At the beginning of the year, Alert Logic articulated our point of view around the definition of Managed Detection and Response with the release of the MDR Manifesto. In it, we helped shape the market definition by articulating what it takes to deliver on MDR outcomes. Ultimately, we deliver a solution to reduce the impact and damage an organization sustains from a successful attack.
We followed that up with the understanding that one of the best ways to minimize the impact of a successful attack is to minimize the likelihood of a successful attack. This can be done by augmenting prevention technologies by addressing gaps like vulnerabilities and configuration issues.
Things like the Manifesto and a focus on threats, as well as attacks, helps inform and guide our investments on how we prioritize the capabilities we bring to market. We group our efforts to deliver against three strategic areas: Expanding coverage, simplifying the user experience and continuous innovation. Given that our expert-enabled service is SaaS based, we have the agility to deliver releases to our customers that provide immediate impact and value. It’s rare that we have our development efforts line up such that so many innovations arrive at the same time.
First, let’s look at web applications. Web applications are now just a standard part of doing business and are common in modern enterprises, with typical mid-sized organizations deploying dozens of web applications. Unfortunately, web applications create security blind spots, with attacks being shrouded due to the extensive use of encryption technologies. While prevention of web attacks can be achieved through the combination of decryption and WAF technologies, they are very rigid in policy enforcement, are taxing on resources and are susceptible to false positives. Given the business climate brought on by the current pandemic, many storefronts and contactless payments are leveraging custom web applications. Even if an attack is taking place, many organizations will accept that reality rather than disrupt the revenue stream.
To aid in detection of these types of attacks, our MDR platform includes a log-based machine-learning fueled threat detection solution for custom web applications. This solution can be deployed at scale and solves the visibility issues caused by modern transport encryption. In our beta-program we have achieved 99.99% accuracy in detecting attacks.
Another of Alert Logic’s strategic priorities is to deliver a simplified experience that delivers credible, accessible, and useful results to our customers and partners. To that end, there have been significant enhancements in streamlining workflows by enabling automated ticketing from within the Alert Logic console and providing an SDK to allow for better extension and automation.
Linking the Alert Logic console with IT service management systems allows customers to open tickets automatically and streamline service desk workflow. Our universal webhook and email connectors enable customers and partners to connect with their ITSM and/or messaging tools of choice. Customers seeking integration with key technology vendors (e.g., ServiceNow, Jira, Slack) can leverage pre-defined templates and will have the flexibility to customize the workload templates to simplify integration with their existing workflows.
To add a level of automation, Alert Logic developed a new Software Developer Portal. This provides tooling and step-by-step guidance and documentation, enabling customers and partners to build and embed their own automation and integrations. The new developer portal includes a comprehensive toolkit of command-line tools and programming language integrations, as well as a rich library of use cases so you can get started quickly.
Last, but certainly not least, to assist customers with their compliance needs, we are now also including File Integrity Monitoring (FIM) capabilities. By adding File Integrity Monitoring to our MDR platform, we can enhance detection of unauthorized change events which may be attempted attacks or the actions of malicious insiders covering their tracks. This includes integrity of system directories, registry keys, and values on the operating system as well as application and content files.
Looking to learn more about MDR? Check out What Is MDR?
