After USM Anywhere is installed in your environment, start flowing through the system, so you can start gaining visibility into the type of events that are occurring, what natural or non-threatening activity is taking place, and what activity can be a possible attack. USM Anywhere also begins collecting other information about your network and various network devices such as , routers and switches, servers, and . In addition, it is discovering and determining possible vulnerabilities and threats to your environment. The following illustration details a high level view of events and other information from your network environment as it is collected or generated by the USM Anywhere and , and then delivered to the USM Anywhere for processing and storage.
USM Anywhere Sensor combines discovery, , threat detection, and behavioral to provide full situational awareness. USM Anywhere Sensor is the front-line security module of the USM Anywhere platform and provides detailed visibility into your environment, vulnerabilities, attack targets and vectors, and services. USM Anywhere Sensor receives data and other activity or status information from devices and normalizes the information into a standardized event format. USM Anywhere Sensor then sends the normalized event to USM Anywhere, which tries to match every event with an asset or a user, enrich the event with environmental data where possible, and saves it.
Note: To protect the health of your system, USM Anywhere monitors the rate of events being sent to your sensor. If that rate, measured in events per second (EPS), threatens to impact your sensor’s capacity your EPS will be throttled. Throttling allows your system to take more time to process events coming in, without risking event loss. USM Anywhere will generate an event when EPS throttling is engaged.See Protecting Your Sensor’s Performance with EPS Throttling for more details about when EPS is engaged and how it works, and Understanding Your Data Consumption Status to learn more about sensor capacity and USM Anywhere tier limits.
USM Anywhere provides a unified management interface through the web UI that combines security automation, and LevelBlue Labs™ Open Threat Exchange® () and from the LevelBlue Labs™ Security Research Team to correlate data, spot anomalies, reduce risk, and improve operational efficiency. can be done logically, where events can be compared to patterns and multiple conditions can be connected by using logical operators such as OR and AND. After events are processed and correlated, USM Anywhere performs risk analyses and triggers an if the risk of the event is high enough.