How proactive monitoring detects breaches and accelerates incident response
Veteran cyber security reporter Fahmida Rashid of InfoWorld recently toured the Alert Logic SOC, met with Genomic informatics company GenomeNext (an Alert Logic customer) and came away with a deep understanding of the overall approach taken to deliver fully-managed hybrid IT security solutions.
Her conclusion: "hunt teams -- SOC personnel who look for signs of an infection or a breach -- help organizations identify attackers who've broken past traditional security measures." This type of 24x7 threat monitoring and attack prevention is usually only available to companies willing to invest in building and maintaining a team of security experts backed by heavy investments in the security monitoring software, analytics tools, security rules and content, and ongoing upkeep. But Alert Logic brings that level of security and compliance management to any organization, through it's Security-as-a-Service offerings. "At Alert Logic, analysts rely on a platform that collects security events from applications, event data, logs, and appliances in customer data centers. The service also extends to public cloud workloads, such as workloads running on AWS."
This team of security analysts - ActiveWatch Services - enables organizations to make sense of the threat information, understand what to do with it and what steps to take next. And speed is of the essence - incident analysis and escalation to the customer can occur within 15 minutes of suspicious activity identification. This speed and understanding of what is really happening enables organizations to halt complex, multi-vector attacks including advanced SQL injections, ransomeware, and malware attacks targeted at web application environments. “We are not just saying, ‘Hey, this happened,’ to the customer. We tell a story, ‘Hey, this is what we initially see. This is where we’d go and investigate an event. This is what’s in the payload, and this is what that indicates.’ We work collaboratively to make sure the customer understands what happened and why we flagged the incident,” Jason Payne, Senior Director of ActiveWatch Services at Alert Logic.
Rashid concludes in her assessment that "Many organizations now realize traditional approaches of buying security technology alone is not enough. Prevention needs to go hand in hand with detection, and the security operations center is one way to tap in to skilled security personnel, advanced analytics tools, and continuous monitoring".