Dan's Take

Alert Logic Cloud Defender

An intriguing product in a crowded field; but it doesn't replace a company doing its own due diligence.

• By Dan Kusnetzky
• 11/19/2014

One of the major inhibitors to the adoption of cloud services has always been the concern about security. Enterprises know what they have to do to protect applications and services living in their own datacenter. Even though they know what they have to do, the media is full of a never-ending list of break-ins and the resulting loss of customer personal and credit information. These enterprises don't feel quite as confident about protecting applications and data residing in the datacenter of a cloud services provider.

Alert Logic is one of a number of companies that says it knows about the problem, and has a solution.

What Alert Logic Has to Say About Cloud Defender
Here's a snippet of the Alert Logic description of what's included in Alert Logic Cloud Defender:

Alert Logic Cloud Defender is a tightly integrated security and compliance suite that provides businesses with deep security insight into their IT environment and continuous protection against attacks, at a fraction of the cost of traditional security solutions. Through a combination of market-leading technologies and human expertise in the form of 24x7 monitoring by security and compliance specialists, Alert Logic Cloud Defender delivers four critical detection and protection capabilities that datacenters require. These include:

• Intrusion detection that identifies and mitigates threats as they move across an organization's network
• Vulnerability scanning that inspects servers for known vulnerabilities and misconfigurations that expose them to potential takeover by cyber attackers
• Web application threat detection that observes traffic destined for Web applications identifying malformed requests that are indicative of a Web application attack
• Log and security event analysis that, through a combination of threat intelligence and purpose-built correlation rules, can analyze seemingly unrelated log messages from operating systems, applications, databases and other security products to identify threats

Dan's Take: Business, Protect Thyself
Alert Logic isn't alone in seeing the growing challenge enterprises face when hosting applications, workloads, databases or just data in the cloud. Companies such as IBM, Microsoft, Amazon Web Services, Qualys, White Hat Security, Centrify, SilverSky, and McAfee are all offering their own solutions. Each of these companies offers a different approach and different technology. Most cloud services providers would claim that they're doing what's necessary to protect their customers and their data. And, yet, the industry suffers one break-in after another.

Security, like management, isn't something that enterprises find easy to add on after the fact.  Like management, it has to be a way of life for enterprises and suppliers alike. Security must be considered when applications, services and even database engines are selected or developed. Just because a cloud services provider is making software, platforms or infrastructure available as a service doesn't mean the provider has done all the work necessary to make its products as safe as they could be. An enterprise can't pass this responsibility on to the services provider; it must step up and make its own environment as safe and secure as reasonably possible.

Alert Logic appears to offer tools that would be helpful, but an enterprise really must develop its comprehensive plan and processes to assure its own security.