We recently began working with a new partner, Alert Logic, a Security-as-a-Service provider. Our goal in working with Alert Logic is to give our customers flexible options for securing networks, systems, and applications in their data centers. Over a few articles, we’ll introduce Alert Logic’s security solutions, starting with network security using Alert Logic’s Threat Manager.
Threat Manager is an intrusion detection system (IDS) with integrated vulnerability scanning. While there are different types of IDS that utilize different techniques to capture and analyze data, the basic goal of any IDS is to monitor internal and external network traffic and create an alert when suspicious activity is detected. An IDS is a must-have tool for dealing with security threats, like distributed denial-of-service (DDoS) attacks, botnets, and malicious insiders. It’s also a requirement for meeting many government and industry regulations. For example, if your organization takes credit card payments and needs to comply with PCI-DSS, you need to have an IDS and/or IDS techniques in place to meet those PCI requirements.
The goal of Threat Manager, like any other IDS, is to protect the network; however, the Threat Manager approach to intrusion detection is unique for a number of reasons:
- Threat Manager provides IDS and vulnerability assessment. The same solution delivers broad scanning and detection visibility into network infrastructure, server infrastructure, business-critical applications, and web technologies (IPV6, Ajax, SQL injection, etc.).
- Threat Manager offers flexible options for collecting network traffic data. Physical appliances, virtual appliances, and agents are all supported, making it possible for Threat Manager to operate natively in different data center environments.
- Threat Manager uses advanced security analytics to identify real threats in real time. Intelligent multifactor correlation identifies suspicious patterns of events and creates actionable incidents.
- Incidents are passed directly to the user, or for subscribers of ActiveWatch services, the incidents are managed by analysts in the Alert Logic 24×7 Security Operations Center (SOC), and they work directly with customers to help remediate threats and attacks.
For those of you who host your valuable applications and data in our data centers, know that security is one of our top priorities. We’re looking forward to working with Alert Logic and sharing more information about their security offerings.