Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Visibility and response across your entire Microsoft security ecosystem.
XDR with Machine Learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert threat hunting, original research, and proactive threat intelligence.
TRU is foundational to our MDR service. No add-ons or additional costs required.
Stop ransomware attacks before they disrupt your business.
Detect and respond to zero-day exploits.
Protect against third-party and supply chain risk.
Adopt a risk-based approach to cybersecurity.
Protect your most sensitive data.
Meet cybersecurity regulatory compliance mandates.
Eliminate misconfigurations and policy violations.
Prevent business disruption by outsourcing MDR.
Meet insurability requirements with MDR.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and mediating threats to prevent lateral spread.
Enhance investigation and threat detection across multi-cloud or hybrid environments.
Remediate critical misconfigurations, security vulnerabilities and policy violations across cloud and containerized environments.
Detect malicious insider and identity-based behavior leveraging machine learning models.
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company's mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
We believe a multi-signal approach is paramount to protecting your complete attack surface. See why eSentire MDR means multi-signal telemetry and complete response.
See how our 24/7 SOC Cyber Analysts and Elite Threat Hunters stop even the most advanced cyberattacks before they disrupt your business.
Choose the right mix of Managed Detection and Response, Exposure Management, and Incident Response services to strengthen your cyber resilience.
Try our interactive tools including the MITRE ATT&CK Tool, the SOC Pricing Calculator, the Cybersecurity Maturity Assessment, and our MDR ROI Calculator.
Read the latest security advisories, blogs, reports, industry publications and webinars published by eSentire's Threat Response Unit (TRU).
See why 2000+ organizations count on eSentire to build resilience and prevent business disruption.
Extended Detection and Response (XDR) has received a great deal of attention in 2020. In fact, in September Gartner awarded XDR the number one spot in their Top 9 Security and Risk Trends for 2020, to go along with third place on their Top 10 Security Projects for 2020-2021 (behind only “Securing
your remote workforce” and “Risk-based vulnerability management”).
Going back a little further, in March of this year Gartner published an Innovation Insight for Extended Detection and Response. And Gartner isn’t alone in giving attention to XDR: for instance, in June CSO Online published 10 things you should know about XDR.
All of these articles and examinations do a pretty good job of describing what XDR is—but they fall short when it comes to relating XDR to other security options like Managed Detection and Response (MDR). And that isn’t just speculation on our part: in recent months we’ve had many customers and prospects ask us what XDR is and how it fits into the broader world of cybersecurity.
The Gartner Top 10 list cited above describes XDR as, “a unified security and incident response platform that collects and correlates data from multiple proprietary components.” The description goes on to specify that, “The platform-level integration occurs at the point of deployment rather than being added in later. This consolidates multiple security products into one and may help provide better overall security outcomes.”
Gartner’s Top 9 list explains further that XDR solutions, “improve threat detection and provide an incident response capability.”
Now we know what an XDR solution does, and we can decompose the description into some required components:
Critically, XDR is intended as a platform that you as a customer would purchase and manage yourself. So, a necessary part of the “how” security outcomes are delivered falls on your team’s ability to effectively configure, manage, maintain and—ultimately—use the platform.
Based upon the accepted understanding of what an XDR does and how it does it, an XDR platform sounds a lot like a SIEM that also includes response capabilities. Indeed, there are already several examples in the market of SIEM and Security Orchestration, Automation and Response (SOAR) vendors experimenting with the XDR label to cash in on the hype.
But the history of cybersecurity is full of “the next big thing” that will finally consolidate security signals, apply automatic intelligent analysis, and trigger or enable effective responses. What makes XDR different? When you peel back the covers, the answer is “not much.” The underlying technologies have evolved since the heady days of SIEM, for instance, but many of the same potential shortcomings remain.
In fact, this pattern is familiar, because the same thing played out with SIEM:
The same problems that have plagued SIEM will also impact XDR. These include:
And of course, all of these localized problems exist against the backdrop that simply recruiting, retaining and sufficiently resourcing cybersecurity professionals is extraordinarily challenging due to a worldwide shortage of such specialists. Even a perfect XDR platform can’t solve that problem for you.
The primary difference between MDR and XDR is who is responsible for managing the security platform and delivering the detection and response.
With XDR, these functions are left to you, the customer. With MDR, the operational heavy lifting is taken care of for you by the managed security provider.
The “manage-it-myself” approach may work for Fortune 100 enterprises and other very large, very well-resourced organizations. But for everyone else—the vast majority of organizations, in fact—this strategy just won’t work. And that’s not an indictment of effort or ability, it’s simply an honest appreciation of the resourcing reality.
In contrast, with eSentire's MDR service our team—sales engineers, SOC analysts, threat hunters and others—takes on the responsibilities of installing, configuring, and managing the security solutions, as well as detecting and responding to threats.
Moreover, our experts do what technology and the vast majority of security teams (even within Fortune 100s) can't do, including hunting and investigating threats, proactively researching to develop detectors and authoring reliable runbooks to enable fast and effective response.
This managed approach is one reason why the time-to-value with MDR is so fast—often on the order of days or weeks—versus the months which is the best-case scenario for solution as complex as XDR.
At eSentire, we agree with much of what Gartner and others have to say about XDR from a functional and outcome-oriented perspective. In fact, Gartner’s description of XDR is remarkably consistent with our own Atlas platform: a "cohesive security incident and response platform," that includes "alert and incident correlation, as well as built-in automation," within "a unified whole that offers multiple streams of telemetry, presenting options for multiple forms of detection and concurrently enabling multiple methods of response."
We think of Atlas as a cloud-native XDR that applies across all our deployments, rather than being applied to only a single organization. One extremely important advantage of this approach is that Atlas has visibility into eSentire's entire customer base, for a rising tide-effect that enables proactive prevention measures to better protect each and every client before a particular threat appears in their environment. That is, we have expansive visibility into threats around the globe, whereas even the largest XDR client only has direct exposure to threats that they have encountered directly.
Plus, while Gartner and others envision XDR platforms only working with a single vendor’s proprietary security components (e.g., their endpoint agent, their log aggregator, their network probe, etc.), Atlas allows eSentire customers to choose from a growing list of security partners. This choice is just another way Atlas provides the benefits of XDR without the limitations.
Done right, and in the right organization, XDR could be an important development in cybersecurity. But “done right” and “in the right organization” are two deceptively strict qualifications.
“Done right” means that the platform actually delivers what it promises; needless to say, that will be a challenge. But even if this technical and functional challenge is met, it’s still unlikely to be enough for the vast majority of organizations because of resource limitations—and these same resource limitations are why MDR is likely a much better choice for the vast majority of organizations.
Where XDR describes technology—a collection of functionality and capabilities which Gartner believes is required to create positive security outcomes—MDR represents the synthesis of people and technology through efficient and effective processes.
In other words, where XDR provides a platform, MDR offers a solution.
eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization’s cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world’s most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit: www.esentire.com and follow @eSentire.