USM Anywhere Network Security Concepts and Terminology

Overview
USM Anywhere Architecture
USM Anywhere Data Security
USM Anywhere Log Data Enhancement
USM Anywhere Quick Start Guides
USM Anywhere Deployment Guide
USM Anywhere User Guides
- Overview
- Getting Started with USM Anywhere
  - Overview
  - Prerequisites and Requirements
  - USM Anywhere Network Security Concepts and Terminology
  - USM Anywhere Network Security Capabilities
  - USM Anywhere Network Security Best Practices
  - Expectations of Security Monitoring
  - Establishing Baseline Network Behavior
  - USM Anywhere Web UI
  - Verifying USM Anywhere Operation
  - Start Using USM Anywhere
- USM Anywhere Best Practices
- USM Anywhere Dashboards
- Asset Management
- Alarms Management
- System Events Management
- Console User Events on USM Anywhere
- Configuration Issues Management
- User Behaviour Analytics
- Events Management
- USM Anywhere Scheduler
- Rules Management
- Vulnerability Assessment
- Open Threat Exchange® and USM Anywhere
- USM Anywhere Sensor Management
- The AWS Cloud Connector in USM Anywhere
- Subscription Management
- USM Anywhere Reports
- Machine Learning
- USM Anywhere User Management
- Using USM Anywhere for PCI Compliance
- USM Anywhere Investigations
- System Status within USM Anywhere
USM Anywhere Agents Guide
USM Anywhere BlueApps Guide

When working with USM Anywhere and using the USM Anywhere web UI to perform network security operations, it is important to understand a few basic USM network security concepts. First, a key principle of the USM system is that it monitors . Assets are all devices in an enterprise that have some value to the enterprise and, generally, that it is possible to monitor or gather information about, such as their status, health or availability, configuration, activity, or . The value comprises either the cost of the device itself, or the value of the data that is stored on the device or travels through the device.

An asset is defined as a unique IP address
Assets are organized into networks based on IP addressing
Networks are organized into locations, based on their geographical location

Typically, at least one USM Anywhere Sensor is used to monitor one geographically self-contained location. If several locations are used by an enterprise, each location is monitored with at least one USM Anywhere Sensor, which sends information to USM Anywhere about assets that are in the same location. BlueApps are used in the USM Anywhere Sensor to extract and normalize data from different data sources into standard-format events. USM Anywhere provides a wide assortment of integrations that can be used to collect events for most commonly encountered data sources. USM Anywhere includes for identifying important events or patterns of events within large volumes of data. are generated by an explicit call within the rules, either orchestration or . Correlation rules detect threats and are continuously provided as part of the LevelBlue Labs™ Security Research Team. Information about specific threats is obtained from sources such as those reported by and LevelBlue Labs™ Open Threat Exchange® (OTX™). For example, OTX provides and of malicious , which can link assets by their vulnerabilities to specific threats and notification about events that involve known or suspect malicious hosts. USM Anywhere can also perform scans which identify assets’ vulnerabilities to specific and identified threats. See Rules Management for more information.

Prerequisites and Requirements USM Anywhere Network Security Capabilities

USM Anywhere™

USM Central™

Automated Policy Manager

USM Anywhere Network Security Concepts and Terminology