Omegabit's active firewalls are constantly thwarting typical (and sometimes, atypical) structured and automated attacks that are common to the Internet.  We keep up to date hourly against a database of published threats that are blocked before they ever reach the portal. That activity is logged and available for analysis by us for forensics and diagnostic purposes.  But, we typically do not report that information to the customer - that information is stored at our cloud and firewall infrastructure levels.  The exception being any logs that are on the servers themselves - customers do have direct access to (Apache, tomcat, db, etc.), and we do sometimes help provide tools like Splunk for analysis.  We also offer some exceptional monitoring and reporting options from Dynatrace, which the customer can use for deep visibility into application and runtime performance using a very rich and intuitive Web based interface and is capable of generating automated reports.   

Generally speaking, these threats are usually bots, they are numerous, and we have advanced dynamic protections in place at several levels to block theses sorts of exploits (most of which are further limited by Liferay security, anyway).  These can occur on the order of many-thousands-per-day and and are typically innocuous.  We do monitor for and react to pattern change as one indicator of potential vulnerability testing by external threat parties.  We are also able to provide advanced threat scanning and analysis for a given customer implementation.  We can accommodate specific logging and auditing requirements on a needs basis, as well as advanced features like Data Loss Protection, and Zero Day threat detection and quarantines, if desirable; these features have some practical disadvantages for typical consumer-facing apps.  But, we can enable them on demand.  

For in-Liferay workflow, which is arguably where the most risk might lie, we encourage implementing Liferay auditing, and also keeping current with fixes and patches.  We can host a central log server for a given infrastructure if the customer so desires.  And are able to assist with and accommodate those features.

Because of our Liferay optimized configurations and setup, our strong security and controls, and our experience operating Liferay's of all shapes and sizes, we are more well-equipped to maintain a secure Liferay environment and respond to threats in a way that is substantive, as compared to <any> other hosting option.  Notification is critical, but, we also take ownership of the problem:  the customer's security is our security.

Typically, what we offer OOTB is more than sufficient, except where special reporting or auditing requirements exists.  And, we are happy to understand and accommodate those requirements on a needs basis.  These are details we would typically work out during the discovery and budgeting phase of the engagement.

<more on logging facilities available>