We use this as an intrusion detection system (IDS). It observes and reports what is coming in our network, then sends us a report.
It has not improved our organization.
I like that it is physical hardware. With virtual, the processing can go bad and can get hung up. However, if it is physical, it's its own box. E.g., there is no noisy neighbor issue.
This product needs to mature more. While it is a good product, there are some areas where it needs work. If this is a cloud service, I shouldn't have to tell them how to develop analytics to tell me this is what is going on. They should be able to do it. Over time, their own system should be able to identify, "This is something that is a continuous thing with a particular user or company." Or, I should be able to click on it being able to "ignore" it, dropping it completely. It should be smarter than what it is, and it is not.
I would like to see it do initial scans and start capturing data, which it will truly analyze, not just be a reporting system saying, "Here is an email. Here is an email. Here is an email." Thus, I can get 5000 emails, and if you get 5000 emails in ten minutes, you have no emails because they are no good. All they are doing is filling up your inbox. If one good email comes out of those 5000, you miss it. This might be on us as far the configuration, but then this goes back to the compute side in the cloud where they should be able to identify, "We have a lot of user lockouts."
They should be able to go into their code, making this an automated process, not manual. They should use smart technology, not just put a box together, and say, "Go get the information."
The product is not ready to be put into our AWS environment because we have SAP. We're already having some issues, not related to AWS or Alert Logic. We have our own issues it that we are trying to iron out. Since the Alert Logic hardware is not helping us anyway, moving it to the cloud as software, would not really make a difference for us.
It is a very stable product. We have it directly connected to our Nexus 9000s in Houston and Singapore. We have it connected to 9000s in Brazil and Tokyo, as well. So, we have four of them placed around the world in our data centers. We have it set up as a SPAN port on the Nexus.
The stress is going to be average because it's connected to two different Nexus 9000s in our data centers. It has two interfaces that it talks to with one management interface, one for each Nexus.
We put about ten or twenty percent stress on it. I don't know the specs of the box itself, but I don't expect it to be working hard because all it is doing is observing. It grabs all the data, then it sends it up to the cloud. We can do better than that. You want to send it up to the cloud to to do more compute, then send it back down. However, that is not what is happening.
Technical support is pretty decent with Alert Logic. The engineers behind the scenes, when I have called them, have been pretty good. It is all Linux, and Linux is a great system.
This version was not easy to install. It was very complicated and took a lot of time.
Our ROI would probably be zero. We don't even use it. It sits in there. We get emails and just delete them. Around the world, we don't even use it.
I don't have purchasing power. Management said, "We are getting this product. Here it is. Put it in." There was no discussion with the engineers.
If someone one was looking at this product or similar solutions, I will tell them, "Find something else."
They have a great concept, but the product needs to mature. We don't want to be bombarded with unnecessary issues and have the real ones slip through.
We use the product on-premise.
