As managing director, Onkar Birk oversees all business operations and go-to-market strategies for Alert Logic. Fortra's recent acquisition of the cybersecurity powerhouse adds impressive capabilities to the company’s offerings. Onkar breaks down managed detection and response (MDR) and why it is imperative for an organization’s protection and success.
Tell us about Alert Logic and the MDR solutions it provides
This year, Alert Logics celebrates 20 years as early pioneers and continuous trailblazers in cybersecurity. We evolved to become the only MDR provider delivering a managed threat hunting service with comprehensive detection coverage for public clouds, SaaS, on-premises, and hybrid environments. Based on our extensive experience with thousands of customers, no level of investment prevents or blocks 100% of attacks. You need to continuously identify and address breaches or gaps BEFORE they cause real damage, as well as during an active attack.
Some organizations with limited expertise and a cloud-centric strategy may find this level of security unattainable — even those with mature IT infrastructures. But our cloud-native technology and white-glove team of security experts are here to not only make it attainable but extremely effective, too. Alert Logic MDR® protects our customers 24/7 and ensures the most successful response to resolve whatever threats may come with automated response actions to block attackers.
The defining characteristic of Alert Logic MDR® is its focus on delivering a meaningful security outcome to ease pre- and post-breach concerns (left and right of boom). It maximizes visibility and the ability to detect and respond to threats, combined with capabilities to minimize the impact of vulnerabilities, configuration issues, and attacks.
What’s driving the adoption of MDR?
Security is hard and complicated. With the rise of successful high-profile breaches, such as the Colonial Pipeline ransomware attack, cybersecurity has won a greater share of attention in the c-suite. At the same time, there is a significant global shortage of employees with vital security skills and no sign of relief in sight. Few organizations have the experts and infrastructure to effectively protect themselves, and that protection is the most customized part of security. Since they feel vulnerable to devastating attacks, organizations rely on other resources and providers to know when they are being attacked and how best to react. The ability to respond is a natural compromise in the presence of what they see as the impossible task of making themselves 100% secure.
To have value, MDR must be continuously informed on the evolution of threats, maintain a consistently high level of visibility across all assets, and accurately identify attacks in progress to minimize damage. This continuous and comprehensive capability is the most important factor driving organizations to MDR partners. To do this, MDR services require 24/7 visibility; scalable collection, ingestion, and automated analysis of high-volume; and deep expertise in threat intelligence and analysis to validate events and responses.
The management leg of MDR is the most important differentiator between external MDR providers. Responsibility for promptly identifying and mitigating attacks in progress is a serious challenge and requires two capabilities: operational competency and security authority. Before any vendor can present themselves as providers of meaningful MDR, they must prove the case for adopting MDR for more effective security and/or to assist the IT department.
Detection is the element of MDR that requires the most attention, speed, and knowledge. Speed and scope of understanding are important because organizations want their systems — which they know are vulnerable — to never experience a successful attack that causes meaningful harm.
Response varies according to the nature of the security event detected, the value and type of asset under threat, and the outcome desired by the managed organization. In some cases, victims simply want the attack to stop so they can move on. At the other end of the spectrum are organizations more interested in understanding the source and motivation behind the attack — those who are willing to allow an attack to continue to examine it.
What are the benefits to customers?
As pioneers in the industry, we were the first to clearly define the benefits of MDR. Alert Logic established Seven Tenets of MDR, which continue to stand as a model for setting clear customer expectations:
Reduce the likelihood or impact of successful attacks.
Provide 24/7 visibility and cover all assets in an organization.
Continuously be refreshed with research on new threats and vulnerabilities.
Augment technology with human intelligence to ensure accuracy and value.
Provide custom response that reflect business and attack context and cause.
Scale to deliver technical analysis and human insights across dynamic environments.
Deliver results and reporting that are credible, accessible, and useful.
Why do customers choose Alert Logic over competitors?
Our experts provide affordable 24/7 coverage; we work with our customer’s environment and address their concerns. Customer service is a key differentiator. Our cloud-native technology and white-glove team of security experts protect our customers 24/7 and only escalate the incidents which need their attention. Alert Logic MDR® with Alert Logic Intelligent Response™ provides a flexible, scalable, and integrated approach to protect their entire IT estates. Through a combination of automated response and expert guidance, Alert Logic delivers the options our customers need to reduce time-to-resolution for their security-strapped teams before any serious damage impacts their businesses. Our mobile app also makes timely, human-guided response much simpler.
We are the industry’s first SaaS-enabled, MDR provider with purpose-built technology and security experts who help identify and respond to cybersecurity breaches. For example, when the Log4Shell/Log4j threat rocked the IT world at the end of 2021, Alert Logic was quick to respond to protect our customers:
Our emerging threat Knowledge Base Article (KBA) on our website outlines our response.
We released a breakdown of the three attack phases involved in successful exploitation.
We also documented the valuable work our Threat Intelligence teams have conducted to create new (and identify existing) coverage for the Log4Shell exploit and derivatives.
Due to the ubiquity of this vulnerability, the severity (10/10), and that many of our customers may have been unaware of java-based products that bundle Log4j, we sent a communication to our entire customer and partner base. It included background information, instructions on how to identify if they were vulnerable, and how to patch or mitigate. We also explained that this mitigation step should only be temporary, and the true remediation action is to patch.
Customers also choose Alert Logic because of our:
Cloud leadership — Our team of research, analytics, and security operations experts deliver a fully managed service optimized for your cloud workloads.
Comprehensive coverage — Visibility throughout your technology stack, across public clouds, hybrid, on-prem, and SaaS apps.
Simple, cost-effective pricing— Based on your risk profile, our pricing is built to meet your desired security outcomes in a cost-effective and scalable manner.
Post-acquisition, what does the next chapter look like for Alert Logic?
Alert Logic and Fortra share a commitment to delivering great outcomes, so our customers experience continuity in the quality of the product and service. Having assembled one of the largest collections of cybersecurity professionals and capabilities under one roof means our customers can benefit from being in a larger ecosystem where they can access expertise in other areas of the Fortra Infrastructure Protection and Data Security portfolio.
We are now Alert Logic by Fortra. This subtle name change signals a future that is even brighter as we continue delivering the most comprehensive MDR capabilities and same unrivaled security outcomes for which Alert Logic has always been known. We continue to relentlessly pursue new ways to extend our technical leadership.
Having served as Alert Logic’s Chief Operating Officer and CTO for the last three years, and now as Managing Director, I am inspired by a future that brings us closer to realizing the Zero Trust security model (no unauthenticated person or technology, inside or outside a network, gains access to IT systems or services, and they must be continuously verified). With Fortra, we are well positioned to lead the cybersecurity industry down that path, offering the broadest portfolio of pre- and post-breach solutions. Our combined ability to reduce the likelihood and impact of an attack is truly unmatched.
Fortra has created a global cybersecurity powerhouse. Organizations at any stage of their security journey can now work with a single provider to access a full spectrum of detection and prevention capabilities.
If our customers want to learn more about Alert Logic, what resources would you recommend?
A great place to start is by watching our online demo video. From there you may want to take a free, two-minute cloud security assessment; explore our latest cybersecurity solution guides, industry reports, whitepapers, datasheets, and other resources; or request a live demo from our security experts.
Of course, www.alertlogic.com has a wealth of additional information and resources to help you evaluate our solution and determine if it is the best fit for your organization.