Alert Logic, the SIEMless Threat Management™ company, announced at the RSA Conference that it has added a new extended endpoint protection capability along with other new capabilities for anti-virus integration, log collection and search for Office 365, Microsoft Azure Event Hubs integration, user behavior anomaly detection for Amazon Web Services (AWS) environments, and dark web scanning. This expanded attack surface coverage enriches Alert Logic’s offering with even greater detection and protection support along with enhanced visibility across environments and workloads, thereby addressing more of the needs of resource-constrained security buyers without requiring a Security Information and Event Management (SIEM) tool.
“Alert Logic is rapidly innovating to detect security events across more of the attack surface to protect workloads on any environment—in the cloud, on-premises, or hybrid,” said Onkar Birk, Senior Vice President of Product Strategy & Engineering. “Because our offering seamlessly connects security platform, threat intelligence and expert defenders, our customers get better security coverage that maps to their risks and ensures optimal coverage even with constrained budgets.”
Extended Endpoint Protection
According to Forrester, “It’s often more difficult for firms to find and hire people with the right skills to manage endpoint security tools than it is to procure a managed service provider to accomplish the same task.”
The new extended endpoint protection capability leverages machine-learning and behavioral analytics to monitor and isolate Windows and Mac client endpoint attacks at the earliest opportunity, including so-called ‘zero day’ threats. It helps thwart multiple attack techniques that try to compromise endpoints, gain access to resources, and detonate payloads, and provides deep visibility in real-time across endpoints, including low-level system activity, without impacting performance. Customers can use Alert Logic alongside of existing anti-virus detection and endpoint security tools to provide an additional layer of defense. Extended endpoint protection is available in beta for select customers and partners today and will be generally available in Alert Logic Essentials in calendar Q2.
“As employees become more mobile, organisations struggle to manage and deliver endpoint protection that is dynamic and cost effective without causing disruption,” said Jack Danahy, Senior Vice President, Security, Alert Logic. “With these new capabilities, we ease the security and management burden for our customers.”
In addition to extended endpoint protection, Alert Logic is introducing additional capabilities to broaden its attack surface coverage, including the following:
Anti-virus Integration: Enables ingestion and analysis of anti-virus data to provide key insights for alerting and Security Operations Center (SOC) support, such as detection of known hacking tools and writing to privileged locations. Available today in Alert Logic Professional.
Office 365 and Expanded Azure Integration: Provides Office 365 log collection and search for Exchange, SharePoint, Teams, and more and Azure Event Hubs integration for Azure Active Directory, Azure Diagnostics, Azure Activity Log, Azure Security Center, Azure SQL Audit logs and more, further extending how Alert Logic supports organizations across any environment. Available today in Alert Logic Professional.
AWS User Behavior Anomaly Detection: Leverages AWS CloudTrail to detect and alert on suspicious user activity in AWS environments. Uses machine learning to help determine a baseline of user behavior and identify changes in the way users access systems including locations and times of access. Available today in Alert Logic Professional.
Dark Web Scanning: Enables Alert Logic SOC analysts to scan customer account domains to identify and send alerts when compromised credentials are found on the dark web. Helps reveal potential risks of attack due to hacked email accounts, spear phishing and other targeted social engineering efforts. Available today with the Assigned SOC Analyst option for Alert Logic Enterprise.
“We rely on Alert Logic for cybersecurity and are excited by these new capabilities that will provide greater coverage of our attack surface,” said Rob Hayes, Business Development Director, eComchain. “Threats happen around the clock. Staffing a 24/7 SOC and implementing and maintaining a SIEM is a time-consuming and expensive approach that we did not want to follow. Alert Logic’s SIEMless offering is a better approach that helps us understand where we have risk, monitors and alerts us when there are threats, and provides us with the right level of security at a cost that makes sense for our business.”
“Alert Logic continues to innovate in ways that help our clients secure existing environments while protecting new ones as their businesses evolve,” said Paul Kunze, Vice President, Sales and Marketing, IntraSystems. “We are eager to provide clients with these new capabilities around endpoint, dark web, and multi-cloud support all delivered via the Alert Logic SIEMless model of security platform, intelligence and experts.”
These new capabilities are offered at no additional cost to customers of Alert Logic Essentials, Professional, and Enterprise, respectively.
For more information, please visit Alert Logic’s product overview and pricing page and RSA Conference Booth #1627 in the South Expo Hall.