Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert hunting, research and content.
Defend brute force attacks, active intrusions and unauthorized scans.
Protect assets from ransomware, trojans, rootkits and more.
Intelligence and visibility across AWS, O365, DevOps and more.
Configuration escalations, policy and posture management.
Detects malicious insider behavior leveraging Machine Learning models.
Join Tiff Cook, eSentire's Sr. Director of Incident Response and Bill…
eSentire will be participating in ILTA LegalSEC Summit.
Join eSentire as they explore how to build a comprehensive training and…
In a recent overview of 42 Managed Detection and Response (MDR) services providers, Forrester Research recognized eSentire as one of only five large companies that qualified as “proactive hunter, investigator, and responder specialists.”
In the Q4 2020 Forrester report, this select group of Managed Detection and Response services providers “brings an MDR service to clients built on a foundation of deep subject matter expertise in analytics, incident response, and threat intelligence. Proactive hypothesis-driven threat hunting methodologies curated into analytics and their use of automation makes these vendors excel.”
Within the Forrester report, they examined three other groups in addition to the MDR specialists: Managed EDR providers, Managed incident response-as-a-service (IRaaS) vendors and MSSPs adding MDR to service stack.
Forrester compared the four groups across 13 functions, one of which—extended detection and response (XDR), in particular “use of non-endpoint telemetry in MDR service”—receives special attention throughout the report due to its foundational role within MDR.
We couldn’t agree more with Forrester about the importance of XDR, and we thought it was worth helping everyone understand just why XDR is so critical to effective delivery of MDR services.
The ability of an MDR vendor to deliver an effective service is enormously dependent upon their XDR platform.
The Forrester report’s authors touch on this dependency when they note that, “The quality of MDR services depends on its ability to incorporate extended detection and response (XDR) visibility from not just EDR software, but also network analysis and visibility (NAV) tools, network traffic analysis (NTA), and analysis of security log data.”
As we explained in our recent post, What is XDR?, an XDR platform enables effective Managed Detection and Response services by:
And mature XDR capabilities just aren’t widespread: of the four vendor groups Forrester examined, only two—the “proactive hunter, investigator, and responder specialists” and the “MSSPs adding MDR to service stack”—are rated as having “high” XDR functionality.
Plus, an XDR capability isn’t something that can be built overnight, which is one reason why the Forrester report states unequivocally that, “Quality MDR vendors should already have XDR-like capabilities within their service stack.” (emphasis added)
Forrester is adamant that XDR is a required enabler of MDR, but how can a non-expert separate the wheat from the chaff to distinguish between real XDR (and MDR) expertise and the growing list of “me too” vendors who fear being left behind?
Forrester provides three recommendations.
Except for the rare vendors for whom MDR is their core competency, delivering effective Managed Detection and Response services requires a major transformation in terms of technical architecture, operational processes and business model. Needless to say, these changes are not made easily.
In Forrester’s words, “Buyers need to figure out why a vendor entered the market. The motives behind the service will shed some light on how committed the vendor is to MDR, and also reveal the strengths, weaknesses, and overall approach to their MDR offering.”
eSentire has a unique history when it comes to MDR: we invented it and it’s our complete focus.
Forrester notes that, “Many MDR vendors fail to articulate threat hunting in meaningful fashion — in terms of intent, methodology, and outcome.”
That is, these MDR vendors will use the words “threat hunting,” but in a purely cosmetic or superficial way.
Forrester continues: “Ask for details like top five threat-hunting methodologies used, how successful hunts become analytic rules, and how threat intelligence becomes a source for future threat hunts.”
Prospects who ask eSentire these questions will enjoy no shortage of information and evidence. For instance:
(and those examples really are only scratching the surface)
This is an important point and essentially boils down to: your MDR vendor should unlock new response options, not limit what you can do.
Beyond a wholehearted shout of “we agree!” we can also provide a couple of recent examples that reinforce the importance of having a rich and varied response capability:
And note also that MDR vendors shouldn’t come in and just tell you what to do—unless that’s what you’re asking of them. In every case, they should work with you to determine clearly what responsibilities each party owns.
That’s one of the wonderful things about the MDR model: if you’re just getting started with cybersecurity, then the MDR provider can take on more of the “end to end” responsibilities; if your organization’s approach to cybersecurity is very mature, then responsibilities can be divided, choosing to focus expertise where it’s most needed.
Without a comprehensive, cloud-native XDR platform with adaptive machine learning, Managed Detection and Response services can’t monitor the whole threat surface, can’t make sense of the information it ingests and can’t respond fast enough to stop skilled attackers.
At eSentire, we’re proud to be pioneers in delivering effective, efficient and scalable cybersecurity solutions; consistent with this track record, we were the first MDR vendor to introduce a cloud-native XDR platform—Atlas—and our clients are already enjoying the benefits while competitors play catch up.
Leveraging patented artificial intelligence (AI) technologies, Atlas learns across our global customer base and immediately extends response to every customer with each specific detection. This ability to rapidly learn and work at cloud scale, combined with expert human actions, stops breaches and reduces customer risk in ways unattainable by legacy security products, traditional MSSPs and other MDR providers.
eSentire is the Authority in Managed Detection and Response, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk, and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts & Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services. For more information, visit www.esentire.com and follow @eSentire.