Issue link: https://insights.oneneck.com/i/1517356
Critical Detection Capabilities Fortra.com Optimization Phase: Organizations in this phase are cloud-only and focused on maximizing their efficiencies. Alert Logic helps you in this phase by providing a unique agent-based solution which enables Network IDS for North/South as well as East/West traffic. Our platform is optimized for multi-cloud environments so organiza- tions can choose the right cloud for the right workload while maintaining security. Native integration into cloud with API-driven integration into AWS and Azure enables critical data aggregation for a full picture of the entire cloud surface. Enhanced Detection with CRM/SaaS (O365, SFDC) Alert Logic builds collectors to capture data from Office 365, Salesforce, and other applications to create security content to generate incidents for key security use cases. Examples include: • Microsoft Office 365 Exchange Audit Logs • SharePoint Audit Logs • General Audit Logs • Administrative Actions • User Login AD • User Behavior AD Enhanced Detection with Third-Party EDR/Anti-Virus (Carbon Black, Cisco AMP, CrowdStrike, Cylance, SentinelOne) EDR solutions are highly effective at protecting endpoints. However, bad actors constantly innovate their attack techniques to evade detection. Analyzing EDR logs help surface these stealthy attacks that slip through, including: • Administrative Actions • User Login AD • User Behavior AD Network Traffic Analysis Networks Traffic Analysis (NTA) identifies attacks as they traverse in and out of the network. NTA analyzes traffic to and from all devices looking for patterns, abnormal behavior, and writing telemetry signatures. This allows detection of lateral movement, brute-force attacks, privilege escalation, ransomware, and C&C exploits. Enhanced Detection for Containers Alert Logic provides the industry's only network intrusion detection solution and log management for containers and applications in hybrid and multi-cloud environments. By analyzing North/South and East/West traffic, we rapidly detect network intruders leading to shorter dwell time and reducing the impact of a successful attack. Our integrated, agent-based solution protects all workloads (container or not) and provides a graphical representation of a compromised container and its relationships. Web Log Analytics Fortra's Alert Logic Web Log Analytics (WLA) enhances our web app threat detection capabilities by adding log-based threat detection and solves the visibility issue caused by modern transport encryption. This unique log-based threat detection analyzes the decrypted web server access logs (Apache, IIS, NGINIX) using a combination of pattern-matching, anomaly detection, signatures, and advanced correlations providing coverage for much of the OWASP Top 10. Page 5