Advanced Detection For Cloud-Relevant Threats

Advanced Threat Detection For Cloud-Relevant Threats

In addition to common cyber threats affecting workloads including malware, brute force, system level cyber attacks, and privilege escalations, ActiveWatch provides threat detection of specific web applications such as

  • Exploits against known vulnerabilities in popular web application frameworks and other app stack components such as WordPress, Magento, PHP, Apache, ASP.Net, MongoDB and Hadoop

  • Web application attack methods, including those in the OWASP Top 10 such SQL injection, cross-site scripting, cross-site request forgery, information lead/disclosure, path traversal, code inspection, input validation and authentication issues.

Web Application & Infrastructure Stack

Vulnerability, threat detection and blocking logic use deep understanding of 3rd party frameworks and libraries that span your application and infrastructure stack.


"IT security leaders should use managed detection and response services to augment existing security monitoring capabilities to address gaps in advanced threat detection and incident response before investing in more security monitoring tools (e.g., security information and event management [SIEM], network, and host-threat detection), and associated staff and expertise."

Gartner, "Market Guide for Managed Detection and Response Services", May, 2016, Bussa. Lawson, Kavanagh


Multiple Layers Of Detection Analytics Improve Accuracy

Technology and experts are combined to apply three levels of analytics to reduce false positives, increase true positives and provide more context for clear action.


Signatures & Rules

Inspecting data for matching one or more criteria, e.g. patterns of exploits against known vulnerabilities or transactions that violate specified parameters.

Supervised Machine Learning

Using computer-generated algorithms that iteratively learn and improve detection accuracy under the supervision of data scientists and security analysts.  Machine learning finds new ways of detecting threats without being explicitly programmed where to look. By finding mathematical patterns too complex for humans to see, machine learning is particularly good at detecting multi-stage, multi-vector attacks that don’t match existing signature patterns or anomaly parameters.

Anomaly Detection

Real-time identification of historically unusual behavior, e.g. HTTP requests and responses with characteristics far beyond the normal range previously observed.

Your Data

Network, log and HTTP data are remotely collected by agents and instances running inside your AWS, Azure, hosted and on-premises environments. 


''Alert Logic provides the perfect mix of artificial intelligence from their product suite and human intelligence from their security operations center to give us fast remediation actions that keep us secure and compliant.''

Marcus Kern, Chief Technology Officer

Expert Support

Managed Expert Detection Lets You Focus On Your Business

24x7 Monitoring: GIAC-certified analysts in our Security Operations Center monitor customer environments globally 24x7.  Alerts generated by detection technologies are vetted by analysts to reduce false positives for customers. 

Incident Reports: Machine-generated incidents are enriched by experts with intelligence on the attack type and/or attacker, additional alert and incident correlation, affected resource IDs, suggested actions and other information designed to make your remediation actions more efficient and effective.

Personal Notifications: ActiveWatch analysts call, text or e-mail you within 15 minutes of high- and critical-priority attacks and can advise you on remediation options.


Go behind the scenes of our global Security Operations Center (SOC)

Full-Stack Security, Experts Included

Alert Logic invests in proprietary research and threat intelligence to understand vulnerabilities, exploits, methods and attack behaviors across each layer of your application and infrastructure stack and the open source and commercial components within them. The result: vulnerability scans, incident reports and live consultations that give you context and confidence to know when and where to act.

Detection Capabilities in Alert Logic Products

Alert Logic® Cloud Defender®

Includes our full suite of managed threat detection services together with vulnerability management.

Learn more

Alert Logic® Threat Manager

Inspects and sends network data to the ActiveWatch service as well as provides vulnerability management.

Learn more

Alert Logic® Log Manager

Inspects and sends log data to the ActiveWatch service.

Learn more


"Partnering with Alert Logic allows me to keep a leaner team. Also, instead of drowning in false positives, we only have to wake up at night when there’s an actual problem."

Wayne Moore, Head of Information Security, Simply Business


Alert Logic's cloud security solution experts can help you.
Complete this form to reach our experts or you may call us direct at 877.960.3383, for the UK call +44 (0) 203 011 5533.