What We Do
How we do it
Resources
SECURITY ADVISORIES
Jul 29, 2021
UPDATE: PetitPotam NTLM Relay Attack
THE THREAT PetitPotam is a variant of the NTLM Relay attack discovered by security researcher Gilles Lionel. It is tracked as an authentication bypass vulnerability in Active Directory (Certificate Services); currently no CVE identifier has been assigned to this vulnerability. Proof of Concept (PoC) code released last week [1] relies on the Encrypting File System Remote (EFSRPC) protocol to…
Read More
View all Advisories →
Company
ABOUT eSENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
Jul 12, 2021
Tecala and eSentire Partner to Protect Enterprises across APAC from Business-Disrupting Cyber Attacks
Sydney, 12 July, 2021 - Tecala, Australia’s award-winning technology services and IT consulting provider, today announced it has chosen eSentire, the global Authority in Managed Detection and Response (MDR) cybersecurity services, as their exclusive MDR solution provider in Australia and New Zealand. This partnership will enable Tecala to augment its cybersecurity practice and offer enterprises…
Read More
Partners
PARTNER PROGRAM
Partners
Our award-winning partner program offers financial rewards, sales and marketing tools and personalized training. Accelerate your business and grow your revenue by offering our world-class Managed Detection and Response (MDR) services.
Learn about our Partner Program
Resources
Blog — Feb 11, 2021

eSentire Atlas XDR Cloud powers
MDR leadership in Forrester Report

6 min read

In a recent overview of 42 Managed Detection and Response (MDR) services providers, Forrester Research recognized eSentire as one of only five large companies that qualified as “proactive hunter, investigator, and responder specialists.”

In the Q4 2020 Forrester report, this select group of Managed Detection and Response services providers “brings an MDR service to clients built on a foundation of deep subject matter expertise in analytics, incident response, and threat intelligence. Proactive hypothesis-driven threat hunting methodologies curated into analytics and their use of automation makes these vendors excel.”

Within the Forrester report, they examined three other groups in addition to the MDR specialists: Managed EDR providers, Managed incident response-as-a-service (IRaaS) vendors and MSSPs adding MDR to service stack.

Forrester compared the four groups across 13 functions, one of which—extended detection and response (XDR), in particular “use of non-endpoint telemetry in MDR service”—receives special attention throughout the report due to its foundational role within MDR.

We couldn’t agree more with Forrester about the importance of XDR, and we thought it was worth helping everyone understand just why XDR is so critical to effective delivery of MDR services.

What is XDR’s foundational role in MDR?

The ability of an MDR vendor to deliver an effective service is enormously dependent upon their XDR platform.

The Forrester report’s authors touch on this dependency when they note that, “The quality of MDR services depends on its ability to incorporate extended detection and response (XDR) visibility from not just EDR software, but also network analysis and visibility (NAV) tools, network traffic analysis (NTA), and analysis of security log data.”

As we explained in our recent post, What is XDR?, an XDR platform enables effective Managed Detection and Response services by:

And mature XDR capabilities just aren’t widespread: of the four vendor groups Forrester examined, only two—the “proactive hunter, investigator, and responder specialists” and the “MSSPs adding MDR to service stack”—are rated as having “high” XDR functionality.

Plus, an XDR capability isn’t something that can be built overnight, which is one reason why the Forrester report states unequivocally that, “Quality MDR vendors should already have XDR-like capabilities within their service stack.” (emphasis added)

What should you look for in an MDR vendor?

Forrester is adamant that XDR is a required enabler of MDR, but how can a non-expert separate the wheat from the chaff to distinguish between real XDR (and MDR) expertise and the growing list of “me too” vendors who fear being left behind?

Forrester provides three recommendations.

“Identify a vendor’s history and motivations for offering MDR”

Except for the rare vendors for whom MDR is their core competency, delivering effective Managed Detection and Response services requires a major transformation in terms of technical architecture, operational processes and business model. Needless to say, these changes are not made easily.

In Forrester’s words, “Buyers need to figure out why a vendor entered the market. The motives behind the service will shed some light on how committed the vendor is to MDR, and also reveal the strengths, weaknesses, and overall approach to their MDR offering.”

eSentire has a unique history when it comes to MDR: we invented it and it’s our complete focus.

“Evaluate the relationship between threat intelligence, threat hunting, and analytics”

Forrester notes that, “Many MDR vendors fail to articulate threat hunting in meaningful fashion — in terms of intent, methodology, and outcome.”

That is, these MDR vendors will use the words “threat hunting,” but in a purely cosmetic or superficial way.

Forrester continues: “Ask for details like top five threat-hunting methodologies used, how successful hunts become analytic rules, and how threat intelligence becomes a source for future threat hunts.”

Prospects who ask eSentire these questions will enjoy no shortage of information and evidence. For instance:

(and those examples really are only scratching the surface)

“Restrictions in response should come from your playbooks, not vendor APIs”

This is an important point and essentially boils down to: your MDR vendor should unlock new response options, not limit what you can do.

Beyond a wholehearted shout of “we agree!” we can also provide a couple of recent examples that reinforce the importance of having a rich and varied response capability:

And note also that MDR vendors shouldn’t come in and just tell you what to do—unless that’s what you’re asking of them. In every case, they should work with you to determine clearly what responsibilities each party owns.

That’s one of the wonderful things about the MDR model: if you’re just getting started with cybersecurity, then the MDR provider can take on more of the “end to end” responsibilities; if your organization’s approach to cybersecurity is very mature, then responsibilities can be divided, choosing to focus expertise where it’s most needed.

eSentire Atlas XDR Cloud: real XDR for the world’s leading MDR

Without a comprehensive, cloud-native XDR platform with adaptive machine learning, Managed Detection and Response services can’t monitor the whole threat surface, can’t make sense of the information it ingests and can’t respond fast enough to stop skilled attackers.

At eSentire, we’re proud to be pioneers in delivering effective, efficient and scalable cybersecurity solutions; consistent with this track record, we were the first MDR vendor to introduce a cloud-native XDR platform—Atlas—and our clients are already enjoying the benefits while competitors play catch up.

Leveraging patented artificial intelligence (AI) technologies, Atlas learns across our global customer base and immediately extends response to every customer with each specific detection. This ability to rapidly learn and work at cloud scale, combined with expert human actions, stops breaches and reduces customer risk in ways unattainable by legacy security products, traditional MSSPs and other MDR providers.

eSentire
eSentire

eSentire is the Authority in Managed Detection and Response, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk, and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts & Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services. For more information, visit www.esentire.com and follow @eSentire.