Cloudreach Europe Limited

Security Threat and Vulnerability Management for Cloud Services

The Security Threat and Vulnerability Management service, powered by Alert Logic, comes in 3 available bundles: Essentials, Professional and Enterprise. They are a suite of services and capabilities that provide a 24x7 SOC with certified security experts to security monitor and manage your IT assets hosted on public cloud infrastructure.

Features

  • Centralised Security Management
  • Threat Detection
  • Incident Response
  • Threat Intelligence
  • Vulnerability Management
  • WAF technology

Benefits

  • Siemlessly Connected: Platform, intelligence, and experts combined
  • Always on Security: 24/7 monitoring with live notifications
  • Protection across Business: Easy-to-use, single-screen view across environments
  • Security Pro's: Expand defenses with accurate, expert protection
  • Cloud & DevOps: Scale and protect with elastic security
  • Application Owners: Prevent attacks by finding vulnerabilities
  • Experts Included: Reduce false positive alarms

Pricing

£1.76 to £12.63 per device per month

Service documents

Framework

G-Cloud 11

Service ID

8 6 1 7 6 0 0 1 2 0 5 2 0 2 6

Contact

Cloudreach Europe Limited

Pritesh Patel

07473 991 134

public.sector@cloudreach.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Public cloud
  • Hybrid cloud
Service constraints Alert Logic has planned maintenance windows that are shared with our customers through our user interface. These are limited by severity of impact, with high impact maintenance limited to best windows for service and where maintenance can not be avoided. Threat Manager onboarding requires Customer participation to ensure the right level of Customer feedback and activity for a successful deployment. Service Continuity will also require the Customer participation to ensure that Alert Logic is receiving the relevant data for analysis and have the appropriate escalation contacts.

https://docs.alertlogic.com/release-notes/maintenance-windows.htm
System requirements
  • -- Requirements for the Alert Logic agent --
  • Memory: 96 MB
  • Disk Space: 30 MB
  • Disk Space (local cache): 500 MB
  • CPU Utilization: 1-10% depending on log volume
  • RAM: 15 MB minimum
  • TLS Standard (SSL): 2048-bit key encryption, 256-bit AES bulk encryption
  • -- Requirements for public cloud environments --
  • https://legacy.docs.alertlogic.com/home.htm

User support

User support
Email or online ticketing support Email or online ticketing
Support response times The customer will receive an auto-acknowledgement of the question along with an associated ticket number once the request has been received by Alert Logic. Tickets are usually triaged with an initial response sent to the customer within two hours, but this may vary depending on inbound call and ticket volumes. For urgent requests it is always advisable to call.
The Alert Logic Support Team can be contacted by phone, e-mail, or through ticket submission at https://support.alertlogic.com - where self-service is always available through a wealth of contextually searchable Knowledge Base Articles and Community driven assistance.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support No
Support levels The SOC comprises the following levels: Associate, Professional, Senior, and Principal. Customer support is provided as part of the monthly subscription costings. Our support hours are 24x7 and our customers are able to contact the support teams either by telephone or email.
Service Health Monitoring & Support and PCI ASV Support are included in all packages, while 24x7 Triage, Escalation & Response Support is included in Professional & Enterprise subscription. Within Enterprise Security Posture Reviews are also included and there is the possibility to get an Assigned SOC Analyst and Threat Hunting at additional costs.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Once an agreement has been signed customers are assigned an onboarding project manager who will initially setup a call to talk through the entire onboarding/provisioning process. During the process if required the project manager can bring in additional resources depending on the complexity of the project to assist with the onboarding/implementation of the Alert Logic service.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction During times where an export of log data from the Alert Logic Log Manager service is for a period of time that makes it impractical to do so using the inbuilt export functionality in the user interface, Alert Logic would facilitate the export of data through a support ticket. Direct backend log exports are used to provide all logs collected from the customer environment for large spans of time, when it is prohibitively difficult to get the data by using normal methods. After making the request a storage method such as hard drive must be provided by the customer to Alert Logic with capacity adequate to hold the data. The data is compressed, a reasonable estimate of size of log data compression will be at least 50%.
End-of-contract process In order to cancel the contract, then appropriate notice will need to be served in accordance with the terms and conditions.

