There are a lot of moving parts when it comes to securing and protecting your network. Organizations deploy an array of cybersecurity tools and solutions with varying degrees of success, but one of the most crucial steps in effective cybersecurity is minimizing the available attack surface. With the new capabilities announced today, Alert Logic is expanding the sphere of protection and reducing the attack surface for customers.
[Related Reading: What Is Endpoint Security?]
Reduce and Minimize Your Attack Surface
There is no perfect or impervious cybersecurity. It would be great to detect and block all attacks and exploits but doing so is virtually impossible. Cybercriminals are generally quite adept at finding the one weakness you missed—discovering your Achilles heel.
The thing is, most attackers are also not all that determined to compromise a specific company or target. They go after the easy targets and low-hanging fruit. If you reduce your exposed attack surface and increase the level of effort required to identify and exploit weaknesses in your cybersecurity defenses, attackers will move on.
To help customers reduce their attack surface and provide more effective security, Alert Logic is rolling out a variety of capabilities, including extended endpoint protection, antivirus detection, log collection and search for Office 365, Microsoft Azure Event Hubs integration, user behavior anomaly detection for Amazon Web Services (AWS) environments, and dark web scanning.
Extended Endpoint Protection
Extended endpoint protection (available in Alert Logic Essentials) helps thwart multiple attack techniques that try to compromise endpoints, gain access to resources, and detonate payloads. Our multi-vector attack monitoring and isolation recognizes these techniques and stops them early before any damage is done. It can work alongside existing antivirus tools to provide an additional layer of defense.
Alert Logic monitors malicious techniques in real-time and employs machine learning to stay a step ahead of attackers and zero-day exploits. Extended endpoint protection covers endpoints whether they’re online or offline, and it can recognize new threats faster because it doesn’t rely on signatures. Endpoints that become compromised are isolated, so they don’t become a threat to other endpoints or the rest of the network.
Expanded Attack Surface Coverage
In addition to extended endpoint protection, Alert Logic is introducing additional capabilities to broaden its attack surface coverage, including the following:
- Antivirus Integration: Enables ingestion and analysis of anti-virus data to provide key insights for alerting and security operations center (SOC) support, such as detection of known hacking tools and writing to privileged locations. Available today in Alert Logic Professional.
- Office 365 and Expanded Azure Integration: Provides Office 365 log collection and search for Exchange, SharePoint, Teams, and more and Azure Event Hubs integration for Azure Active Directory, Azure Diagnostics, Azure Activity Log, Azure Secure Center, Azure SQL Audit logs and more, further extending how Alert Logic supports organizations across any environment. Available today in Alert Logic Professional.
- AWS User Behavior Anomaly Detection: Leverages AWS CloudTrail to detect and alert on suspicious user activity in AWS environments. Uses machine learning to help determine a baseline of user behavior and identify changes in the way users access systems including locations and times of access. Available today in Alert Logic Professional.
- Dark Web Scanning: Enables Alert Logic SOC analysts to scan customer account domains to identify and send alerts when compromised credentials are found on the dark web. It helps reveal potential risks of attack due to hacked email accounts, spear phishing, and other targeted social engineering efforts. Available today with the Assigned SOC Analyst option for Alert Logic Enterprise.
SIEMless Threat Management
Alert Logic Essentials supports extended endpoint protection, leveraging machine-learning and behavioral analytics, to monitor and isolate Windows and Mac client endpoint attacks at the earliest opportunity.
Alert Logic delivers an award-winning solution with visibility, vulnerability assessment, threat detection and response, and web application security to provide the right level of coverage at the right cost. Our SIEMless approach protects public cloud infrastructures, container workloads, as well as traditional data-centers and endpoints. Alert Logic customers get better security and peace of mind at a lower total cost than a do-it-yourself security approach or traditional outsourcing, and with our new features and capabilities, the protection and value just got even better.
All of the capabilities are offered at no additional cost to customers of Alert Logic Essentials, Professional, and Enterprise, respectively. Extended endpoint protection is available in beta for select customers and partners today and will be generally available in Alert Logic Essentials in calendar Q2.