Alert Logic UK Ltd

Alert Logic Enterprise

Always-On Defenses with Experts Included.

Alert Logic Enterprise gives you a managed WAF and assigned SOC analyst. Receive premium cybersecuirty benefits and access to specialists at the right cost for your business.


  • Centralized security management
  • Threat detection
  • Incident Response
  • Threat Intelligence
  • 24/7 Security Operations Centre
  • Analytics, correlation, data science and machine learning
  • Web Application Security Monitoring
  • Managed Intrusion Detection System (IDS)
  • Log Management with realtime security monitoring and a daily LogReview
  • Vulnerability Assessment and AWS Configuration Monitoring


  • Protect data and applications in any environment
  • Proactive threat detection providing rapid notification by GIAC security experts
  • 24/7 security & compliance monitoring with 15 minute escalation SLA
  • Experts assist with all configuration, tuning and training
  • Compliance without complexity, such as PCI-DSS, SOX and GDPR
  • Assess your security posture to understand your environment risks
  • Inspect packet data for attacks
  • Inspect logs for signs of attack
  • Powerful UI to access data, view incidents, access reporting
  • Fully redundant log management solution minimum of 12 months storage


£2780 per licence per month

Service documents

G-Cloud 10


Alert Logic UK Ltd

William Morrish


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Hybrid cloud
Service constraints Alert Logic has planned maintenance windows that are shared with our customers through our user interface. These are limited by severity of impact, with high impact maintenance limited to best windows for service and where maintenance can not be avoided.

Cloud Defender onboarding requires Customer participation to ensure the right level of Customer feedback and activity for a successful deployment.  Service Continuity will also require the Customer participation to ensure that Alert Logic is receiving the relevant data for analysis and have the appropriate escalation contacts.
System requirements
  • CPU: 4 virtual CPUS
  • RAM: 8GB
  • Disk Space: 40 GB minimum

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Within 24 hours
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support No
Support levels Customer support is provided as part of the monthly subscription costings. Our support hours are 24x7 and our customers are able to contact the support teams either by telephone or email.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Once an agreement has been signed customers are assigned an onboarding project manager who will initially setup a call to talk through the entire onboarding/provisioning process. During the process if required the project manager can bring in additional resources depending on the complexity of the project to assist with the onboarding/implementation of the Alert Logic service. Alert Logic also has an extensive online knowledge sharing and support portal to enable self-sufficient onboarding as required (including video quick start guide).
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction During times where an export of log data from the Alert Logic Log Manager service is for a period of time that makes it impractical to do so using the inbuilt export functionality in the user interface, Alert Logic would facilitate the export of data through a support ticket.

Direct backend log exports are used to provide all logs collected from the customer environment for large spans of time, when it is prohibitively difficult to get the data by using normal methods.

After making the request a storage method such as hard drive must be provided by the customer to Alert Logic with capacity adequate to hold the data. The data is compressed, a reasonable estimate of size of log data compression will be at least 50%.
End-of-contract process In order to cancel the contract, then appropriate notice will need to be served in accordance with the terms and conditions.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Linux or Unix
  • Windows
Designed for use on mobile devices No
Accessibility standards WCAG 2.0 A
Accessibility testing Alert Logic performs extensive testing , which includes running screen readers. Accessibility testing is included as part of our SDLC.
What users can and can't do using the API The ActiveIntegration APIs are based on the Representational State Transfer (REST) architectural style, using standard HTTP methods and status codes. These APIs are resource-based where each resource is associated with a URL that identifies a set of objects. An API endpoint is composed of the HTTP method and the URL associated with the resource. The API endpoints produce JSON schema formatted responses. The API in addition to exposing incidents and acquire threat data also supports the following:

Customer Lifecycle Management

Flexible multi-endpoint solution for order entry and initial provisioning data entry, reducing cost while increasing revenue.

Provisioning of both physical and virtual appliances reducing costs and deployment times, while increasing quality of service

Usage / Entitlement
Detailed usage reporting with flexible entitlement models provides expedited billing and revenue capture

Security Services

Portal Integration / Dashboard
Branded portal integration yields higher customer satisfaction, enhanced network insight, and expedited threat response.

Ticketing / Incident Response
Smart Ticket handling reduces ticketing workload with automated mitigation and closing frees resources and reduces costs


Alert Logic® Threat Manager™ API
Providing various configuration and deployment capabilities to facilitate automation

Alert Logic® Log Manager™ API
Providing various configuration and deployment capabilities to facilitate automation
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment No
Customisation available Yes
Description of customisation Customisation of service can be achieved through the user interface or working with operation teams, customisation can include bespoke signatures and log parsers/rules. Alert Logic's SaaS delivery model enables us to prototype new detection methods, based on our own research and what other customers are experience, for new attacker techniques and test these methods against the dataset of our entire user population.


Independence of resources Various measures are used to restrict the impact of one user on another. User's data is held in separate data namespaces and user interface and user interface controls are implemented to ensure customers cannot perform actions that will affect other user's systems. This takes the form of controls and features to ensure that we can either throttle individual users at our frontend, or de-prioritize large date-range search queries for example.


