Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Alert Logic Goes After Mid-Tier

Startup gets new funding to develop the on-demand security services market

You're responsible for security in a small or mid-sized company. You don't have a staff, a hardened perimeter, or a big budget for security equipment. And even if you had the money, you don't have the time to implement and monitor sophisticated security tools. So what do you do?

If your first answer was "pray," you may want to take a look at a startup company called Alert Logic Inc. , which offers security services targeted at small and medium business. The fledgling service provider, which received $5 million in second-round venture funding earlier today, has doubled its customer base in the last 12 months and is beginning to get some notice from both users and investors.

Alert Logic's business model is simple: Instead of asking enterprises to buy security gear and install it themselves, the startup deploys its own appliances on the customer premises and then offers monitoring and analysis services to help prevent internal and external attacks. The service starts at less than $1,000 a month -- less than a tenth of what an intrusion detection system can cost.

"There is a lot of great security technology out there, but unfortunately, most of it takes a lot of time and money to deploy and maintain," observes Chris Smith, director of marketing at Alert Logic. "There needs to be something for companies that don't have those resources."

For a monthly fee, Alert Logic installs its own appliances on the customer's network and passively monitors traffic to look for anomalies, malware, or attempted connections with known trouble sites, Smith explains. If the service provider detects a problem, a security analyst will either alert the customer or actively quarantine the threat, depending on what the customer chooses.

"We have some customers that don't want us to get involved in remediation -- they just want our help with monitoring," Smith says. "In other cases, they want us to do as much as possible."

The service-based model is a good one for the mid-tier market, which is underserved by security hardware and software vendors vying to penetrate the largest accounts, observers say.

"We look for companies with a sustainable competitive advantage, as well as a motivated management team, and Alert Logic excels in both areas," says Steve Coffey, managing director of Hunt Ventures, one of the primary investors in Alert Logic's new round of funding. "By successfully delivering IT network security on the software-as-a-service model, Alert Logic is able to protect mid-size companies at a fraction of the deployment time and total cost of traditional solutions."

DFJ Mercury, OCA Ventures, and Access Venture Partners are the other three venture companies investing in Alert Logic.

Alert Logic raised a little more than $2 million in its initial round of funding nine months ago, but business has been growing quickly, from about 50 customers in 2005 to more than 100 today. About half its revenue comes from hosting companies and managed services providers, such as CyrusOne, that bundle Alert Logic's offerings in with their own as an extra service, Smith says.

While Alert Logic will continue to court service provider partners, it also is working on a service that will help mid-sized companies conduct security audits and vulnerability assessment to aid in regulatory compliance efforts, Smith says. A new, compliance-oriented service is slated to be unveiled in about two weeks.

— Tim Wilson, Site Editor, Dark Reading

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18954
PUBLISHED: 2019-11-14
Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious at...
CVE-2019-3640
PUBLISHED: 2019-11-14
Unprotected Transport of Credentials in ePO extension in McAfee Data Loss Prevention 11.x prior to 11.4.0 allows remote attackers with access to the network to collect login details to the LDAP server via the ePO extension not using a secure connection when testing LDAP connectivity.
CVE-2019-3661
PUBLISHED: 2019-11-14
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads.
CVE-2019-3662
PUBLISHED: 2019-11-14
Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to gain unintended access to files on the system via carefully constructed HTTP requests.
CVE-2019-3663
PUBLISHED: 2019-11-14
Unprotected Storage of Credentials vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows local attacker to gain access to the root password via accessing sensitive files on the system.