Always-On Defenses with Experts Included.
Alert Logic Enterprise gives you a managed WAF and assigned SOC analyst. Receive premium cybersecuirty benefits and access to specialists at the right cost for your business.
- Centralized security management
- Threat detection
- Incident Response
- Threat Intelligence
- 24/7 Security Operations Centre
- Analytics, correlation, data science and machine learning
- Web Application Security Monitoring
- Managed Intrusion Detection System (IDS)
- Log Management with realtime security monitoring and a daily LogReview
- Vulnerability Assessment and AWS Configuration Monitoring
- Protect data and applications in any environment
- Proactive threat detection providing rapid notification by GIAC security experts
- 24/7 security & compliance monitoring with 15 minute escalation SLA
- Experts assist with all configuration, tuning and training
- Compliance without complexity, such as PCI-DSS, SOX and GDPR
- Assess your security posture to understand your environment risks
- Inspect packet data for attacks
- Inspect logs for signs of attack
- Powerful UI to access data, view incidents, access reporting
- Fully redundant log management solution minimum of 12 months storage
£2780 per licence per month
Alert Logic UK Ltd
|Software add-on or extension||No|
|Cloud deployment model||Hybrid cloud|
Alert Logic has planned maintenance windows that are shared with our customers through our user interface. These are limited by severity of impact, with high impact maintenance limited to best windows for service and where maintenance can not be avoided.
Cloud Defender onboarding requires Customer participation to ensure the right level of Customer feedback and activity for a successful deployment. Service Continuity will also require the Customer participation to ensure that Alert Logic is receiving the relevant data for analysis and have the appropriate escalation contacts.
|Email or online ticketing support||Email or online ticketing|
|Support response times||Within 24 hours|
|User can manage status and priority of support tickets||No|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Support levels||Customer support is provided as part of the monthly subscription costings. Our support hours are 24x7 and our customers are able to contact the support teams either by telephone or email.|
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||Once an agreement has been signed customers are assigned an onboarding project manager who will initially setup a call to talk through the entire onboarding/provisioning process. During the process if required the project manager can bring in additional resources depending on the complexity of the project to assist with the onboarding/implementation of the Alert Logic service. Alert Logic also has an extensive online knowledge sharing and support portal to enable self-sufficient onboarding as required (including video quick start guide).|
|End-of-contract data extraction||
During times where an export of log data from the Alert Logic Log Manager service is for a period of time that makes it impractical to do so using the inbuilt export functionality in the user interface, Alert Logic would facilitate the export of data through a support ticket.
Direct backend log exports are used to provide all logs collected from the customer environment for large spans of time, when it is prohibitively difficult to get the data by using normal methods.
After making the request a storage method such as hard drive must be provided by the customer to Alert Logic with capacity adequate to hold the data. The data is compressed, a reasonable estimate of size of log data compression will be at least 50%.
|End-of-contract process||In order to cancel the contract, then appropriate notice will need to be served in accordance with the terms and conditions.|
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||
|Designed for use on mobile devices||No|
|Accessibility standards||WCAG 2.0 A|
|Accessibility testing||Alert Logic performs extensive testing , which includes running screen readers. Accessibility testing is included as part of our SDLC.|
|What users can and can't do using the API||
The ActiveIntegration APIs are based on the Representational State Transfer (REST) architectural style, using standard HTTP methods and status codes. These APIs are resource-based where each resource is associated with a URL that identifies a set of objects. An API endpoint is composed of the HTTP method and the URL associated with the resource. The API endpoints produce JSON schema formatted responses. The API in addition to exposing incidents and acquire threat data also supports the following:
Customer Lifecycle Management
Flexible multi-endpoint solution for order entry and initial provisioning data entry, reducing cost while increasing revenue.
Provisioning of both physical and virtual appliances reducing costs and deployment times, while increasing quality of service
Usage / Entitlement
Detailed usage reporting with flexible entitlement models provides expedited billing and revenue capture
Portal Integration / Dashboard
Branded portal integration yields higher customer satisfaction, enhanced network insight, and expedited threat response.
Ticketing / Incident Response
Smart Ticket handling reduces ticketing workload with automated mitigation and closing frees resources and reduces costs
Alert Logic® Threat Manager™ API
Providing various configuration and deployment capabilities to facilitate automation
Alert Logic® Log Manager™ API
Providing various configuration and deployment capabilities to facilitate automation
|API documentation formats||
|API sandbox or test environment||No|
|Description of customisation||Customisation of service can be achieved through the user interface or working with operation teams, customisation can include bespoke signatures and log parsers/rules. Alert Logic's SaaS delivery model enables us to prototype new detection methods, based on our own research and what other customers are experience, for new attacker techniques and test these methods against the dataset of our entire user population.|
|Independence of resources||Various measures are used to restrict the impact of one user on another. User's data is held in separate data namespaces and user interface and user interface controls are implemented to ensure customers cannot perform actions that will affect other user's systems. This takes the form of controls and features to ensure that we can either throttle individual users at our frontend, or de-prioritize large date-range search queries for example.|
|Service usage metrics||Yes|
|Metrics types||Alert Logics service is based on number of instances protected plus log volume. Both metrics are provided in the portal for usage monitoring, a more detailed report is also provided through the Alert Logic Loyalty and Value team as part of our service on request.|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||European Economic Area (EEA)|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Other data at rest protection approach||Alert Logic Enterprise Storage Systems (ESS) in used co-location data centers are configured for disk-level encryption.|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||Alert Logic provides functionality within our user interface to provide customers to export data. This can be done wither through a report or using the inbuilt query tools.|
|Data export formats||CSV|
|Data import formats||
|Other data import formats||Various Delimited File Formats|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||
Availability and resilience
Reliability of hosted services:
Monthly uptime percentage: <99.9%
Service credit percentage: 10%
Monthly uptime percentage: <95%
Service credit percentage: 25%
ActiveWatch 15 minute security incident escalation commitment:
Monthly failures: <5
Service credit percentage: 10%
Monthly failures: 5 or more
Service credit percentage: 25%
|Approach to resilience||Alert Logic production data centers are a dual processing pair to provide disaster recovery and business continuity in the event of a catastrophic failure. The production network's instances are duplicated through leverage of real-time replication capabilities of our database technologies, data processing system, and the enterprise storage systems and are configured to mirror all operational data. Replication activities are monitored in real time by our 24x7x365 monitoring and alerting system. If there are system failures or reductions in performance, alert notifications are sent to the Infrastructure and Production Support groups.|
|Outage reporting||Outage reporting is provided via email alerts|
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||Alert Logic's customer user interface (UI) can support SAML.|
|Access restrictions in management interfaces and support channels||
Employees are explicitly granted only the rights, privileges, and access necessary to accomplish their assigned duties. Development, back office, and production systems are managed by separate IT groups.
