Fortra's Alert Logic MDR Reviews

We use this as an intrusion detection system (IDS). It observes and reports what is coming in our network, then sends us a report.

It has not improved our organization.

I like that it is physical hardware. With virtual, the processing can go bad and can get hung up. However, if it is physical, it's its own box. E.g., there is no noisy neighbor issue.

This product needs to mature more. While it is a good product, there are some areas where it needs work. If this is a cloud service, I shouldn't have to tell them how to develop analytics to tell me this is what is going on. They should be able to do it. Over time, their own system should be able to identify, "This is something that is a continuous thing with a particular user or company." Or, I should be able to click on it being able to "ignore" it, dropping it completely. It should be smarter than what it is, and it is not.

I would like to see it do initial scans and start capturing data, which it will truly analyze, not just be a reporting system saying, "Here is an email. Here is an email. Here is an email." Thus, I can get 5000 emails, and if you get 5000 emails in ten minutes, you have no emails because they are no good. All they are doing is filling up your inbox. If one good email comes out of those 5000, you miss it. This might be on us as far the configuration, but then this goes back to the compute side in the cloud where they should be able to identify, "We have a lot of user lockouts." 

They should be able to go into their code, making this an automated process, not manual. They should use smart technology, not just put a box together, and say, "Go get the information."

The product is not ready to be put into our AWS environment because we have SAP. We're already having some issues, not related to AWS or Alert Logic. We have our own issues it that we are trying to iron out. Since the Alert Logic hardware is not helping us anyway, moving it to the cloud as software, would not really make a difference for us. 

It is a very stable product. We have it directly connected to our Nexus 9000s in Houston and Singapore. We have it connected to 9000s in Brazil and Tokyo, as well. So, we have four of them placed around the world in our data centers. We have it set up as a SPAN port on the Nexus.

The stress is going to be average because it's connected to two different Nexus 9000s in our data centers. It has two interfaces that it talks to with one management interface, one for each Nexus. 

We put about ten or twenty percent stress on it. I don't know the specs of the box itself, but I don't expect it to be working hard because all it is doing is observing. It grabs all the data, then it sends it up to the cloud. We can do better than that. You want to send it up to the cloud to to do more compute, then send it back down. However, that is not what is happening.

Technical support is pretty decent with Alert Logic. The engineers behind the scenes, when I have called them, have been pretty good. It is all Linux, and Linux is a great system. 

This version was not easy to install. It was very complicated and took a lot of time.

Our ROI would probably be zero. We don't even use it. It sits in there. We get emails and just delete them. Around the world, we don't even use it.

I don't have purchasing power. Management said, "We are getting this product. Here it is. Put it in." There was no discussion with the engineers.

If someone one was looking at this product or similar solutions, I will tell them, "Find something else."

They have a great concept, but the product needs to mature. We don't want to be bombarded with unnecessary issues and have the real ones slip through.

We use the product on-premise.

The primary use case is security.

The quicker implementation of changes to our infrastructure from Alert Logic tell us if there are any problems.

• Easy to use, nice interface. 
• It is quick set up.

The documentation, especially with the initial setup, needs improvement.

The stability is good. We trust it fully.

Scalability seems good. This was one of the other features that we were interested in. 

We have eight different accounts and are able to implement the solution across them easily.

I go internally into the business for technical support rather than using the supplier for technical support.

It fully integrates with our AWS environment, which is brilliant.

Alert Logic integrates with all of our products, which was one of the reasons that we went for it.

We also evaluated on-premise and open source products. We went with Alert Logic because it was quicker to implement.

Try and get a demo. It is the best one products. As soon as you see it working, you will see it is very good.

We are using the cloud version.

We use it for security scanning containers on Kubernetes. We have containers running on Kubernetes, so we use it to scan for vulnerabilities.

It improves our security. Before, we didn't have anything scanning our containers. We had software scanning all the physical servers, but we had nothing to scan our containers. With Alert Logic, we can do that.

It scans correctly and quickly. For example, we had an issue where we had Bitcoin mined and sold in some of our containers, and Alert Logic was able to find it and alert us about it. Then, we were able to find out why the containers were being hacked and killed it.

I would like more data on the alert payload. It would be good to have the ability to customize the alert payload to add whatever data that we want on there. Right now, it is a bit limited.

It's stable. We've not had any issues with stability.

It is scalable. We have been adding more AWS accounts every day. We have been adding more containers, but we are not seeing any issues.

We have 240 AWS accounts. We have about 1000 containers, but we have 300 to 400 services which are running with containers on the cloud, and we are still able to continue to scale.

I have not contacted the technical support.

The security team chose the product. I wasn't involved in the process.

Give it a try. It is very useful.

The product is integrated with a product called BigPanda. It's an alerting platform, and it post alerts through SAP to BigPanda. The integration was good, but standard.

We have only used the AWS version.