Issue link: https://insights.oneneck.com/i/1517356
Critical Detection Capabilities Fortra.com Advanced Analytics A collection of multiple sophisticated techniques is used to identify threats in the Alert Logic MDR platform. Below is a sample of some of those techniques and their purposes. Log Data Monitoring OA core function in threat detection is mining and parsing log data to find hidden threats. This function requires several types of data feeds, advanced analytics, and expertise to improve data models and reduce false positives. Alert Logic provides: Create, test signatures & rules Develop & tune detection analytics Verify attacks & criticality Correlate, model attack progression Research vulnerabilities exploits, payloads Create machine learning models Integrate intelligence on arranging threats Findings to analytics team Assemble incident report & notify Assess scope & impact • Insights from logs to recognize issues that need to be remediated to prevent future attacks • Log monitoring for real-time malicious activity detection • 24/7 expertise to help resolve any incidents based on logs and other detection sources • Understanding of network traffic, protocols, and alert volumes at a high level and drill down to uncover the neces- sary details using intuitive dashboards • Dramatically reduce wasted activity because the noise is already filtered out • Oversight to ensure all relevant detection sources are optimally configured during the deployment process • Compliance requirements by scanning regularly and storing logs for one year There are several types of data sources and each provides distinct information for detecting threats. We offer integration with applications, including API-based integration with SaaS applications and passive log collecting through syslog forwarding with most firewall platforms. Available applications include products for authentication, productivity, management, and more. Alert Logic serves as a remote collector to receive log data from SaaS and firewall applications related to different incident types, depending on the product type. The Application Registry is a repository of platform integrations in your Alert Logic Console Configuration page; new integration points are continuously being added. The Application Registry allows you to configure multiple third-party applications to collect and generate logs. Integration with third-party applications adds administrative and security value to your organization. Enhanced Detection with Firewall Logs Alert Logic performs observations of relevant security information derived from one or multiple sources from the firewall application log data. Observations do not always meet our criteria to generate an incident but can demonstrate security value. Observations can identify security patterns and allow you to conduct threat hunting. Page 3