USM Anywhere Service Issue
Incident Report for USM Anywhere
Postmortem

This weekend the AlienVault USM cloud experienced an incident which has subsequently been resolved. It impacted AlienVault USM cloud availability for a small number of our customers (less than 5%) for a short period of time. On the evening of March 31st, an outside entity gained limited access to a management API of the AlienVault USM cloud. The entity did not gain access to any USM Anywhere or USM Central servers or any customer data. Service was restored quickly and no data was lost or compromised. All customers affected by the service disruption have been notified.

The security and monitoring controls we have in place worked as designed. Our own use of USM Anywhere enabled us to detect the activity within one minute of its initiation. We were able to immediately revoke the unauthorized access and successfully blocked any further disruption of service.

AlienVault is conducting a thorough review of this incident in order to identify any possible improvements to our systems and processes.

Posted Apr 03, 2018 - 01:01 UTC

Resolved
The incident is resolved. Thank you for your patience and we apologize for the disruption. A full retrospective will be posted on the USM Anywhere status page (status.alienvault.cloud) after we have had time to fully investigate the issue.

If your USM Anywhere is not functioning normally at this time, please open a support ticket at www.alienvault.com/support to discuss the issue with a support representative.
Posted Apr 01, 2018 - 16:09 UTC
Monitoring
We believe the problem has been resolved. We will continue to monitor the situation and will declare the incident resolved when we are satisfied that the service has returned to normal.

If you are still having issues at this time, please open a support ticket at www.alienvault.com/support to discuss the issue with a support representative.
Posted Apr 01, 2018 - 06:19 UTC
Identified
We have identified the cause of the issue with the USM Anywhere service as the result of a hostile denial of service action. No data has been lost and we are working to mitigate the issue and restore service to your USM Anywhere systems.

Our technical team is working hard to resolve the issue. You can monitor the USM Anywhere status page (status.alienvault.cloud) for further developments. We will continue to send you additional information as we work to resolve the issue.
Posted Apr 01, 2018 - 01:33 UTC
Investigating
There is an issue with the USM Anywhere service that is
causing USM Anywhere to be inaccessible to some users.

The issue was originally identified at 7 PM CT March 31.

AlienVault technical staff is investigating the cause. You can monitor the USM Anywhere status page (status.alienvault.cloud) for further developments. We will continue to send you additional information as we work to resolve the issue.
Posted Apr 01, 2018 - 00:14 UTC