Using the service

Using the service
Web browser interface No
Application to install Yes
Compatible operating systems
  • Linux or Unix
  • Windows
Designed for use on mobile devices No
Service interface Yes
Description of service interface Alert Logic offers a fully self-service portal, the Alert Logic Console, to support provisioning, consumption of our security outcomes and enable your security workflow and analyze data through search and reporting. Customers will also interact with our operational team. Last but not least, customers can integrate programmatically with our platform through integration APIs.
Accessibility standards None or don’t know
Description of accessibility Service can be accessed via Alert Logic Console or API.
API documentation is available in the Alert Logic Console to extend Customer workflows, procedures, and in-house processes. The API documentation allows Customer to use Alert Logic APIs to automate some tasks, such as a querying the asset model, retrieving a list of remediation tasks (groups of exposures), and accessing open incidents and their detail, and more.
Accessibility testing No testing has been carried out, but our policies aim to be Section 508 compliant. Section 508 is a US Government accessibility programme (https://www.section508.gov/).
API Yes
What users can and can't do using the API All functionality available through the Alert Logic Console can also be accessed through a RESTful API.
API documentation is available in the Alert Logic Console to extend Customer workflows, procedures, and in-house processes. The API documentation allows Customer to use Alert Logic APIs to automate some tasks, such as a querying the asset model, retrieving a list of remediation tasks (groups of exposures), and accessing open incidents and their detail, and more.
All API access is securely encrypted and utilizes the same role-based access control levels as the Alert Logic Console.
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment No
Customisation available No

Scaling

Scaling
Independence of resources Various measures are used to restrict the impact of one user on another. User's data is held in separate data namespaces and user interface and user interface controls are implemented to ensure customers cannot perform actions that will affect other user's systems. This takes the form of controls and features to ensure that we can either throttle individual users at our frontend, or de-prioritize large date-range search queries for example.

Analytics

Analytics
Service usage metrics Yes
Metrics types Alert Logics service is based on number of instances protected plus log volume. Both metrics are provided in the portal for usage monitoring, a more detailed report is also provided through the Alert Logic Loyalty and Value team as part of our service on request.
Reporting types
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Reseller providing extra features and support
Organisation whose services are being resold Alert Logic

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach Alert Logic Enterprise Storage Systems (ESS) in used co-location data centers are configured for disk-level encryption.
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Alert Logic provides functionality within our user interface to provide customers to export data. This can be done wither through a report or using the inbuilt query tools.
Data export formats CSV
Data import formats
  • CSV
  • Other
Other data import formats Various Delimited File Formats

