Gartner just released the latest Magic Quadrant for Intrusion Detection and Prevention Systems—which lists Alert Logic in the Challenger quadrant. Part of the reason that Alert Logic ranked so well, or made the Intrusion Detection and Prevention Systems (IDPS) Magic Quadrant at all, is a reflection of a shift in the criteria for the category—driven by an evolution in security and technology.
Evolution of IDPS
It’s worth noting that Gartner famously predicted the demise of the entire Intrusion Detection Systems (IDS) market back in 2003. At the time, Gartner felt that IDS—as well as Intrusion Prevention Systems (IPS)—simply were not living up to customer expectations and would soon die off. It was fairly controversial, but also somewhat understandable. At the time, IDS and IPS solutions mainly generated a lot of extra noise without effectively delivering the extra layer of security they promised.
It’s 2018. IDS and IPS are still here. Rather than die out, IDPS adapted and evolved.
In fact, this Magic Quadrant reflects an important shift in the IDPS market—the migration to the cloud. The criteria for the 2018 IDPS Magic Quadrant emphasize cloud use cases and analytics, as well as machine learning-based detection —a significant change from the traditional criteria that focused on speed and inline operations.
The report suggests this is an emerging IDPS scenario that may gain momentum in future reports. “In addition, some vendors such as Alert Logic and McAfee offer functionality in the public cloud in order to provide controls closer to the workloads that reside there. Gartner is tracking the growth of these deployments carefully, and will monitor their efficacy.”
Alert Logic: Gartner IDPS Magic Quadrant Challenger
Alert Logic placed in the Challenger quadrant of the IDPS MQ – an improvement from Alert Logic’s rank of Niche Player in the 2017 Magic Quadrant. In essence, that means Gartner recognizes Alert Logic’s ability to execute but feels like there is room for improvement when it comes to the complete vision for IDPS.
To be fair, though, the completeness of vision assessment relies in part on features and capabilities unique to traditional, stand-alone IDPS solutions designed for on-premises infrastructure, which Gartner admits up front is a shrinking market.
Cloud Drives Different Evaluation Criteria – Monolithic Appliances Not Required
The report points out that most new deployments from Alert Logic are virtual machines deployed in hosting or cloud environments as opposed to physical appliances. High-performance IDPS appliances are important in a traditional on-premise data center—where taking up space on the rack is a primary concern. Cloud environments, however, do not suffer from those same physical limitations. When you auto-scale your IDS to meet performance and throughput demands, you want building blocks that are the right size for your needs—not monolithic appliances. In the cloud, the ability to scale out—rather than up—is more important for agility.
Additionally, Alert Logic's ability to detect lateral movement threat vectors within an IaaS deployment – as well as ingress and egress attack vectors - position it well for cloud security scenarios.
Machine Learning for Multi-stage, Multi-Day Attacks
Gartner recognizes the investment Alert Logic has made in machine learning, and the benefits it provides for IDPS. Using machine learning to analyze the event stream reduces the number of events that need to be reviewed by human analysts and correlates incidents of compromise to help teams contain attacks spanning days to weeks to months.
Under the Strengths section of the report for Alert Logic, Gartner states, “Alert Logic is one of the first vendors to use analytics and machine learning to post-process IDS event streams. This improves its ability to detect threats and incidents that take multiple days/weeks to evolve faster and with more efficacy.”
Check out the Gartner IDPS Magic Quadrant
Gartner stresses that Alert Logic is particularly strong in public cloud and virtualized environments, and points out how Alert Logic can be quickly deployed using prebuilt integrations with popular platforms like Chef and Puppet.
The report also says that customers value the ease of use of Alert Logic and that the ability to deploy and rapidly shift an existing deployment make Alert Logic ideally suited for agile and DevSecOps environments.