Gartner Ranks Alert Logic as a Challenger in the IDPS Magic Quadrant

Gartner just released the latest Magic Quadrant for Intrusion Detection and Prevention Systems—which lists Alert Logic in the Challenger quadrant. Part of the reason that Alert Logic ranked so well, or made the Intrusion Detection and Prevention Systems (IDPS) Magic Quadrant at all, is a reflection of a shift in the criteria for the category—driven by an evolution in security and technology.

Evolution of IDPS

It’s worth noting that Gartner famously predicted the demise of the entire Intrusion Detection Systems (IDS) market back in 2003. At the time, Gartner felt that IDS—as well as Intrusion Prevention Systems (IPS)—simply were not living up to customer expectations and would soon die off. It was fairly controversial, but also somewhat understandable. At the time, IDS and IPS solutions mainly generated a lot of extra noise without effectively delivering the extra layer of security they promised.

It’s 2018. IDS and IPS are still here. Rather than die out, IDPS adapted and evolved. 

In fact, this Magic Quadrant reflects an important shift in the IDPS market—the migration to the cloud. The criteria for the 2018 IDPS Magic Quadrant emphasize cloud use cases and analytics, as well as machine learning based detection —a significant change from the traditional criteria that focused on speed and inline operations. 

The report suggests this is an emerging IDPS scenario that may gain momentum in future reports. “In addition, some vendors such as Alert Logic and McAfee offer functionality in the public cloud in order to provide controls closer to the workloads that reside there. Gartner is tracking the growth of these deployments carefully, and will monitor their efficacy.”

Alert Logic: Gartner IDPS Magic Quadrant Challenger

Alert Logic placed in the Challenger quadrant of the IDPS MQ – an improvement from Alert Logic’s rank of Niche Player in the 2017 Magic Quadrant. In essence, that means Gartner recognizes Alert Logic’s ability to execute, but feels like there is room for improvement when it comes to the complete vision for IDPS.

To be fair, though, the completeness of vision assessment relies in part on features and capabilities unique to traditional, stand-alone IDPS solutions designed for on-premises infrastructure, which Gartner admits up front is a shrinking market. 

Cloud Drives Different Evaluation Criteria – Monolithic Appliances Not Required

The report points out that most new deployments from Alert Logic are virtual machines deployed in hosting or cloud environments as opposed to physical appliances. High-performance IDPS appliances are important in a traditional on-premise data center—where taking up space on the rack is a primary concern. Cloud environments, however, do not suffer from those same physical limitations. When you auto-scale your IDS to meet performance and throughput demands, you want building blocks that are the right size for your needs—not monolithic appliances. In the cloud, the ability to scale out—rather than up—is more important for agility.  

Additionally, Alert Logic's ability to detect lateral movement threat vectors within an IaaS deployment – as well as ingress and egress attack vectors -  position it well for cloud security scenarios.

Machine Learning for Multi-stage, Multi-Day Attacks

Gartner recognizes the investment Alert Logic has made in machine learning, and the benefits it provides for IDPS. Using machine learning to analyze the event stream reduces the number of events that need to be reviewed by human analysts and correlates incidents of compromise to help teams contain attacks spanning days to weeks to months. 

Under the Strengths section of the report for Alert Logic, Gartner states, “Alert Logic is one of the first vendors to use analytics and machine learning to postprocess IDS event streams. This improves its ability to detect threats and incidents that take multiple days/weeks to evolve faster and with more efficacy.”

Check out the Gartner IDPS Magic Quadrant

Gartner stresses that Alert Logic is particularly strong in public cloud and virtualized environments, and points out how Alert Logic can be quickly deployed using prebuilt integrations with popular platforms like Chef and Puppet. 

The report also says that customers value the ease of use of Alert Logic, and that the ability to deploy and rapidly shift an existing deployment make Alert Logic ideally suited for agile and DevSecOps environments. You don’t have to take my word for it, though. Click here to download the Gartner IDPS Magic Quadrant and check it out for yourself.

About the Author

Tony Bradley - Senior Manager of Content Marketing for Alert Logic

Tony Bradley

Tony Bradley is Senior Manager of Content Marketing for Alert Logic. Tony worked in the trenches as a network administrator and security consultant before shifting to the marketing and writing side of things. He is an 11-time Microsoft MVP in security and cloud and has been a CISSP-ISSAP since 2002. Tony has authored or co-authored a dozen books on IT and IT security topics, and is a prolific contributor to online media sites such as Forbes and DevOps.com. He has established a reputation for effective content marketing, and building and engaging a community and social media audience.

Connect | Email Me | More Posts by Tony Bradley