Alert Logic Cloud Defender
Cloud Defender really is a bit of a misnomer since this suite of tools from Alert Logic protects data in multiple locations, including on-premises. However, it is the cloud that has been the fastest growing area for this company.
The Cloud Defender package is anything but simple under the covers. In fact, it probably is the most complete suite of tools we've yet seen. For all of that, it is fairly straightforward to deploy and administer.
The suite consists of several components, including Log Manager, Threat Manager, Web Security Manager, Active Analytics, Active Intelligence and ActiveWatch. Each of these has a unique responsibility and each one feeds its results into the mix where, at the end, humans may become involved. Alert Logic recognises that there are functions that require humans and that computers can only prepare the data for their use.
Colud Defender uses lightweight agents that deliver web application events, log data and network events to one of the managers (Web Security, Threat or Log Managers). At that point Active Analytics - Alert Logic's Big Data analysis platform - takes over and feeds its response to Active Intelligence to look at how the results fit with treat intelligence and security content. Finally, if the results warrant it, the next stop is humans: ActiveWatch. The 40-person Active Intelligence team constantly is searching for new intelligence and feeding that content into the Active Intelligence engine. This ensures that the threatscape is characterised as completely as possible at any point in time. Once a threat is identified it is fed back to the customer's IT environment whether it is cloud, on-premises or hybrid.
The Threat Manager component takes care of intrusion detection and vulnerability management tasks. As part of that, data leakage protection and vulnerabilities throughout the environment are identified. The Log Manager collects, aggregates and normalises logs from all sources and sets them up for easy searching. The Web Security Manager detects web app attacks and applies the information it gains to identify advanced persistent threats. The manager components can be deployed inline or out of band.
One of the most important components of Cloud Defender is Active Analytics. Active Analytics is a Big Data processing grid with more than 1,000 cores dedicated to processing. It uses real-time monitoring (from the data feeds coming from data collection and Active Intelligence), looks at pre-cursor data (data leading up to an event) and forensics on the data it receives to substantially limit false positives. Then, using a variety of techniques - including correlation, anomaly detection, threat intelligence and reputation-based data among others - it identifies incidents, including zero days and other hard-to-recognise events.
Active Intelligence really is the content-creation piece of the suite. In Active Intelligence there are more than 40 analysts collecting, correlating and disseminating intelligence content that feeds back into the rest of the system. The purpose of this team is to identify emerging threats and update the security content that the suite needs to be effective and current.
All of this feeds into Active Watch, which is, essentially, a 24/7 SOC that looks at incidents escalated from the automated system to human analysts. These analysts perform security monitoring and escalation providing customers with the kind of analysis and action usually expected of an in-house SOC or a monitoring service.
We found that there were two things that really set Alert Logic apart from the pack. First, even though it is somewhat similar to a typical managed security service, the depth and breadth of the offering's analytics and threat management process goes beyond anything we've seen in that space to date. Second, with its strong presence in the cloud, it is far superior to any other similar service we've seen for cloud-based environments. Even though it handles non-cloud environments with ease, Cloud Defender really comes into its own when managing the security on a cloud-defined data centre.
There is a lot to like about this service, not the least of which is the price. A fixed price for everything this suite does is really quite cost-effective. This combination product/service includes the security software/products that monitor and collect data, the associated managed service(s), and the necessary hardware/software to deliver the solution. The services included (in addition to the Vulnerability Scanner, IDS, Log Management solution and Web Application Firewall), are ActiveAnalytics (the analytics engine that processes logs in real time to trigger incidents), ActiveIntelligence (Alert Logic's cyber-security and threat research service that manages security content), and ActiveWatch (the 24/7 security monitoring service that includes monitoring, tuning and incident escalation for the suite). All support is included. This is a bargain for the price, in our view. On top of all that, case management is built into the suite and Alert Logic builds all of the policies for the customer.
At a glance
Product Alert Logic Cloud Defender
Company Alert Logic
Price Pay-as-you-go model starting at £2,015/month.
What it does Security-as-a-service for on-premises, cloud and hybrid infrastructures.
What we liked Good mix of security and compliance capability with a current focus on the fastest-growing area: securing cloud platforms.