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Reliability of hosted services: Monthly uptime percentage: <99.9% Service credit percentage: 10% Monthly uptime percentage: <95% Service credit percentage: 25% ActiveWatch 15 minute security incident escalation commitment: Monthly failures: <5 Service credit percentage: 10% Monthly failures: 5 or more Service credit percentage: 25%
Approach to resilience Alert Logic production data centers are a dual processing pair to provide disaster recovery and business continuity in the event of a catastrophic failure. The production network's instances are duplicated through leverage of real-time replication capabilities of our database technologies, data processing system, and the enterprise storage systems and are configured to mirror all operational data. Replication activities are monitored in real time by our 24x7x365 monitoring and alerting system. If there are system failures or reductions in performance, alert notifications are sent to the Infrastructure and Production Support groups.
Outage reporting Outage reporting is provided via email alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Username or password
  • Other
Other user authentication Authentication is through the Alert Logic console. A user is required to have an account in order to engage with the SOC. Users who do not have an account cannot create tickets or interact with the team by phone. Phone authentication is carried out through the use of challenge/response questions. The Alert Logic console requires password authentication and can also be integrated with SSO and MFA.
Access restrictions in management interfaces and support channels Employees are explicitly granted only the rights, privileges, and access necessary to accomplish their assigned duties. Development, back office, and production systems are managed by separate IT groups. Access to all systems requires management approval, a user ID, and a password. Users and administrators are uniquely assigned user IDs in order to be identified and authenticated to our systems. Authentication to all production systems is protected via 2FA VPN and with password controls that include: complexity rules, maximum number of failed access attempts, minimum length, and expiration. All employees are responsible for maintaining the confidentiality of their passwords..
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Coalfire ISO
ISO/IEC 27001 accreditation date December 2016
What the ISO/IEC 27001 doesn’t cover Third party US data center facilities; (2) production environment and systems that reside in these data center facilities; and (3) company office space.
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date March 2017
CSA STAR certification level Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover N/A
PCI certification Yes
Who accredited the PCI DSS certification Schellman and Company
PCI DSS accreditation date 02/11/16
What the PCI DSS doesn’t cover Managed services that were assessed as part of the PCI accreditation were: Systems Security Services and IT Support.
Other security certifications Yes
Any other security certifications
  • SSAE 16 SOC 1
  • SSAE 16 SOC 2
  • ISO 27001-2013
  • PCI-DSS

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Alert Logic’s information security policies and program are based on the International Organization for Standardization/International Electro-technical Commission (“ISO/IEC”) 27001:2013 standard. This international standard consists of a comprehensive set of controls comprising best practices in information security, and provides a solid framework for building a secure infrastructure. Security policies and procedures are reviewed and revised on an annual basis by Management. Alert Logic employs full-time, experienced information security professionals who direct the Company's information security program. They are responsible for developing, documenting, and implementing security policies and standards and reviewing all system related security plans throughout the Company's internal and production networks. The Senior Director of IT Audit & Compliance is also responsible for monitoring compliance with established policies by conducting security risk assessments and internal audits on a regular basis.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Change management at Alert Logic is managed through an Information Technology Infrastructure Library (“ITIL”)-based Change Advisory & Approval Board (“CAAB”) that is fully documented and communicated throughout the Company. Enforcement of change management policies and procedures is the responsibility of all department managers. A change is defined as: any addition or modification in the SOC or backend infrastructure that could potentially affect the reliability of the user organization’s product and service. In compliance with ISO 27001, changes are assessed for potential security impact prior to approval.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Vulnerability Remediation for identified risks our Vulnerability Management Process. This process works to identify the overall risk based on Alert Logic's Research and Intelligence Team's Risk Matrix that works to identify likelihood and impact of an identified risk. The concluded risk remediation priority adheres to the number of days required to remediate: Critical Priority = ASAP, Reserved for Zero Day High Priority = 30 Days Medium Priority = 60 Days Low Priority = 90 Days
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Alert Logic is a internal customer of our security services. In addition to log collection (Log Manager), daily log review (Log Review), threat detection (Threat Manager), threat analysis (Active Watch Premier), web application protection (Web Security Manager); we also deploy a variety of external 3rd party solutions for areas such endpoint protection, file integrity monitoring, and email security. Potential high risk incident are quickly escalated by our Corporate Security team via our CIRT process. All these capabilities are built around an corporate incident response process in compliance with ISO 27001-2013.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Alert Logic is a internal customer of our security services. In addition to log collection (Log Manager), daily log review (Log Review), threat detection (Threat Manager), threat analysis (Active Watch Premier), web application protection (Web Security Manager). In the event an incident has been determined require remediation action, our Corporate Security is contacted for incident response (IR). Additionally, our Corporate Security team directly monitors other such endpoint protection, file integrity monitoring, and email security. Upon incident notification, the team will initiate our IR process.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £1.76 to £12.63 per device per month
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