Access to all systems requires management approval, a user ID, and a password. Users and administrators are uniquely assigned user IDs in order to be identified and authenticated to our systems.
Authentication to all production systems is protected via 2FA VPN and with password controls that include: complexity rules, maximum number of failed access attempts, minimum length, and expiration. All employees are responsible for maintaining the confidentiality of their passwords.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||Coalfire ISO|
|ISO/IEC 27001 accreditation date||12/12/2016|
|What the ISO/IEC 27001 doesn’t cover||Third party US data center facilities; (2) production environment and systems that reside in these data center facilities; and (3) company office space.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||Yes|
|CSA STAR accreditation date||March 2017|
|CSA STAR certification level||Level 1: CSA STAR Self-Assessment|
|What the CSA STAR doesn’t cover||“Cloud Insight (CI) was not fully included as part of our CSA Star Self-Assessment. However, based on the nature of how CI is deployed and used in a Customer’s environment, Alert Logic anticipates that only a limited number of the CSA Star requirements are applicable and a Customer’s compliance status should not be adversely impacted. Customers signing up to use the Cloud Defender service have the option not to enable or deploy the Cloud Insight tool (configuration assessment).”|
|Who accredited the PCI DSS certification||Schellman and Company|
|PCI DSS accreditation date||02/11/2016|
|What the PCI DSS doesn’t cover||Managed services that were assessed as part of the PCI accreditation were: Systems Security Services and IT Support.|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
Alert Logic’s information security policies and program are based on the International Organization for Standardization/International Electro-technical Commission (“ISO/IEC”) 27001:2013 standard. This international standard consists of a comprehensive set of controls comprising best practices in information security, and provides a solid framework for building a secure infrastructure.
Security policies and procedures are reviewed and revised on an annual basis by Management.
Alert Logic employs full-time, experienced information security professionals who direct the Company's information security program. They are responsible for developing, documenting, and implementing security policies and standards and reviewing all system related security plans throughout the Company's internal and production networks. The Senior Director of IT Audit & Compliance is also responsible for monitoring compliance with established policies by conducting security risk assessments and internal audits on a regular basis.
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||
Change management at Alert Logic is managed through an Information Technology Infrastructure Library (“ITIL”)-based Change Advisory & Approval Board (“CAAB”) that is fully documented and communicated throughout the Company. Enforcement of change management policies and procedures is the responsibility of all department managers.
A change is defined as: any addition or modification in the SOC or backend infrastructure that could potentially affect the reliability of the user organization’s product and service.
In compliance with ISO 27001, changes are assessed for potential security impact prior to approval.
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||
Vulnerability Remediation for identified risks our Vulnerability Management Process. This process works to identify the overall risk based on Alert Logic's Research and Intelligence Team's Risk Matrix that works to identify likelihood and impact of an identified risk.
The concluded risk remediation priority adheres to the number of days required to remediate:
Critical Priority = ASAP, Reserved for Zero Day
High Priority = 30 Days
Medium Priority = 60 Days
Low Priority = 90 Days
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||
Alert Logic is a internal customer of our security services. In addition to log collection (Log Manager), daily log review (Log Review), threat detection (Threat Manager), threat analysis (Active Watch Premier), web application protection (Web Security Manager); we also deploy a variety of external 3rd party solutions for areas such endpoint protection, file integrity monitoring, and email security.
Potential high risk incident are quickly escalated by our Corporate Security team via our CIRT process.
All these capabilities are built around an corporate incident response process in compliance with ISO 27001-2013.
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||
Alert Logic is a internal customer of our security services. In addition to log collection (Log Manager), daily log review (Log Review), threat detection (Threat Manager), threat analysis (Active Watch Premier), web application protection (Web Security Manager). In the event an incident has been determined require remediation action, our Corporate Security is contacted for incident response (IR).
Additionally, our Corporate Security team directly monitors other such endpoint protection, file integrity monitoring, and email security. Upon incident notification, the team will initiate our IR process.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£2780 per licence per month|
|Discount for educational organisations||No|
|Free trial available||No|
|Pricing document||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|