Alert Logic® Web Security Manager is the passive, out-of-band web application IDS, while Alert Logic Web Security Manager Premier is the inline, preventative web application firewall (WAF). They use the same technology to identify malicious requests – negative security HTTP/HTTPS signatures for known attacks based on the OWASP Top 10 and a positive security model that uses a learning engine to create policies for known, valid input. Web Security Manager Premier provides active blocking of bad requests with a log of what has been blocked, whereas Web Security Manager identifies bad requests, which are aggregated and analyzed to generate incidents triaged through the Alert Logic Security Operations Center (SOC).
Web Security Manager is deployed as a module with Alert Logic Threat Manager™ or Alert Logic Cloud Defender®, and traffic is handled via agent or span port.
Web Security Manager Premier is a standalone product that can be run in the cloud as a virtual machine or as a hardware appliance. Traffic is routed directly to the inline WAF in either a routed or reverse proxy mode.