Ingest and Analyze Antivirus Data

Antivirus (AV) scanning is an essential part of an organization's security monitoring and provides valuable data for security teams to handle potential compromise and improve their security posture. With integration, analysis, and detection of AV logs from third-party tools, Alert Logic helps place threats identified from your AV data into a more comprehensive threat management view.

Alert Logic ingests and analyzes antivirus logs to provide key insights for alerting and Security Operations Center (SOC) support, such as:

  • Detection of known hack tools such as pwdump, wincred, and mimikatz whose presence is highly correlated with malicious post-compromise activity
  • Detection of writing to privileged locations on the local system, which is indicative of a user or malware with administrative privileges – often a later stage action in the attack cycle

Add an Additional Layer of Defense

In addition to antivirus analysis and detection, Alert Logic's Managed Detection and Response platform also provides an extended endpoint protection capability. With this capability, we block endpoint attacks through a combination of machine-learning attribute analysis and real-time behavioral analytics.

Learn more about extended endpoint protection

Alert Logic Solution Benefits

Security Platform
  • Asset discovery
  • Extended endpoint protection
  • Vulnerability scanning
  • Threat monitoring and visibility
  • Intrusion detections
  • Security analytics
  • Log collection and monitoring
  • Always-on WAF defense against web attacks
Threat Intelligence
  • Threat Risk Index
  • Verified testing 2.1 million + web application attacks
  • Dark web scanning
  • Remediation guidance
  • Attack prevention capabilities
  • Extensive log search capabilities
  • User behavior anomaly detection
  • Event insights and analysis
  • Threat frequency, severity, and status intelligence
  • Comprehensive vulnerability library
Expert Defenders
  • 24/7 SOC with incident management, escalation, and response support
  • PCI scanning and ASV support
  • Service health monitoring
  • Incident response assistance
  • Threat hunting
  • Help with tuning strategies, customized policies, and best practices

Need to Schedule A Demo?

Please fill out the form below in its entirety or call us directly at 844.816.1051, for the UK call +44 (0) 203 011 5533.