Using Alert Logic Intelligent Response, you can take automated actions to secure your environment and disrupt ongoing attacks. Intelligent Response allows you to take actions such as disabling compromised users, isolating suspicious hosts, and blocking external attackers by using existing services and devices like firewalls, directory services, and endpoint detection and response (EDR) software.
To take response action on devices only accessible from inside your network, Alert Logic uses your Alert Logic intrusion detection system (IDS) appliance. For example, to access the private management interface of a firewall, Intelligent Response will send blocking commands through a nearby appliance.
Communication between Alert Logic and the IDS appliance is secured using transport layer security (TLS) and strong, industry-standard encryption. The credentials needed to access the response device are stored encrypted at rest in Alert Logic’s managed detection and response (MDR) platform, and only transmitted to the appliance as a response action is taken.
For more information, refer to the Get Started with Automated Response documentation.