
  • Platform is based on OSSIM (commercialized it), the largest open source SIEM
  • Full packet capture: packet that sets a trigger is captured and mapped to IDS event
  • Integrates with 3rd party IDS systems
  • Log management and analysis feeds into event correlation engine, that detects advanced threats
  • 1600 event correlation rules used against raw logs with attack prioritization cool startup alienvault