AlertLogic Threat Manager v3.5.4
Strengths: A lot of event monitoring and management capability.
Weaknesses: Response times could be a little shorter.
Verdict: Good capability, but needs a bit shorter response time.
The Threat Manager v3.5.4 with ActiveWatch Monitoring Service from Alert Logic combines intrusion protection and vulnerability management in one device that offers proactive and reactive protection from threats. Threat Manager uses an on-demand architecture, which eliminates false alarms associated with IDS technology. The appliance itself is plugged into an existing switch port where all traffic passing through that switch is captured and securely sent to the Alert Logic data center.
From an administration perspective, this service is easy to use. The administrator can access the web GUI to view a lot of information. The GUI includes a well-organized dashboard, which provides an in-depth overview of network incidents.
Using the ActiveWatch Monitoring Service, with Threat Manager as the core, offers a high level of network security monitoring. The Alert Logic Security Operations Center is staffed with experts and provides 24/7 monitoring of security events and alerts. These are driven by the IDS signature library that includes classifications, such as attack, denial-of-service, policy violation and trojans.
Documentation provided by the vendor was a PDF user guide for Threat Manager. This included installation and configuration information, as well as instructions on how to use the various reporting and log correlation features. It was well-organized and included many step-by-step instructions, diagrams and screen shots.
The company provides both incident- and non-incident-based support. Non-incident support includes phone and email technical support during business hours, as well as access to an online knowledge base. Incident-based support is covered by an SLA that includes either premium or standard monitoring. Premium monitoring will detect and escalate security incidents for network threats to protected networks within 30 minutes of their occurrence. The standard monitoring service will detect and escalate security incidents for network threats to protected networks within 12 hours of their occurrence.
At a cost of $1,100 per month, we find this service to be a good value for money. The appliance offers a lot of reporting and event management capability. However, the alert response times are slightly below average.