Concerns about network security at organizations, companies and other entities are increasing, given the growing threat and sophistication of information intruders: files whose purpose it is to invade a computer’s privacy, causing damage and altering its software. Against this, the company AlienVault has created an Ossim tool that is able to monitor and detect threats in real time and in a coordinated manner. This tool includes systems to detect both intruders and anomalies in the network, as well as perform automatic inventory.
AlienVault works in the SIEM system (Security Information and Event Management), which makes it easier to manage the volumes of information generated by security applications (antivirus, firewalls, etc.). The system enables users to take action more easily in case of attacks or situations of risk for network security.
The company was founded in 2007 in order to lend international support to the Open Source OSSIM project. The appearance of Ossim technology was motived by the disappointment in the sector with IDS (Intrusion Detection Systems), which are able to detect any type of attack and identify threats. Once IDS were installed in organizations, both suppliers and users realized that the huge volume of information generated by this technology couldn’t be managed by security equipment. Thus a group of engineers decided to develop an open source tool to lend intelligence to IDS: they created a correlation engine that filters out so-called “false positives” and only informs security personnel about alarms that truly represent a problem for the network.