Get Started with Alert Logic Subscriptions and Add-ons
Alert Logic Essentials, Alert Logic Professional, and Alert Logic Enterprise are subscriptions for your Alert Logic customer account. Each subscription provides different levels of vulnerability and threat management services and capabilities for your on-premise, public cloud, or hosted data centers.
Alert Logic subscription levels
Your subscription determines the level of protection you can assign for the assets in your deployments. A deployment is a defined set of assets that you want to monitor and protect. Assets can be found from your appliances, agents, hosts, and collectors from your Amazon Web Services (AWS), Microsoft Azure, and other cloud-based or physical data center environments.
During deployment creation, Alert Logic discovers the assets in your networks and allows you to select the desired subscription level for each network individually. You can use the Alert Logic console or an API to assign a subscribed level of protection to any discovered network or asset. Available levels of coverage for each asset include:
- Essentials coverage
- Professional coverage
- Enterprise coverage
Your coverage includes at least one of these subscription options. For more information about assigning coverage levels, see Get Started with Alert Logic Deployments.
An Essentials subscription provides visibility to assets and vulnerabilities across your environments through the following capabilities:
- Asset discovery
- Vulnerability scanning
- Vulnerability remediation support
- Cloud security configuration checks
- Extended Endpoint Protection
- Threat Risk Index (TRI)
- Support Services—Payment Card Industry (PCI) scanning Approved Scanning Vendor (ASV) support
Discover and visualize assets in a deployment based on a recurring discovery process for on-premise data centers, hosted environments, AWS and Azure public cloud environments, and container infrastructures.
Discover and visualize weaknesses in deployed assets and cloud configuration through internal network scans, external network scans, and PCI scans. You can prioritize the vulnerabilities to remediate based on various criteria.
Vulnerability remediation support
Alert Logic groups and prioritizes remediations based on greatest risk reduction impact (for example, proximity to internet gateways or proximity to databases). Remediations are designed to be highly actionable and drive a consistent approach to resolution.
You can use the Alert Logic console or Alert Logic APIs to mark a remediation as either completed or disposed. For more information, see Remediations.
Cloud security configuration checks
Alert Logic detects configuration changes and conducts a continuous exposure assessment, providing prioritized remediation steps.
Extended Endpoint Protection
The Extended Endpoint Protection functionality helps you control threats and manage incidents from employee workstations, points of sale, servers, and more. For more information, see About Alert Logic Extended Endpoint Protection and Get Started with Alert Logic Extended Endpoint Protection.
Threat Risk Index
The TRI groups the discovered exposures in your deployments and helps pinpoint networks with highly vulnerable assets.
Alert Logic ranks vulnerabilities based on their vulnerability scores, their proximity to the internet, and whether an active exploit for the vulnerability is in the wild. For more information, see Threat Risk Index Score Factors.
Support Services—PCI scanning ASV support
The Alert Logic Security Operations Center (SOC) helps with scheduling scans, interpreting PCI accredited scan vendor results, and working through the remediation and exception processes to reach scan PCI compliance.
A Professional subscription provides the coverage of an Essentials subscription, plus threat management capabilities that include:
- Threat visibility
- File Integrity Monitoring
- Web Log Analytics
- Log management, storage, and search
- Security incident management and response support
- Compliance readiness
Network IDS, incident detection and generation, and log collection and log analytics provide information on active threats in your environments.
File integrity monitoring
File Integrity Monitoring allows you to monitor changes to files and directories of assets in your deployments. You can configure monitoring or exclusions for specific file paths or entire directories in your Windows and Linux systems. For more information, see File Integrity Monitoring .
Web Log Analytics
Web Log Analytics is a log-based application attack detection solution that protects your web applications from common application vulnerabilities. WLA analyzes web server access logs for threats and attacks with a combination of pattern-matching signatures, and an anomaly detection and machine-learning engine. For more information, see About Alert Logic Web Log Analytics.
Log management, storage, and search
Alert Logic leverages log sources for threat detection. Logs can provide additional information and support for incident response efforts, operational support, and compliance efforts.
Alert Logic supports the following log collection methods:
- Windows event log collection
- Syslog-based log collection
- Cloud-specific API based log collection
- Flat-file log collection
Security incident management and response support
The SOC provides 24x7 support for incident triage, assessment, escalation, and response support.
The Incidents page in the Alert Logic console displays information about incidents, and how to use that information to manage and close incidents to secure your environments. For more information, see Incidents.
Professional embedded security capabilities help to meet key compliance mandates and support compliance audit processes.
Alert Logic Enterprise
An Enterprise subscription provides the coverage of the Essentials and Professional subscriptions, plus the following add-ons:
- Managed Web Application Firewall (WAF) add-on
- ActiveWatch Enterprise service add-on