Service usage metrics Yes
Metrics types Alert Logics service is based on number of instances protected plus log volume. Both metrics are provided in the portal for usage monitoring, a more detailed report is also provided through the Alert Logic Loyalty and Value team as part of our service on request.
Reporting types
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach Alert Logic Enterprise Storage Systems (ESS) in used co-location data centers are configured for disk-level encryption.
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Alert Logic provides functionality within our user interface to provide customers to export data. This can be done wither through a report or using the inbuilt query tools.
Data export formats CSV
Data import formats
  • CSV
  • Other
Other data import formats Various Delimited File Formats

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Reliability of hosted services:

Monthly uptime percentage: <99.9%
Service credit percentage: 10%

Monthly uptime percentage: <95%
Service credit percentage: 25%

ActiveWatch 15 minute security incident escalation commitment:
Monthly failures: <5
Service credit percentage: 10%

Monthly failures: 5 or more
Service credit percentage: 25%
Approach to resilience Alert Logic production data centers are a dual processing pair to provide disaster recovery and business continuity in the event of a catastrophic failure. The production network's instances are duplicated through leverage of real-time replication capabilities of our database technologies, data processing system, and the enterprise storage systems and are configured to mirror all operational data. Replication activities are monitored in real time by our 24x7x365 monitoring and alerting system. If there are system failures or reductions in performance, alert notifications are sent to the Infrastructure and Production Support groups.
Outage reporting Outage reporting is provided via email alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Username or password
  • Other
Other user authentication Alert Logic's customer user interface (UI) can support SAML.
Access restrictions in management interfaces and support channels Employees are explicitly granted only the rights, privileges, and access necessary to accomplish their assigned duties. Development, back office, and production systems are managed by separate IT groups.
Access to all systems requires management approval, a user ID, and a password. Users and administrators are uniquely assigned user IDs in order to be identified and authenticated to our systems.

Authentication to all production systems is protected via 2FA VPN and with password controls that include: complexity rules, maximum number of failed access attempts, minimum length, and expiration. All employees are responsible for maintaining the confidentiality of their passwords.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Coalfire ISO
ISO/IEC 27001 accreditation date 12/12/2016
What the ISO/IEC 27001 doesn’t cover Third party US data center facilities; (2) production environment and systems that reside in these data center facilities; and (3) company office space.
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date March 2017
CSA STAR certification level Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover “Cloud Insight (CI) was not fully included as part of our CSA Star Self-Assessment. However, based on the nature of how CI is deployed and used in a Customer’s environment, Alert Logic anticipates that only a limited number of the CSA Star requirements are applicable and a Customer’s compliance status should not be adversely impacted. Customers signing up to use the Cloud Defender service have the option not to enable or deploy the Cloud Insight tool (configuration assessment).”
PCI certification Yes
Who accredited the PCI DSS certification Schellman and Company
PCI DSS accreditation date 02/11/2016
What the PCI DSS doesn’t cover Managed services that were assessed as part of the PCI accreditation were: Systems Security Services and IT Support.
Other security certifications Yes
Any other security certifications
  • SSAE 16 SOC 1
  • SSAE 16 SOC 2
  • IS0 27001-2013

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Alert Logic’s information security policies and program are based on the International Organization for Standardization/International Electro-technical Commission (“ISO/IEC”) 27001:2013 standard. This international standard consists of a comprehensive set of controls comprising best practices in information security, and provides a solid framework for building a secure infrastructure.

Security policies and procedures are reviewed and revised on an annual basis by Management.

Alert Logic employs full-time, experienced information security professionals who direct the Company's information security program. They are responsible for developing, documenting, and implementing security policies and standards and reviewing all system related security plans throughout the Company's internal and production networks. The Senior Director of IT Audit & Compliance is also responsible for monitoring compliance with established policies by conducting security risk assessments and internal audits on a regular basis.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Change management at Alert Logic is managed through an Information Technology Infrastructure Library (“ITIL”)-based Change Advisory & Approval Board (“CAAB”) that is fully documented and communicated throughout the Company. Enforcement of change management policies and procedures is the responsibility of all department managers.

A change is defined as: any addition or modification in the SOC or backend infrastructure that could potentially affect the reliability of the user organization’s product and service.

In compliance with ISO 27001, changes are assessed for potential security impact prior to approval.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Vulnerability Remediation for identified risks our Vulnerability Management Process. This process works to identify the overall risk based on Alert Logic's Research and Intelligence Team's Risk Matrix that works to identify likelihood and impact of an identified risk.

The concluded risk remediation priority adheres to the number of days required to remediate:
Critical Priority = ASAP, Reserved for Zero Day
High Priority = 30 Days
Medium Priority = 60 Days
Low Priority = 90 Days
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Alert Logic is a internal customer of our security services. In addition to log collection (Log Manager), daily log review (Log Review), threat detection (Threat Manager), threat analysis (Active Watch Premier), web application protection (Web Security Manager); we also deploy a variety of external 3rd party solutions for areas such endpoint protection, file integrity monitoring, and email security.

Potential high risk incident are quickly escalated by our Corporate Security team via our CIRT process.

All these capabilities are built around an corporate incident response process in compliance with ISO 27001-2013.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Alert Logic is a internal customer of our security services. In addition to log collection (Log Manager), daily log review (Log Review), threat detection (Threat Manager), threat analysis (Active Watch Premier), web application protection (Web Security Manager). In the event an incident has been determined require remediation action, our Corporate Security is contacted for incident response (IR).

Additionally, our Corporate Security team directly monitors other such endpoint protection, file integrity monitoring, and email security. Upon incident notification, the team will initiate our IR process.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £2780 per licence per month
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