This weekend the AlienVault USM cloud experienced an incident which has subsequently been resolved. It impacted AlienVault USM cloud availability for a small number of our customers (less than 5%) for a short period of time. On the evening of March 31st, an outside entity gained limited access to a management API of the AlienVault USM cloud. The entity did not gain access to any USM Anywhere or USM Central servers or any customer data. Service was restored quickly and no data was lost or compromised. All customers affected by the service disruption have been notified.
The security and monitoring controls we have in place worked as designed. Our own use of USM Anywhere enabled us to detect the activity within one minute of its initiation. We were able to immediately revoke the unauthorized access and successfully blocked any further disruption of service.
AlienVault is conducting a thorough review of this incident in order to identify any possible improvements to our systems and processes.