Review: Protecting clouds with Cloud Defender from Alert Logic

Cloud Defender is a user-friendly tool that lets local IT staff inspect their cloud deployments to look for evidence of hidden threats or breaches. But it can also be used in a SaaS model, with the cybersecurity team at Alert Logic taking over most cloud-based cybersecurity functions.

cloud computing - data center

Compared to traditional server and client architectures, cloud computing is the new kid on the block. And while cybersecurity best practices are similar within a cloud environment, many of the vulnerabilities and specific threats that target the cloud are different. As such, even organizations with deep cybersecurity teams may need a little help when moving large chunks of their computing infrastructure to the cloud.

That is the idea behind Cloud Defender from Alert Logic. Designed from the ground up as a way to provide protection to web applications, critical data and everything else running or stored within an organization’s cloud, there is a whole sliding scale of support available. At the low end, Cloud Defender is a user-friendly tool that would enable local IT staff to inspect their cloud deployments to look for evidence of hidden threats or breaches. At the other extreme, the 200-person cybersecurity team at Alert Logic can take over most cloud-based cybersecurity functions, offering monitoring, advising and logging of events in a software as a service (SaaS) model. When used as SaaS, Alert Logic will do everything short of remediating problems.

Most organizations are probably going to want to use Cloud Defender as some combination of both SaaS security and as a tool to aid their local teams. The platform is configured for this, making all logs and information collected by the program available for at least a year to local IT staffers.

Cloud Defender works with any cloud environment, including Amazon Web Services (AWS), Microsoft Azure, Google Cloud Services, VMware and others. The test environment for this review was an AWS deployment. There is no difference in pricing based on the cloud environment. Pricing is totally based on the number of nodes being protected and the size of the logfiles being analyzed.

1 cloud defender dash John Breeden II/IDG

The main dashboard looks a lot like a traditional SIEM, only it tracks cloud deployments alongside on-prem issues, and can focus on vulnerabilities in addition to actual breaches.

When first installed, Cloud Defender begins discovering cloud assets right away. Even with a massive cloud, the discovery process should take less than an hour. Our test network was mapped in under 15 minutes.

Once deployed, Cloud Defender gets to work on reducing the attack footprint within the cloud. It does this by targeting vulnerabilities, which it collects and presents to local IT teams. It can find all manner of potential problems, such as weak encryption on logins or protecting critical assets, the existence of certain communications protocols such as FTP where they are not needed, or servers and applications that don’t have the latest patches.

To continue reading this article register now

7 hot cybersecurity trends (and 2 going cold)