Published: June 2016
In This Article
- Continual Configuration & Vulnerability Visibility for AWS Workloads
- Coordinated AWS Scanning
- Agents in Dynamic AWS Environments
- Refreshed User Interface
- EC2-VPC & EC2 Classic
- Identity & Access Management (IAM)
Alert Logic® is now utilizing new features and technologies across the entire Alert Logic product line. Alert Logic Cloud Defender™ and Alert Logic Threat Manager™ now include cloud-native vulnerability and configuration management capabilities, providing a complete view of instances and exposures across both the operating system and the applications running on Amazon Web Services (AWS). Enhancements allow customers to more efficiently manage Alert Logic appliances and agents within highly dynamic AWS environments. Read on to learn more about all of the new features.
Several new enhancements have been added with the Summer 2016 release. These include:
- Cloud Defender customers using AWS have complete visibility into their AWS instance configurations, vulnerabilities, and security posture by leveraging Alert Logic Cloud Insight.
- Alert Logic Threat Manager includes improved life cycle management of agents for auto-scaling instances, more efficient communication routing across AWS availability zones, and optimization of Alert Logic security appliances deployed within AWS cloud environments.
- Customers now experience a refreshed and simplified user interface across all of our products.
All existing Cloud Defender customers now experience an updated user interface. Auto-scaling and availability zone improvements release to specific accounts with agents and appliances installed in AWS.
The Cloud Defender update does not combine products or user interfaces. The interface affects all products and presents a more modern look and feel.
If you are a Cloud Defender or Threat Manager customer with AWS assets, you can expect to receive in-portal notifications and instructions for configuring AWS cross-account role configuration upon first log-in post-update. All other customers are only presented with the improved user interface.
Cloud Defender now includes continual configuration and vulnerability assessments for applications and workloads hosted in AWS.
Cloud Defender customers with AWS accounts have an increased scope of scans, as well as an automated scanning experience, grouped and prioritized remediation, and API integration capabilities for internal scans in AWS. Customers are now able to easily manage the security posture of all EC2 instances.
Cloud Defender now includes an AWS cross-account role capability that ensures all Alert Logic initiated scans, both internal and external, are aware and coordinated. Customers can solve for both ongoing internal vulnerability scanning requirements for AWS and external scanning for PCI compliance requirements.
Existing customers using both Cloud Insight and Threat Manager/Cloud Defender, and all new Cloud Defender customers with AWS accounts, are able to use Cloud Insight scans that are automatically whitelisted with no incidents generated.
Customers with both Threat Manager and Alert Logic Cloud Insight™ should use the following scanners for PCI compliance:
- PCI DSS 11.2.1 - calls for internal quarterly scans; Cloud Insight is best for AWS assets; Threat Manager is best for on-premises and hosted assets.
- PCI DSS 11.2.2 - mandates external quarterly ASV scans, which can be done with Threat Manager PCI scans.
- PCI DSS 11.2.3 - requires internal and external scans after an significant change; Cloud Insight is best for internal scanning of AWS assets; Threat Manager external scans or Threat Manager PCI scans are best for external scanning of AWS assets and both external and internal scans of on-premises and hosted assets.
Efficient Agent/Appliance Communication
Threat Manager and Cloud Defender now include the ability to automatically assign agents to appliances within the same AWS availability zones, keeping all agent/appliance communications contained within the availability zone.
Cloud Defender and Threat Manager standalone customers with AWS accounts no longer see any unexpected charges on their AWS bill due to appliance data transfer, as Threat Manager now intelligently maps agent-to-appliance communication within its own availability zone. Agents are now assigned to the appliance within their current availability zone as a first choice if one is present, or reassigned when one is detected.
Agent Lifecycle Management Within Auto-Scaling
Threat Manager and Cloud Defender now take better advantage of auto-scaled images on AWS by dynamically scaling agents up and automatically removing agents no longer required as images are spun down.
Cloud Defender and Threat Manager standalone customers with AWS accounts can dynamically scale up and down without any stability issues from the Threat Manager appliance and without having the Alert Logic UI cluttered by offline agents. Alert Logic now deletes stale agents from the interface so that the Threat Manager appliance can remove the host from its IP address list and so the stale agent's 'protected hosts' no longer show in the Threat Manager UI.
This release includes a refreshed user interface. All Alert Logic customers accessing their services via the SaaS-based application, excluding legacy Alert Logic Log Manager™ and Threat Manager customers, are able to complete tasks within the user interface with more white space, cleaner page layouts, and easier to read fonts.
The improvements covered in this update support EC2-VPC. If a customer has both an EC2 Classic and an EC2-VPC environment they are prompted to add AWS credentials, but the described functionality will only apply to the EC2-VPC assets.
Cloud Defender customers that sign up and include an AWS asset to be protected will be prompted to add in their AWS cross-account role for that particular AWS account so that the improvements being introduced by Alert Logic will be enabled in their AWS environment by default.
A notification will display for every AWS account that doesn't have an AWS cross-account role assigned or if there is a permission error or problem with the role. For example, if a Threat Manager customer has two AWS accounts with no Cloud Insight, they will see a notification showing a '2'. If they add an AWS cross-account role to one of those and it has the right permissions, the notification task will show '1' for the remaining account.
Learn more about Cloud Defender AWS cross-account roles with our detailed documentation: Cloud Defender AWS Cross-Account Role Configuration
These enhancements better enable vulnerability management and threat detection for applications and data hosted on AWS. Leveraging our cloud-native scanning capabilities and improved user interface, these improvements solve for both key customer challenges and furthering Alert Logic's innovation in cloud security-as-a-service.