Continuous Monitoring as a Service (CMaaS)
As a next-generation Managed Security Services Provider (MSSP 2.0), eSentire™ combines purpose-built threat management technology with 24x7x365 security analyst vigilance to help guard your corporate assets, maximize operational uptime and comply with industry regulations. Unlike typical security vendors, we acknowledge that it is all too easy to infiltrate any network from the outside. We assume you are already under attack from the inside either from the advanced threats of criminals, nation states, hactivists, and even your own staff activities that put your organization at jeopardy.
eSentire Managed Security Services are offered across five value lines: Network Interceptor to identify and mitigate active threats; Log Sentry collects and aggregates event log messages and provides compliance-based reporting; Asset Manager Protect (AMP) correlates threat intelligence and mitigation tactics, automatically distributing this information across the eSentire client base to provide real-time, threat mitigation; Continuous Vulnerability Scanner (CVS) and Continuous Penetration Tester (CPT) add scanning and patch level awareness on a frequent basis.
eSentire™ Network Interceptor identifies active threats or security incidents and mitigates these directly or through a client-specific escalation path. The Network Interceptor service includes a suite of tools that provide core security and forensic functions to the client via eSentire Security Operations Center (eSOC) information security analysts. This suite includes critical DPI-Decoder capability, Sniper IDS/IPS functionality, signature-based IDS/IPS, EXEcutioner download suspend/kill service, full packet capture and playback of TCP Archive, along with heavy user analysis and bandwidth attack identification.
eSentire™ Log Sentry provides the collection and monitoring of log events from Windows domains and other network elements, core to threat management, compliance control, incident response and security forensics. Log Sentry is delivered as two components: Log Sentry Core provides for event collection, security forensics and threat data collection; and Log Sentry Comply-Secure augments these core functions with compliance monitoring, alerting and control.
The eSentire Asset Manager Protect (AMP) is a service-based functional extension to the core Network Interceptor security service which targets the elimination of threat locations on the Internet emitting or offering malicious content. The eSentire AMP service is designed to nullify attacks directed at the financial industry, including the alternative asset management and hedge fund industry segments. As part of the eSentire AMP service, the eSentire Security Operations Service (eSOC) identifies IP address hosts that are confirmed to be sources of malicious activities or content, and submits these IP address hosts to the eSentire AMP blacklist.
IP addresses on the AMP blacklist are blocked via existing TCP reset mechanism from communicating unless specifically whitelisted by the AMP client. Whitelisting of IP addresses is done by client request made via existing eSOC communication protocols. IP addresses will never include common Internet-based services and eSentire AMP exclusively targets sources of malicious content and attacks.
Continuous Vulnerability Scanner (CVS) provides frequent in-depth perimeter and internal scanning, closing the window for malicious opportunity, load balancing remediation and reducing disruptions. With eSentire CVS, you can establish roles, and define security policies based on risk aversion, threat exposure, regulatory requirements and budget. You can then schedule scanning based on best practices, traffic patterns or your security policy without disrupting normal business. CVS includes out of the box templates which you can customize.
Continuous Penetration Tester (CPT)
Continuous Penetration Tester (CPT) provides frequent perimeter scanning to identify critical vulnerabilities that could lead to a data breach. With CPT you can test more systems with greater frequently, and discover weak trust models caused by shared credentials that are vulnerable to brute forcing and harvesting. CPT also includes verification controls to validate mitigation steps and provides a vulnerability database for best practice remediation tactics.