Originally posted by AWS.
Learn how eSentire amplifies elite security expertise with Anthropic’s Claude to deliver transparent, rapid threat analysis that stops attacks before they spread.
Benefits
- 90% threat analysis validation
- 99.3% of attacks stopped on the first machine
Overview
eSentire recognized an opportunity to dramatically expand what their Security Operations Center (SOC) could deliver to customers. While their Atlas Platform already provided comprehensive threat resolution, the company envisioned amplifying their elite analysts’ capabilities to deliver exponentially more expert-level investigation effort, delivering in minutes the kind of deep, nuanced analysis that previously took days, weeks or even months. Their collaboration with AWS Partner Anthropic brought this vision to life: SOC investigations now offer thorough, expert-level investigations at unprecedented scale and speed, while providing customers complete transparency into the evidence and reasoning behind every security decision. The result is a leap in managed detection and response where artificial intelligence (AI) amplifies human expertise to deliver more investigations, deeper analysis, and faster outcomes—stopping 99.3% of attacks at the first machine while giving customers unprecedented visibility into their security posture.
About eSentire
Waterloo, Ontario, based eSentire is the authority in Managed Detection and Response (MDR), protecting the vital data and applications of 2000+ organizations in 80+ countries across 35 industries from known and unknown cyber threats. Through their revolutionary Atlas Platform, they deliver agentic MDR services that provide Exposure Management, Managed Detection and Response, and Incident Response designed to build an organization’s cyber resilience and prevent business disruption. eSentire protects the world’s most targeted organizations, with 65% of its global base recognized as critical infrastructure, vital to economic health and stability.
Opportunity | Bootstrapping AI security enhancements revealed limitations in reasoning capabilities
eSentire stands out by delivering comprehensive threat resolution—detection through containment—on its Atlas Platform. Still, the company wanted to enhance “customer delight” by improving the quality and transparency of its threat management processes and outcomes. This included:
- Eliminating variability: Delivering detailed, accurate threat analysis from its most experienced Security Operations Center (SOC) experts to every customer
- Augmenting investigative transparency: Providing customers with clear, explainable reasoning behind every threat assessment and response decision to build trust via visibility into the company’s expertise
- Scaling comprehensive analysis: Ensuring nuanced threat analysis for every customer regardless of attack complexity
- Accelerating expert investigation: Delivering hours of expert investigation depth in just minutes through agentic reasoning that could dynamically select and execute the right tools for each unique threat scenario
These improvements would ultimately enable expert-grade analysis, transparent intelligence, and intuitive, scalable interactions that empower customers to confidently navigate even the most complex security events. Generative AI with advanced reasoning capabilities offered the ideal path forward.
Key obstacles to achieving these outcomes via a generative AI solution included ensuring that AI-driven investigations maintain the depth and accuracy that eSentire customers rely on for critical security decisions. They also needed to build customer trust in automated analysis while maintaining transparency in decision-making processes. Any solution had to meet the rigorous quality standards required for protecting critical infrastructure where investigation accuracy is paramount. The company wanted to preserve the nuanced analytical thinking that makes elite SOC experts effective in complex threat scenarios. Initially, one of the company’s engineers bootstrapped together a DIY solution using open-source tools, but open-source models didn’t deliver the complex reasoning required to match expert security analysts. eSentire knew they needed a partner with a powerful, comprehensive generative AI solution.
About AWS Partner Anthropic
Anthropic is an AI lab whose research and products put safety at the frontier. Anthropic is dedicated to ensuring the world safely makes the transition through transformative AI. Their multidisciplinary team creates reliable, interpretable, and steerable AI systems. Anthropic’s flagship product is Claude, a large language model that offers the best combination of speed and performance.
Solution | eSentire and Anthropic’s Claude in Amazon Bedrock: Highest performance for complex security reasoning
After evaluating multiple LLM models, eSentire determined Anthropic’s Claude Sonnet 3.5 provided the highest performance for complex security reasoning. Claude formulates investigation hypotheses based on initial threat indicators, then dynamically selects and executes appropriate tools to gather evidence. The platform evaluates these findings and adjusts investigation strategy in real-time and continues the investigation loop until reaching a confident, evidence-based decision. Using Claude, eSentire conducted rigorous validation with 1,000 real-world investigations to compare Claude’s decisions against the company’s most senior SOC experts. Results showed 95% alignment across diverse endpoint security scenarios, confirming that Claude successfully replicated expert- level investigative reasoning and decision-making.
Next, eSentire worked with Anthropic to achieve sustained and scalable state of customer delight as well as cost efficiency. Together, they developed an intuitive interface to support efficient engagement, leveraging the expanded outputs of Claude Sonnet 3.7, while preserving the ability for analysts to extend investigations based on their expertise. Claude Sonnet 4, a newly introduced hybrid reasoning model with superior intelligence for high-volume use cases, is actively being used in production.
Key innovations included interactive investigation reports that allow drill-down into evidence and reasoning chains as well as enabling expert security analysts to embed their specialized knowledge and investigative techniques directly into the agent through a natural language model optimization framework that intelligently routes different workflow components to the most cost-effective model without loss in quality. Innovations also included prompt caching and optimization to reduce operational costs while maintaining investigation quality and speed.
AWS powers eSentire’s advanced security platform through Amazon Bedrock’s orchestration of LLM interactions and automated responses, while AWS Lambda executes agentic workflows and automated actions. Amazon API Gateway ensures secure API access for Natural Language to SQL capabilities and customer integrations, complemented by AWS Identity and Access Management (IAM) fine-grained access controls for multi-tenant security operations and Amazon CloudWatch for essential performance monitoring. This robust and secure AWS foundation delivers elite-level protection, superior attack prevention, enhanced visibility, and accessible security intelligence through natural language querying for eSentire customers.
Outcome | In-real-life level SOC expertise via generative AI
This collaboration with AWS and Anthropic has enabled eSentire to achieve next-level AI capabilities. These include human expertise amplification, expert-level investigation at scale, unprecedented investigation detail, enhanced expert focus, consistent expert-quality outcomes, transparent expert decision making, and a platform so powerful it can be directly licensed to third-party service providers. This has led eSentire to hit their goal of customer delight. The company now provides customers with consistent elite-level investigations, hours of expert effort delivered in minutes, business continuity protection with 99.3% of attacks stopped at the first machine, and enhanced security assurance with transparent, outcome-driven security operations.
Generative AI has transformed how quickly eSentire can innovate and adapt to evolving threats. Development and deployment cycles have accelerated from months to days, enabling the company to respond to new attack vectors and threat intelligence with unprecedented speed. They can now bring knowledge from their security experts into the platform in a repeatable manner that doesn’t require traditional engineering effort. This makes embedding expertise into service delivery faster, a critical capability when stopping rapidly evolving threats that require immediate countermeasures. Their threat hunting team exemplifies this transformation: they can now create new tools and workflows for the entire SOC using natural language interfaces, moving from concept to production deployment in hours.
To learn how your organization can build cyber resilience and prevent business disruption with eSentire’s Next Level MDR, connect with an eSentire Security Specialist now.
GET STARTEDABOUT THE AUTHOR
eSentire
eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization’s cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world’s most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit: www.esentire.com and follow @eSentire.