Virtualization Technology News and Information
Article
RSS
Q&A: Interview with Alert Logic Talking Security-as-a-Service

Alert Logic recently announced Web Security Manager with ActiveWatch to protect web applications against the most common threats and attacks. The solution combines industry-leading web application firewall (WAF) technology with advanced managed security services from Alert Logic’s Security Operations Center, addressing the operational challenges associated with legacy WAF solutions which have hindered broad adoption of this important security control.

To find out more, I spoke with Urvish Vashi, VP of Marketing from Alert Logic.  Here is our conversation:

VMblog:  What is security-as-a-service, and what's different from traditional security solutions?

Urvish Vashi:  Security-as-a-Service combines the best of software-as-a-service and integrated human expertise to ensure customers realize the benefits of their investments in security. Security-as-a-Service eliminates the problem of shelfware which is all too common for traditional and legacy security solutions. Rather than relying on customer staff to design, implement, manage and administer security solutions, which provide multiple opportunities for failure, Security-as-a-Service solutions deliver the benefit or their customer simply cancel their monthly bill as opposed to having made a huge upfront investment and being stuck with the purchase irrespective of benefit.

VMblog:  You've released a new product called Web Security Manager. What are the key features, and what types of companies are adopting the service and why?

Vashi:  We've developed Web Security Manager (WSM) to provide an active defense from attacks against web applications and websites, such as those described in the OWASP Top Ten. WSM does this by combining powerful web application firewall technology with ActiveWatch, an expert managed services from Alert Logic's Security Operations Center (SOC). This new approach overcomes the challenge that has prevented users from realizing the benefits promised by traditional web application firewall (WAF) products: the difficulty of acquiring, implementing, managing, and tuning the technology to provide optimal protection without impairing site performance. Current Alert Logic customers and partners are showing interest and enthusiasm for WSM, including cloud and hosting providers as it provides an increased level of security. Companies needing richer web application protection and those focused on compliance mandates such as PCI, will require a web application firewall, but may not have security staff or expertise to ensure their WAF solution is working and properly tuned and managed.

VMblog:  What is the "SOC" and how does it differentiate Alert Logic from other cloud security solutions?

Vashi:  The Security Operations Center (SOC) is like the traditional Network Operations Center (NOC) common is most enterprises, but focuses on security incident identification and response. The Alert Logic SOC is staffed 24x7 with GIAC-certified security analysts who are responsible for responding to security alarms in customer environments and advising customers on how to contain, respond and eradicate security incidents. Most cloud-based security solutions are essentially software-as-a-service offerings. However, even a great software-as-a-service offering still requires human expertise to utilize. For example, a customer may choose to use Salesforce.com but once they grow to a certain size, they still require a Salesforce.com administrator to make sure the application is configured and managed to align with business objectives or goals. The SOC provides the function of being the human expertise to complement our software-as-a-service offerings.

VMblog:  WAF technology has been around for decades. Why has this technology fallen short of expectations in the past and how do they play a role in WSM?

Vashi:  While WAFs are ideally positioned to help organizations secure their web applications, in practice, WAF implementations have not met expectations and security promise that drove the investment. Without the required expert tuning, WAFs may disrupt legitimate traffic and impact the availability of web applications, or get tuned to a level that delivers virtually no security against real-world threats. We've taken a new approach to web application security, providing WAF technology delivered on our proven security-as-a-service platform with advanced security services from our SOC. Traditional WAF vendors have tried to solve the problems of real-world WAF deployment with professional service engagements. WSM is the first web application security solutions architected as an integrated security-as-a-service offering.

VMblog:  What is unique about Alert Logic's WSM solution compared to other companies providing a similar service or products?

Vashi:  WSM was developed with our customers most important needs in mind, including building on what customers find as Alert Logic's major differentiators. Alert Logic's platform let customers deploy Web Security Manager wherever IT goes - on-premises, in hosted environments, or in the cloud via a range of physical, virtual, and high availability data collection and installation options. Fundamentally, users are provided with baseline security and protection capabilities, through our SOC and product features. Compared to other security solutions, we provide reduced management burden and better value, through minimal upfront costs and a highly competitive monthly pricing model. Additionally, for customers who must comply with PCI DSS, WSM provides the simplest method of complying with Requirement 6.6.

VMblog:  How do you ensure that your customers' data remains secure?

Vashi:  We take holding customer data very seriously. Our customers and partners demand it. In addition to implementing a strong set of security controls, we go through a regular external audit including SSAE16 SOC 2 validation.

VMblog:   Alert Logic partners with Hosting and Cloud Service Providers. What offerings are tailored to be the most beneficial for these partners?

Vashi:  Simply put all of our offerings are well suited for hosting and cloud infrastructure providers. As more enterprise workloads move from on-premises deployments to the cloud, the same expectations around advanced security those enterprises have inside their four walls. We expect to see a higher adoption of Web Security Manager in cloud and hosting providers largely due to the fact that web applications are more prevalent in those environments.

VMblog:   Anything else VMblog readers should know or expect to see in the next 12 months?

Vashi:  Alert Logic will be announcing the findings of our semi-annual State of Cloud Security Research Report in September of this year. Further, expect to see a series of announcements from more leading and cloud and hosting providers continuing to grow their managed security services portfolio based on Alert Logic solutions.

###

Thanks again to Urvish Vashi, VP of Marketing from Alert Logic, for taking time out to speak with VMblog.

Published Monday, August 13, 2012 6:20 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<August 2012>
SuMoTuWeThFrSa
2930311234
567891011
12131415161718
19202122232425
2627282930311
2345678