Alert Logic recently announced Web Security Manager with ActiveWatch to protect web applications against the most common threats and attacks. The solution combines industry-leading web application firewall (WAF) technology with advanced managed security services from Alert Logic’s Security Operations Center, addressing the operational challenges associated with legacy WAF solutions which have hindered broad adoption of this important security control.
To find out more, I spoke with Urvish Vashi, VP of Marketing from Alert Logic. Here is our conversation:
VMblog: What is security-as-a-service,
and what's different from traditional security solutions?
Urvish Vashi: Security-as-a-Service combines the best
of software-as-a-service and integrated human expertise to ensure customers
realize the benefits of their investments in security. Security-as-a-Service
eliminates the problem of shelfware which is all too common for traditional and
legacy security solutions. Rather than relying on customer staff to design,
implement, manage and administer security solutions, which provide multiple
opportunities for failure, Security-as-a-Service solutions deliver the benefit
or their customer simply cancel their monthly bill as opposed to having made a
huge upfront investment and being stuck with the purchase irrespective of
benefit.
VMblog: You've released a new product
called Web Security Manager. What are the key features, and what types of
companies are adopting the service and why?
Vashi: We've developed Web Security Manager
(WSM) to provide an active defense from attacks against web applications and
websites, such as those described in the OWASP Top Ten. WSM does this by
combining powerful web application firewall technology with ActiveWatch, an
expert managed services from Alert Logic's Security Operations Center (SOC).
This new approach overcomes the challenge that has prevented users from
realizing the benefits promised by traditional web application firewall (WAF)
products: the difficulty of acquiring, implementing, managing, and tuning the
technology to provide optimal protection without impairing site performance.
Current Alert Logic customers and partners are showing interest and enthusiasm
for WSM, including cloud and hosting providers as it provides an increased level
of security. Companies needing richer web application protection and those
focused on compliance mandates such as PCI, will require a web application
firewall, but may not have security staff or expertise to ensure their WAF
solution is working and properly tuned and managed.
VMblog: What is the "SOC" and how does
it differentiate Alert Logic from other cloud security
solutions?
Vashi: The Security Operations Center (SOC) is
like the traditional Network Operations Center (NOC) common is most enterprises,
but focuses on security incident identification and response. The Alert Logic
SOC is staffed 24x7 with GIAC-certified security analysts who are responsible
for responding to security alarms in customer environments and advising
customers on how to contain, respond and eradicate security incidents. Most
cloud-based security solutions are essentially software-as-a-service offerings.
However, even a great software-as-a-service offering still requires human
expertise to utilize. For example, a customer may choose to use Salesforce.com
but once they grow to a certain size, they still require a Salesforce.com
administrator to make sure the application is configured and managed to align
with business objectives or goals. The SOC provides the function of being the
human expertise to complement our software-as-a-service
offerings.
VMblog: WAF technology has been around
for decades. Why has this technology fallen short of expectations in the past
and how do they play a role in WSM?
Vashi: While WAFs are ideally positioned to help
organizations secure their web applications, in practice, WAF implementations
have not met expectations and security promise that drove the investment.
Without the required expert tuning, WAFs may disrupt legitimate traffic and
impact the availability of web applications, or get tuned to a level that
delivers virtually no security against real-world threats. We've taken a new
approach to web application security, providing WAF technology delivered on our
proven security-as-a-service platform with advanced security services from our
SOC. Traditional WAF vendors have tried to solve the problems of real-world WAF
deployment with professional service engagements. WSM is the first web
application security solutions architected as an integrated
security-as-a-service offering.
VMblog: What is unique about Alert
Logic's WSM solution compared to other companies providing a similar service or
products?
Vashi: WSM was developed with our customers most
important needs in mind, including building on what customers find as Alert
Logic's major differentiators. Alert Logic's platform let customers deploy Web
Security Manager wherever IT goes - on-premises, in hosted environments, or in
the cloud via a range of physical, virtual, and high availability data
collection and installation options. Fundamentally, users are provided with
baseline security and protection capabilities, through our SOC and product
features. Compared to other security solutions, we provide reduced management
burden and better value, through minimal upfront costs and a highly competitive
monthly pricing model. Additionally, for customers who must comply with PCI DSS,
WSM provides the simplest method of complying with Requirement
6.6.
VMblog: How do you ensure that your
customers' data remains secure?
Vashi: We take holding customer data very
seriously. Our customers and partners demand it. In addition to implementing a
strong set of security controls, we go through a regular external audit
including SSAE16 SOC 2 validation.
VMblog: Alert Logic partners with
Hosting and Cloud Service Providers. What offerings are tailored to be the most
beneficial for these partners?
Vashi: Simply put all of our offerings are well
suited for hosting and cloud infrastructure providers. As more enterprise
workloads move from on-premises deployments to the cloud, the same expectations
around advanced security those enterprises have inside their four walls. We
expect to see a higher adoption of Web Security Manager in cloud and hosting
providers largely due to the fact that web applications are more prevalent in
those environments.
VMblog: Anything else VMblog readers
should know or expect to see in the next 12 months?
Vashi: Alert Logic will be announcing the
findings of our semi-annual State of Cloud Security Research Report in September
of this year. Further, expect to see a series of announcements from more
leading and cloud and hosting providers continuing to grow their managed
security services portfolio based on Alert Logic solutions.
###
Thanks again to Urvish Vashi, VP of Marketing from Alert Logic, for taking time out to speak with VMblog.