TRUE SECURITY-AS-A-SERVICE To effectively defend against today s cybercriminals, organizations must look at ways to expand their ability to secure and maintain compliance across their evolving IT infrastructure. One approach commonly used is to staff security and research specialist in-house creating two teams: a dedicated Research team and a Security Operations Center (SOC). These teams, using advanced technologies, threat intelligence feeds, and defined processes, take on the responsibility of managing and defining security content, identifying and analyzing threats, and remediating compromises that infiltrate their environments. The challenge of finding and retaining skilled resources coupled with the high cost of purchasing and maintaining technology in-house puts creating Research and SOC team out of reach for many organizations. There is an alternative to this costly in-house approach: the Alert Logic Research team and Security Operations Center. The Alert Logic Research team and Security Operations Center offers organizations of any size the ability to extend their capabilities to secure and maintain compliance with a fully-managed enterprise grade solution without the cost or complexity of building and maintaining this function in-house. The Alert Logic Research team scours various sources of intelligence and analyzes multiple threat intelligence feeds in order to deliver comprehensive security content to the Alert Logic Cloud. The SOC, using the award-winning Alert Logic cloud-based security and compliance platform, delivers continuous protection and deep security and compliance insights to organizations no matter where their IT resides-- in the cloud, on-premises, or in a hybrid environment. Staffed by GIAC-certified security analysts and employing state-of-the-art technology, the SOC transforms raw security event data into actionable incidents, providing a valuable perspective on global threat activity that dramatically increases the security and compliance posture of any organization. The combined expertise of the Research team and Security Operations Center ensures rapid detection and response to incidents that aim to harm an organization s ability to operate, steal their intellectual property, or expose their customer s data. ADVANCING THE ART AND SCIENCE OF THREAT DETECTION The Security Research team plays a pivotal role in delivering continuous protection to the Alert Logic customer base. While the Alert Logic SOC is providing around the clock security monitoring, daily log review, web application firewall management, and advanced anomaly detection, the Alert Logic Research team is hard at work researching emerging threats, reviewing threat trends, and creating new security content that feeds the Alert Logic platform. Up-to-date security content enables the Alert Logic solution to eliminate irrelevant events and hone in on those events that warrant investigation by an analyst. Alert Logic s investment into mining threat intelligence, creating content continuously, and managing content for our customers means organizations are protected at a level few could obtain with their internal IT staff.
SECURITY OPERATIONS CENTER: COMPLETE SECURITY-AS-A-SERVICE The Alert Logic SOC removes the burden of around-the-clock monitoring from organizations already taxed internal IT staff, allowing these strategic resources to focus on projects and tasks that drive their business forward. The Alert Logic SOC extends an internal IT teams capacity to protect their applications, computing, and network infrastructure with advanced security solutions that are easy to implement, fully managed and do not require large upfront investments. With the Alert Logic SOC organizations gain the ability to: Protect web applications With Alert Logic Web Security Manager, experts proactively investigate malformed website requests in order to identify and implement required policy changes, respond to incidents, and provide ongoing tuning services as new threats appear. Detect security and compliance issues from log data Alert Logic Log Manager automates log collection, aggregation, and normalization of log data across an organization s entire environment; log review analysts review over 20 predefined reports to root out potential compliance and security issues. Identify and mitigate network threats With Alert Logic Threat Manager intrusion detection and vulnerability scan capabilities, security experts monitor network traffic for suspicious activity, analyze identified incidents, and escalate according to the organizations custom requirements. BEYOND MONITORING The SOC is staffed with security and compliance experts that provide a wealth of knowledge required to secure an organizations environment. Beyond the around- the-clock security monitoring, this specialized team of experts routinely completes the following tasks for customers: Complete threat investigations and analysis to deliver recommended remediation steps to the impacted organization Deliver threat assessment reports to identify risks to applications, network, and computing infrastructure, based on threat intelligence mined from a variety of internal and external sources Reverse engineer malware and suspect applications to obtain valuable information in order to drive new security content used to protect Alert Logic s entire customer base from future compromises Perform PCI and vulnerability scans to determine at risk systems for either compliance violations or known exploits The SOC blends the operational function of security monitoring with in-depth analysis to effectively identify and mitigate known and unknown threats.
