What We Do
How we do it
Oct 18, 2021
Grief Ransomware Gang Claims 41 New Victims, Targeting Manufacturers; Municipalities; & Service Companies in U.K. & Europe
Grief Operators Earned an Estimated 8.5 Million British Pounds in Four Months Key Findings: The Grief Ransomware Gang (a rebrand of the DoppelPaymer Ransomware Group) claims to have infected 41 new victims between May 27, 2021—Oct. 1, 2021 with their ransomware.Over half the companies listed on Grief’s underground leak site are based in the U.K. and Europe. The Grief Ransomware Gang appears to…
Read More
View all Advisories →
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
Oct 12, 2021
eSentire Launches MDR with Microsoft Azure Sentinel Extending Response Capabilities Across Entire Microsoft Security Ecosystem
Waterloo, ON – Oct. 12, 2021 -- eSentire, recognized globally as the Authority in Managed Detection and Response (MDR), today announced the expansion of its award-winning MDR services with Microsoft Azure Sentinel, as part of its integration with the complete Microsoft 365 Defender and Azure Defender product suites supporting Microsoft SIEM, endpoint, identity, email and cloud security services.…
Read More
Our award-winning partner program offers financial rewards, sales and marketing tools and personalized training. Accelerate your business and grow your revenue by offering our world-class Managed Detection and Response (MDR) services.
Learn about our Partner Program
Apply today to partner with the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Blog — Sep 19, 2018

Why real-time logging, event management and SIEM services are so important

Real-time logging can play a critical part in providing valuable information and visibility across an IT environment. The value of this can only ever be realized if there is an ability to interpret the information in real-time and take immediate action in response. If there aren’t mechanisms in place to interpret and act upon the information provided by real-time logging, then there is nothing more than an increased amount of data to store and after the fact details that did not protect or prevent a breach.

Traditionally, real-time logging captures data as it happens and stores it for safe keeping. Log management provides a firehose of information that can be tapped into. In security, logs help answer more detailed questions and aid with thorough follow up investigations when something has gone wrong. They are useful when designing monitoring controls around suspect business behavior, such as account elevations or unusual logins for a user.

By placing logs in a more modern context and combining them with the power of a Managed Detection and Response (MDR) service organizations have the benefits of full threat visibility and real-time response across the entire IT environment. The ability to combine log analytics directly into ongoing real-time investigations, threat containment, and incident response activities is a powerful capability that organizations can count on to truly keep themselves safe.

Why eSentire Added Log Analytics to our Existing MDR Solution

Most MDR providers rely solely upon log data and are limited to simple alerts generated by myopic prevention technologies. esLOG, when deployed with esENDPOINT and esNETWORK, enables our analysts to go beyond alerts by empowering them with the ability to act on an organization’s behalf when a possible threat is detected. By implementing targeted, tactical host isolation or network communication disruption, threats can be contained in near real-time, mitigating the damage from attacks.

With the availability of cloud native Security Information and Event Management (SIEM) alternatives and log analytics solutions, it was the right time to expand our services, especially in technology not core to defining and creating MDR. A strong cloud data analytics partner would free us to focus on threat hunting.

The current and coming needs of our customers to have protection over local and cloud infrastructure means investing in a data platform that can we can integrate with, one that rounds out our portfolio with added high fidelity signals, expanded signal sources, shorter time to value, and rich API capabilities.

Why Sumo Logic?

Having brought to market the first managed log solution (LogSentry) more than 10 years ago, we have long recognized the role that logging plays in MDR. At our core, eSentire is a MDR company and with market evolution, we felt now was the right time to partner with a leading SIEM technology provider to further enhance our platform with enriched logging capabilities. We needed a platform in which we could make use of leading analytics and data strengths that complement ours. We found Sumo Logic to be by far the most compelling offering. Fundamental to our decision was their ease of deployment and integration into our MDR service via a rich set of APIs. We did an extensive evaluation of 10 separate technologies and in the end Sumo Logic was our clear choice technically and commercially. Sumo Logic’s ability to integrate with our MDR service, ease of log collection for on-premise and hosted applications, as well as their built-in analytics fit the model we needed to support both client compliance and discovery. This allows us to focus more of our efforts in developing IP around our data platform, machine learning and continuous Security Operations Center (SOC) improvements. Other SIEM vendors we evaluated had diluted ability to perform the quality of search and analytics.

The Opportunity for Our Partners

eSentire and its partners are now able to offer customers a platform that provides full threat visibility across modern IT environments, the benefits of a SIEM without the complexity and cost, while simplifying compliance and reporting. eSentire now provides our partners with a greater ability to integrate with market-leading cloud environments over that of other SIEM providers while dealing directly with us.

Alexander Feick
Alexander Feick Technical Director, Security Services Architecture