At the beginning of the year, Alert Logic articulated our point of view around the definition of Managed Detection and Response with the release of the MDR Manifesto. In it, we helped shape the market definition by articulating what it takes to deliver on MDR outcomes. Ultimately, we deliver a service to reduce the impact and damage an organization sustains from a successful attack.
We followed that up with the understanding that one of the best ways to minimize the impact of a successful attack is to minimize the likelihood of a successful attack. This can be done by augmenting prevention technologies by addressing gaps like vulnerabilities and configuration issues – this mindset is articulated in a Left of Boom / Right of Boom discussion.
Things like the Manifesto and a focus on threats, as well as attacks, helps inform and guide our investments on how we prioritize the capabilities we bring to market. We group our efforts to deliver against three strategic areas: Expanding coverage, simplifying the user experience and continuous innovation. Given that our expert-enabled service is SaaS based, we have the agility to deliver releases to our customers that provide immediate impact and value. It’s rare that we have our development efforts line up such that so many innovations arrive at the same time. Needless to say, it’s been a busy summer for the Alert Logic team.
First off, I’d like to address web applications. Web applications are now just a standard part of doing business and are common in modern enterprises, with typical mid-sized organizations deploying dozens of web applications. Unfortunately, web applications create security blind spots, with attacks being shrouded due to the extensive use of encryption technologies. While prevention of web attacks can be achieved through the combination of decryption and WAF technologies, they are very rigid in policy enforcement, are taxing on resources and are susceptible to false positives. Given the business climate brought on by the current pandemic, many storefronts and contactless payments are leveraging custom web applications. Even if an attack is taking place, many organizations will accept that reality rather than disrupt the revenue stream.
To aid in detection of these types of attacks, we are releasing Web Log Analytics (WLA), which is a log-based machine-learning fueled threat detection solution for custom web applications. This solution can be deployed at scale and solves the visibility issues caused by modern transport encryption. In our beta-program we have achieved 99.99% accuracy in detecting attacks. We believe this is a first of a kind detection method being deployed commercially. Antonio Sanchez shares more about the importance of WLA here.
Another of Alert Logic’s top strategic priorities is to deliver a simplified experience that delivers credible, accessible, and useful results to our customers and partners. To that end, there have been significant enhancements in streamlining workflows by enabling automated ticketing from within the Alert Logic console and providing an SDK to allow for better extension and automation.
Linking the Alert Logic console with IT Service Management (ITSM) systems allows customers to open tickets automatically and streamline service desk workflow. Our universal webhook and email connectors enable customers and partners to connect with their ITSM and/or messaging tools of choice. Customers seeking integration with key technology vendors (such as ServiceNow, Jira, Slack) can leverage pre-defined templates and will have the flexibility to customize the workload templates to simplify integration with their existing workflows. You can find out more about the Alert Logic Connectors in this blog post.
To add a level of automation, Alert Logic has developed a new Software Developer Portal. This provides tooling and step-by-step guidance and documentation, enabling customers and partners to build and embed their own automation and integrations. The new developer portal includes a comprehensive toolkit of command-line tools and programming language integrations, as well as a rich library of use cases so you can get started quickly. Check out this blog post for more about the DevNet software developer portal.
Last, but certainly not least, to assist customers with their compliance needs, we are now also including File Integrity Monitoring (FIM) capabilities. By adding File Integrity Monitoring to our MDR platform, we can enhance detection of unauthorized change events which may be attempted attacks or the actions of malicious insiders covering their tracks. This includes integrity of system directories, registry keys, and values on the operating system as well as application and content files. You can find more information about FIM and how it helps with PCI-DSS compliance here.
We’re all about delivering on what our customers are asking for (FIM and the developer portal) and innovative solutions for problems they are experiencing (WLA and Connectors). If you’d like to learn more about these exciting new capabilities, join us for a LinkedIn livestream on September 16 at 12pm CST or watch the video blogs linked throughout this post.
About the Author
*** This is a Security Bloggers Network syndicated blog from Alert Logic - Blogs Feed authored by Bharath Vasudevan. Read the original post at: https://blog.alertlogic.com/staying-the-course-delivering-on-the-promise-of-mdr/