ALERT LOGIC SECURITY TEAMS CUSTOMER CARE This first line of customer support receives all incoming support calls from the 2,700 customers serviced by Alert Logic. Reported issues from customers and assigned to the appropriate Alert Logic SOC team for resolution. APPLIANCE SUPPORT This team supports and monitors over 250,000 appliances, both physical and virtual, deployed at customer premises and service provider facilities to ensure data is being collected and delivered to the Alert Logic Cloud as expected. When appliances are offline or not functioning as expected a team member will work with the customer and/or service provider to resolve the issue. THREAT INVESTIGATION AND ANALYSIS TEAM This team investigates identified incidents from over millions security events collected daily. The analyst ensures the validity of the incident and performs detailed analysis in order to understand the potential impact. When required, the analyst will contact the impacted customers to explain the incident and provide recommended resolutions steps. This team also responds to customer requests for detailed investigations of specific events, including interpretation of raw event data. LOG REVIEW TEAM These analysts complete daily review of log data collected from customer assets. The review entails performing a detailed analysis of over 20 predefined, automatically generated reports with the goal of identifying security and/or compliance issues. The Log Review Analyst will provide these reports, as well as a synopsis of their findings, to over 700 customers daily. This team may also assist customers in searching through their stored log data. The Alert Logic Cloud currently stores and manages over 4 million petabytes of log data. WEB APPLICATION FIREWALL (WAF) TEAM These analysts provide management for the Alert Logic Web Security Manager solution. This team is staffed with specialists trained in the proper configuration, tuning, and maintenance of WAF technology to ensure uninterrupted availability and continuous protection. The combination of Alert Logic Web Security Manager, along with 24 x 7 management by the Web Application Firewall Team, empowers organizations to offload a resource-intensive responsibility without sacrificing their security posture. SECURITY CONTENT This team is responsible for ingesting multiple data feeds and producing content on the latest threat vectors and breaches. This content enables the Alert Logic analytics engine to eliminate irrelevant security events and hone in on those that warrant further investigation by the Alert Logic SOC. THREAT INTELLIGENCE The threat intelligence team mines a variety of source looking for information that will ultimately feed into the creation of new security content. This team is comprised of experts in the methods and tactics used by cyber criminals to penetrate networks, exploit application and system vulnerabilities, and exfiltrate sensitive data. With this specialized team working nonstop to identify threats and attacks, organizations are protected at a level that surpasses the capabilities of most internal IT teams.
SOC SERVICES The Alert Logic SOC transforms the information generated by security tools into useful and actionable knowledge, allowing customers to save time and money by focusing their efforts on remediation rather than investigation. ACTIVEWATCH for THREAT MANAGER This service monitors Threat Manager intrusion detection and vulnerability scan activity, analyzing each incident and escalating according to specific customer requirements. When incidents are identified, Alert Logic s security analysts provide guidance on remediation. ACTIVEWATCH for LOG MANAGER ActiveWatch for Log Manager is a managed service that delivers 24 7 analytics and continuous security monitoring of your log data, identifying potential security and compliance issues that could be impacting your organization. Unlike other costly and incomplete managed security services, ActiveWatch for Log Manager provides detailed information about issues and recommendations to return your environment to a trusted state. This service also satisfies the daily log review requirements of PCI DSS 3.0 in an automated fashion. ACTIVEWATCH for WEB SECURITY MANAGER This service provides a dedicated web application security team to proactively monitor the Alert Logic Web Application Firewall to identify and implement required policy changes, respond to incidents, and provide ongoing tuning services as new threats appear. ACTIVEWATCH PREMIER ActiveWatch Premier provides access to cutting-edge anomaly detection technology for enhanced detection of Advanced Persistent Threats, malware activity and zero-day attacks in near real time. In addition, ActiveWatch Premier customers have a named analyst who reviews and interprets all security data from each Alert Logic solution daily, applying an understanding of customer technology and business environment to identify relevant issues and concerns. LOG REVIEW The Log Review team completes daily log review required by many common compliance mandates, such as PCI and HIPAA. Each day, analysts use the Alert Logic Log Manager solution to analyze event log data, track and escalate issues, and send notifications to customers when potential issues that expose the organization to compliance violations are discovered. SCANWATCH Alert Logic s ScanWatch PCI managed service offering provides the required Approved Scanning Vendor services and reports needed to meet PCI compliance requirements for quarterly external vulnerability scanning. The service also offers functionality that provides customers with the self-service scanning tools needed to establish an external vulnerability management program.
