Security and Compliance Powered by the Cloud

Founded: 2002

Headquarters: Houston, TX

Ownership: Privately held

Customers: ~1,000

Service renewal rate: 99%

Focus:Compliance & Security Powered By the Cloud

Key differentiator: Cloud model

Corporate Fact Sheet

Select Alert Logic Customers

E N E R G Y

e C O M M E R C E

H E A LT H C A R E

F I N A N C E

R E T A I L

T E C H N O L O G Y

P A R T N E R S

Security and Compliance Challenge

• IT organizations are faced with mounting pressure– Compliance regulations

• PCI DSS, SOX, HIPAA, GLBA, NCUA, FFIEC, NIST, FISMA– Continued evolution of network threats

• Alert Logic delivers cloud-based security and compliance solutions:

– Vulnerability Assessment– Intrusion Protection– Log Management– Threat monitoring & incident response services

Solving Key Problems

DELIVERED IN-CLOUD

SECURITY

Vulnerability Management

Identifying Weaknesses

B E F O R E

IntrusionProtection

IsolatingAttacks

D U R I N G

LogManagement

InvestigatingIncidents

A F T E R

• simple deployment• no capital expense• no maintenance

• easy & affordable

PCI DSSPenalties: fines, loss of credit card processing, and level 1 merchant requirements

SOX (CobiT)Penalties: fines up to $5M, up to 10 year imprisonment

Vulnerability Assessment

6.2 Identify newly discovered security vulnerabilities

11.2 Perform network vulnerability scans quarterly by an ASV

DS 5.9 Malicious Software Prevention, Detection, and Correction“put preventive, detection, and corrective measures in place (especially up-to-date security patches and virus control) across the organization to protect information systems and technology from malware (e.g., viruses, worms, spyware, spam)”

Intrusion Protection

5.1.1 Monitor zero day attacks not covered by Anti-Virus

11.4 Maintain IDS/IPS to monitor & alert personnel, keep engines up to date

DS 5.6 Security Incident Definition“clearly define and communicate the characteristics of potential security incidents so that they can be properly classified and treated by the incident and problem management process”

DS 5.10 Network Security“use security techniques and related management procedures (e.g., firewalls, security appliances, network segmentation, intrusion detection) to authorize access and control information flows from and to networks.”

Log Management

10.2 Automated audit trails

10.3 Capture audit trails

10.5 Secure logs

10.6 Review logs at least daily

10.7 Maintain logs online for 3 months

10.7 Retain audit trail for at least 1 year

DS 5.5 Security Testing, Surveillance, and Monitoring“…a logging and monitoring function will enable the early prevention and/or detection and subsequent timely reporting of unusual and/or abnormal activities that may need to be addressed.”

Compliance Requirements

Vulnerability Assessment

• Schedule ongoing internal and external vulnerability scans

• Alert Logic is an Approved Scanning Vendor (ASV) for quarterly PCI scans

• Results integrate with intrusion protection for optimum accuracy

Why Cloud?Centralized view of internal & external scan results for your entire network

Intrusion Protection

• Automatically detect thousands of incidents with built-in correlation

• Protect your network with firewall and ACL based defensive actions

• Continuously updated to identify latest threats

Why Cloud?Hosted expert system provides level of accuracy unmatched by hardware and software solutions

Optional Monitoring Services

• 24/7 threat monitoring for rapid incident response

• Integrated incident and case management

Log Management

• Collect logs from any syslog or windows source without agents

• Always-on, on-demand log storage

• Configure custom correlation rules and log alerts

Why Cloud?Non-DBMS grid computing provides 10X+ faster search and reporting performance unmatched by appliance solutions

Cloud-based Solution

Instead of Deploying This:

Deploy This:

Cloud-based managementredundant data centers, event processing and archival, analysis, reporting, compliance review and monitoring

On-premise collectionappliance based threat and vulnerability detection, log collection, compression, encryption and secure transport

Cloud Architecture

Alert Logic Case Studies

Problem• Unable to provide PCI services with appliance based solutions

Results• Introduced new security services in less than 30 days with no investment• Achieved 50% margins and dramatically increased attach rate

“I’m very impressed with Alert Logic”… “By utilizing their solutions, we are able to improve our security and compliance posture and at the same time reduce the resources that we have to dedicate to fulfill those needs.”

- Mark Moseley, Rosetta Stone

Problem• Achieve PCI compliance with limited budget

Results• Rapid Implementation • Passed PCI Audit and ensured customer confidence• IT staff remained focused on internal problems

Accolades

Five Star Rating“With no deficiencies inany tested categories and several strengths, the product was an all around superior offering which earned our Best Buy rating.”

Red Herring 100“…most innovative companies in North America…”

Hot Companies“…most successful technologies and the companies behind them…”

“We believe that this architecture and implementation has legs, the ability to scale - a true on-demand offering and the potential to be disruptive…” -

Benefit Summary

• Cloud-based solutions deliver capabilities appliances can’t match• No capital equipment to purchase and maintain• All costs included in one monthly fee

Easy to buy, deploy and use

• Identifies incidents and vulnerabilities that impact compliance• Collects, reviews, and archives log data

Enables regulatory compliance

• Helps detect and remedy threats and vulnerabilities• Makes log data available for analysis and forensics

Improves network security