Managed Detection Response Anywhere

Castra's Elite MDR for USM Anywhere


Request a Quote

Please give us 24 hours to respond to your request.

Castra + AT&T / AlienVault History

Castra has been partners with AT&T / AlienVault since 2013 and we have deployed USM in over 2,200+ organizations all over the world. 2,200+ successful USM Implementations are a testament to our mastery and USM Anywhere expertise. USM Anywhere’s rise in adoption amongst Small to Medium Businesses and Small to Medium Enterprises, played a key role in Castra’s growth since our inception. Deploying 2,200 platforms is one thing, deploying 2,200 successfully with a large percentage of customers returning for more services is another. Castra was using USM Anywhere before it was even released and worked closely with AT&T / AlienVault’s development team as it came online. We have deep knowledge of this platform.

Our Security Operation Center is based in Durham, North Carolina and it is second to none. Our SOC is filled with well trained, US-Based, diligent Analysts who are all USM Anywhere experts with several years of Security Operations experience. Our transparent, integrated, and affordable approach coupled with a near 100% renewal rate is why we’ve been AT&T AlienVault’s #1 Partner since 2013.

AlienVault USM Anywhere

Our Favorite Things About USM Anywhere

  • USM Anywhere’s unified approach of bundling several tools into a single platform is valuable for organizations who have limited resources
  • Seamless integration into AWS, Azure and GCP
  • Built in Intrusion Detection
  • Onboard Vulnerability and hardening tools
  • Integrated Threat Intelligence: Open Threat Exchange - OTX
  • Optional AV Agent to monitor endpoints, gather telemetry and collect logs from
  • your workstations and mobile devices
  • Deploying, rebuilding or replacing sensors is simple and can be completed in minutes

We bend platforms to work in your environment.

Contact us to get started
illustrated wide computer screen

How Castra’s clients are successful with USM Anywhere

Along with our clients, Castra has been successful using USM Anywhere reducing deployment time, increasing ROI and integrating with diverse logging sources and feeds. Providing analysts IDS, OTX comparison with every log and MITRE framework association for most alarms; our SOC team and our client teams can figure out what/where/why quickly , resulting in more time spent threat hunting and less time on managing a system. We can tune quickly, discover concerns faster, and provide multiple tools with USM Anywhere. Our responses to clients are focused, accurate and fast.

USM Anywhere solves

  • Monitoring complex hybrid environments isn’t easy, as it becomes a requirement to collect logs from an array of locations and sources. USM Anywhere sensors can consume standard syslog from every off the shelf application a client might have on the LAN while providing an immense amount of AlienApps that assist in Cloud application log collection and integrations
  • Writing custom alarms, or creating granular suppressions, filters and notifications is very easy with the intuitive UI
  • Optional AV agent or NXlog works well with Windows logs and sysmon logs , including adding key support for PowerShell logs. AV Agent also allows for log acquisition from mobile endpoints (laptops) that aren’t always connected to the domain. In this time where the workforce is away from the office more than in the office, this matters
  • JOVAL scanning supporting authenticated and unauthenticated scanning assisting clients verify hardened assets even when they can quickly come and go in cloud scenarios, or on the LAN
  • MITRE alignment helps analysts quickly determine severity, and robust rules make it easy to get ROI within minutes of deploying a sensor and beginning log collection
  • Comparing external Threat Intel against your data with OTX (Open Threat Exchange); all data is compared against “pulses” with information including IP, domain, and hashes. Further OTX allows you to write your own pulses, or bring in your own TIPS platform for improved and targeted intel
  • Rebuilding or replacing sensors is fast and can be completed in minutes, no more worrying about backing up cloud or on premise sensor and collectors
  • Intrusion detection leveraging Emerging Threat Pro signatures with OTX integration
Illustrated man with headset

Tying it all together

Castra and other high profile SOC teams shoot for the rule of thirds , where 1/3 of the analyst time is spent on alert response, 1/3 analyst of the time is spent on hunting and 1/3 analyst of the time is spent on alert improvement. This is moving away from the stacked team goal of numerous Tier1 individuals managing tickets and triage, moving things to Tier2 individuals for analysis and review, finally landing on a Tier3 desk for improvement and tuning. While we will always grow teams from within , Alienvault reduces the need for “numerous Tier1 individuals” helping our SOC be focused and productive while improving analyst retention due to reducing “alarm fatigue.”

illustrated graph on hexagons

Data Sheets

Download more informationbased on the services youneed here.

Castra's Elite MDR for USM Anywhere Data Sheet

Read and Download Here

Castra Manages Your USM Anywhere

Here’s how we connect with you.

castra elite mdr diagram

Castra’s Elite MDR Overview


Fully Managed

Elite is Castra’s most in-depth service. Our Security Operations Center (SOC) watches your network, investigates security alarms, tunes the system for better visibility, and works with you when we find anomalies. You don’t need to manage the security platform or watch the console day by day - we do that for you. Let us take care of everything while you focus on your business.

Request a Quote


    • Training and enhancing USM Anywhere’s correlation engine
    • Proactive tuning, customer notification and orchestrated response post incident detection
    • Advanced alarm and orchestration response
    • Expert assistance on new service deployment from Security Operations Team
    • Designated Primary Security Analyst and 24x7 SOC
    • Documented Incident Response Plan
    • Intensive analysis of customer needs and network environment
    • Anomali Threatstream integration - best in class Threat Intelligence Platform (TIPS)
    • Custom behavioral modeling and detection rules for improved alarming
    • Custom notifications for Alarm outputs
    • Compliance Based Dashboards
    • Custom Reporting
    • Scheduled teleconferences with Security Operations Team covering: Alarm review and tuning, reporting and customization
    • Capacity planning
    • Risk posture adjustments
    • 24×7 monitoring by Security Operations Team
    • Cloud-based platform continuously monitors:
      • Hardware and software stats
      • Event flow rates
      • Capacity and performance information
      • Proactive tuning and customer notification upon problem detection