Issue link: https://insights.oneneck.com/i/1517356
Critical Detection Capabilities Fortra.com Examples of observations Alert Logic can perform if detected from firewall application log data include: • An IP address in logs matches with listed blacklisted IP addresses • Brute force password guessing for a user for a certain amount of time • An anomalous number of resource downloads for a user deviated from normal activity • A new created service in the environment that is being used by a customer or external systems (generates incident) • Blacklisted IP addresses creating successful connections to most popularly exploited services in the network of a customer (generates incident) • A blacklisted IP address successfully probed a new internal resource (generates incident) • Alert Logic processes logs from the following firewalls: - Cisco - Fortinet - Palo Alto Enhanced Detection with Authentication Application (Auth0, Cisco Duo, Okta) To battle credential theft, organizations often use multi-factor authentication (MFA). Alert Logic has built collectors to cap- ture data from Auth0, Okta, and Cisco Duo MFA applications to create security content that is used to generate incidents for key security use cases. While MFA products provide different levels of logging detail, incidents generated fall into the following categories: • Administrative Actions • User Login AD • User Behavior AD The Alert Logic Okta collector can collect data relevant to: • Event Log Information • User Information • Group and Group Membership Information • Application and Application Assignment Information The Alert Logic Auth0 Log Collector gathers data relevant to: • Successful User Logins • Failed User Logins, Including Reason for Failure • Token Exchanges (Success & Failure) • Login Warnings • User Deletions • Connection Errors • User Signup Events • Email Verification Events • Password Changes • Rate Limiting Events • Operational Events • Operational Errors The Alert Logic Cisco Duo collector polls the following APIs for various types of data: • Authentication • Administrator • Telephony • Offline Enrollment Enhanced Detection with IaaS (AWS, Azure) Each cloud provider has unique offerings, so Alert Logic works closely with the cloud providers to understand their security challenges and provide services tailored to them. Leveraging this relationship and expertise means removing a significant factor in an already steep learning curve, reducing risk significantly along the three primary phases of the cloud journey: Migration Phase: This phase is focused on removing barriers and gaining alignment to enable a cloud-first strategy. In this phase, Alert Logic helps you by addressing the cloud security skills gap with our SOC and threat research team. Our platform provides heterogenous coverage for cloud and on-prem environments, and the ability to bring all the elements together to maintain compliance. Modernization Phase: In this phase, security needs to keep pace with IT so the organization may become more agile. Alert Logic helps you by identifying misconfigurations in the cloud and potential vulnerabilities in applications, automating vulnerability detection to quickly identify and fix application and operating system vulnerabilities, and address threats in containers and web applications to confidently deliver security applications quickly. Page 4