A Deep, Capable Log/Threat Tool That is Bogged Down by a Clunky Interface and Complicated Config.

Pros

It definitely does what is supposed to do - capture and provide traffic and threats/intrusions as they occur. Any risk that I've had to deal with in the past couple of years has been caught by Alert Logic, not the other secondary tools I have in place as an additional means of security. The agent that we have to deploy in our AWS environment to capture all of our traffic on our AWS instances is small and unobtrusive. The reporting functionality is great - there is the automated report capability, and we can fine-tune the reports to have only certain information go to certain people - much better than having our security team dig through countless pages of data that certain people don't care about.

Cons

The UI is generally a mess. It is difficult to find what you need at times, and after 2+ years of using the tool, I still find myself lost very frequently. There is no option for Multi-Factor Authentication (to my knowledge, for all I know it may be hidden deep in the UI somewhere). This is an odd exclusion for a security tool. Instead, passwords expire very very quickly, so I feel like I'm changing my password more often for Alert Logic than any other tool that I use. It has crossed the line of secure, and become a pain. The instances that I've had to deal with support have not been all that great - some engineers are way more skilled and experienced than others, as I've wasted hours with some engineers to solve an issue that another engineer was able to solve in minutes. The documentation that I've seen is often outdated - I'd like to see that frequently updated, especially with such a clunky UI.