Comprehensive Intelligent Response
An essential element of Fortra XDR and Alert Logic MDR, Alert Logic Intelligent Response provides a flexible, scalable and integrated approach to protect your entire IT estate. Through a combination of automated response and expert guidance, Alert Logic delivers the options you need to reduce time-to-resolution for security-strapped teams before any serious damage impacts your business.
Use Cases
Align the correct use cases to the needs of your business, including:
- Isolate Host — Block incoming and outgoing network activity of an endpoint
- Disable Credentials — Block usernames and passwords from accessing the network
- Shun Attacker — Block an external IP attack by updating a rule at the network edge
User Experiences
Tailored user experiences for knowledge-gapped and sophisticated security teams.
- Simple Mode — Wizard–based GUI to enable common response outcomes
- Mobile App — Simplify and accelerate human response with Alert Logic’s mobile app
- Expert Mode — Configurable playbooks for power users
Risk Profile
Gain the right insights and context for your assets leading to the best course of action:
- Threat Intel Center — Security content insights
- Asset Groups — Classify assets with similar profiles to apply policies
- Workflow — Sequential tasks and conditions
Broad Coverage
Execute actions on security controls across your IT estate.
- Endpoint — Laptops, desktops
- Cloud — AWS, Azure, GCP
- Network — Firewall, WAF
- Identity — Active Directory, SSO
Detection Strength
Alert Logic MDR provides visibility into pre- and post-breach environments, analyzing data, and producing actionable insights to enable response actions through the use of:
- Machine Learning
- Analytics Engines
- Incident Enrichment
Level of Automation
Adopt automation at your pace with the right balance of human interaction.
- Human-Guided — Add decision points within workflow where human intuition is required
- Fully Automated — Execute workflow
Actions Taken
Blend multiple actions depending on the type of incident, criticality, and desired outcome. The actions consist of the following:
- Notify — Inform appropriate personnel
- Contain — Limit access to the compromised entity
- Eliminate — Disrupt and block access to vulnerable service
Detection Strength and Broad Coverage
Broad detection underpins any response strategy and its capabilities, requiring depth and breadth of coverage. Alert Logic detection leverages threat research and intelligence to conduct deep analysis of threats, as well as utilizing machine learning and incident enrichment to understand risk. This is coupled with coverage everywhere you operate by ingesting logs and gathering telemetry data across your entire environment (endpoint, cloud, network, and identity providers).
Embedded SOAR Capabilities
Alert Logic Intelligent Response provides you with the ability to:
- Trigger response actions including blocking, containment, and host isolation based on the type of attack and asset targeted
- Notify appropriate personnel for human decision before executing action
- Complete audit trail of all automated actions taken
You determine the appropriate response and Alert Logic makes it happen.
View Simple Mode
Balancing Automation &
Human-Guided Response
In multi-cloud environments, organizations require solutions that minimize damage of a breach with the right balance of automation and human interaction. This flexibility enables you to adopt automation at your own pace: full automation streamlines workflows to enable response actions across network, endpoints, and cloud environments while human-guided automated provides much-needed context to deliver better outcomes. Alert Logic Intelligent Response provides:
- Wizard-based workflow templates
- Timely human approval using Alert Logic’s mobile app
- Test integration points for response action