MEET THE TEAM The Alert Logic SOC staffs GIAC-certified security analysts with a wide range of security backgrounds and areas of expertise. With varying degrees of education and experience, each analyst brings his or her own talents to the team. It is this diversity that makes the Alert Logic SOC able to effectively analyze and respond to the evolving breadth of threats. Analysts respond to security incidents identified by Alert Logic technology, providing detailed rootcause analysis and recommendations enabling a customer to return to a trusted state. Senior analysts provide in-depth incident investigations when required. Additionally these analysts work on casework requested by customers, as well as pure threat analysis to identify patterns of activity that may indicate new threats. Security Content Researchers review data intelligence feeds in order to create comprehensive security content that provides the broadest, most comprehensive threat coverage possible for customers. This expert provides mission critical output that allows the security analysts to avoid time-consuming investigations into false positives. Threat Intelligence Analysts mine a variety of sources looking for information that will ultimately feed into the creation of new security content. This analyst is an expert in the methods and tactics used by cyber criminals to penetrate networks, exploit application and system vulnerabilities, and exfiltrate sensitive data. ALERT LOGIC EXPERT CERTIFICATIONS
WHAT IS GIAC? Global Information Assurance Certification (GIAC) is the leading provider and developer of Information Security Certifications. GIAC tests and validates the ability of practitioners in information security, forensics, and software security. GIAC certification holders are recognized as experts in the IT industry and are sought after globally by government, military and industry to protect the cyber environment. SECURITY CERTIFICATIONS U.S.-EU & U.S.-Swiss Safe Harbor Frameworks In its ongoing commitment to maintain the strictest control standards on data security, Alert Logic maintains a certification of compliance with the U.S.-EU Safe Harbor program. The Safe Harbor program bridges the differences in approach to privacy data handling between the U.S., the European Union, and Switzerland, and it provides a streamlined means for U.S. organizations to comply with the privacy laws of each country. AICPA Service Organization Control Reports An independent public accounting firm has issued two Service Organization Control reports in relation to Alert Logic s Security-as-a-Service solutions. Service Organization Control reports are designed to help service organizations that operate information systems and provide information system services to other entities build trust and confidence in their service delivery processes and controls. This audit was completed in accordance with the attestation standard of the American Institute of Certified Public Accountants (AICPA), referred to as SSAE No. 16. SSAE No.16 is the auditing standard developed in 2011 by the AICPA to replace SAS 70 and align U.S. and international standards, creating a more global, unified standard. Alert Logic has successfully completed the industry standard audit since 2008.
ABOUT US Alert Logic, the leader in security and compliance solutions for the cloud, provides Security-as-a-Service for on-premises, cloud, and hybrid infrastructures, delivering deep security insight and continuous protection for customers at a lower cost than traditional security solutions. Fully managed by a team of experts, the Alert Logic Security-as-a-Service solution provides network, system and web application protection immediately, wherever your IT infrastructure resides. Alert Logic partners with the leading cloud platforms and hosting providers to protect over 2,700 organizations worldwide. Built for cloud scale, our patented platform stores petabytes of data, analyzes over 400 million events and identifies over 50,000 security incidents each month, which are managed by our 24x7 Security Operations Center. Alert Logic, founded in 2002, is headquartered in Houston, Texas, with offices in Seattle, Cardiff, and London. For more information, please visit www.alertlogic.com. Security. Compliance. Cloud. 2014 Alert Logic, Inc. All rights reserved. Alert Logic and the Alert Logic logo are trademarks, registered trademarks, or service marks of Alert Logic, Inc. All other trademarks listed in this document are the property of their respective owners.