LevelBlue Threat Detection and Response for Government (LevelBlue TDR for Gov) is built on the Federal Risk and Authorization Management Program (FedRAMP)-authorized, industry-leading Unified Security Management (USM) platform. This combines multiple essential security capabilities and enables fast deployment and broad visibility across your whole network.
LevelBlue TDR for Gov has achieved FedRAMP Moderate Authority to Operate (ATO) on Amazon Web Services (AWS) GovCloud. The following table lists the feature parity and divergence between USM Anywhere Premium and LevelBlue TDR for Gov. Unless specified, LevelBlue TDR for Gov adheres to USM Anywhere's documentation.
| Product Capabilities | USM Anywhere Premium | LevelBlue TDR for Gov |
|---|---|---|
| Asset discovery and inventory |
|
|
| Vulnerability assessment (supports CVSS v2 and v3) |
|
|
| Intrusion detection, host IDS |
|
|
| Intrusion detection, network IDS |
|
|
| Intrusion detection, cloud IDS |
|
|
| SIEM event correlation |
|
|
| Incident response |
|
|
| Endpoint detection and response |
|
|
| Log management |
|
|
| Compliance reports |
|
|
| Email alerts |
|
|
| Integrated ticketing and alerting |
|
|
| Orchestration with security tools |
|
|
| Investigations |
|
|
| Automated incident response and forensics |
|
|
| Dark web monitoring |
|
|
| Advanced BlueApps |
|
|
| Advanced Security Notifications (through third party software services) |
|
|
| Support for higher data volumes |
|
|
| Support PCI log storage requirements |
|
|
| Threat Intelligence powered by LevelBlue Labs™ |
|
|
| Sensor deployment |
|
|
| On premises, Hyper-V |
|
|
| On premises, VMWare |
|
|
| Commercial Cloud Environments, Amazon Web Services (AWS) |
|
|
| Commercial Cloud Environments, Microsoft Azure |
|
|
| Commercial Cloud Environments, Google Cloud Platform (GCP) |
|
|
| Government Cloud Environments, AWS GovCloud |
|
|
| Government Cloud Environments, Microsoft Azure Government |
|
|
| Government Cloud Environments, GCP |
|
|
| AWS Cloud Connector |
|
|
| Reporting | Scheduled reports | Standard reports |
| Access URL | <subdomain>.alienvault.cloud | <subdomain>.gov.alienvault.us |
| Geo-IP resolution | api.geoip-enrichment.<REGION>.prod.alienvault.cloud/geo-ip/sensor |
api.geoip-enrichment.us-gov-west-1.prod-gov.gov.alienvault.us/geo-ip/sensor |
| Storage, hot (searchable) storage | 15, 30, 90, or 180 days | 90 or 180 days |
| Storage, cold storage | Unlimited | Unlimited |
| Storage, data retention | Service term | Service term |
| Customer support hours | Monday-Friday, 7AM-5PM Pacific |
Monday-Friday, 8AM-6PM Eastern (Support personnel are US citizens based in contiguous United States.) |
| Platform monitoring | 24/7 | 24/7 (US citizens / US soil) |
FAQ
What licensing tiers are available for LevelBlue TDR for Gov?
The license is only available on the USM Anywhere Premium tier due to federal guidance on 90-day data retention.
Is LevelBlue TDR for Gov available in both Amazon GovCloud US-East and US-West regions?
No. At this time, LevelBlue TDR for Gov runs in Amazon GovCloud US-West only.
What are the various levels of FedRAMP certifications?
FedRAMP is mandatory for federal agency cloud deployments and service models at the low, moderate, and high-risk impact levels. LevelBlue TDR for Gov is authorized as FedRAMP Moderate.
Is there a managed version of LevelBlue TDR for Gov?
LevelBlue TDR for Gov is the FedRAMP Moderate authorized version of USM Anywhere operating in AWS GovCloud. LevelBlue does not have a managed LevelBlue TDR for Gov offering at this time.
Can we use a current USM Central to monitor an LevelBlue TDR for Gov instance?
There are no technical limitations, but if any of the data monitored in LevelBlue TDR for Gov requires Federal Information Security Management Act (FISMA) protection (almost all of it does), the data will need to be kept in AWS GovCloud and will require a AWS GovCloud hosted USM Central (not available today).
Are there plans to develop an AWS GovCloud-hosted USM Central?
LevelBlue is currently planning to develop an AWS GovCloud-hosted USM Central.
Is there an account lockout threshold policy?
Yes. Three failed sign-in attempts are allowed before the user account is locked. The lockout time is 30 minutes.
Feedback