What We Do
How we do it
Resources
SECURITY ADVISORIES
May 11, 2022
CVE-2022-26923 - Active Directory Domain Services Elevation of Privilege Vulnerability
THE THREAT Microsoft has disclosed a new vulnerability impacting Active Directory Certificate Services (ADCS) tracked as CVE-2022-26923 (Active Directory Domain Services Elevation of Privilege Vulnerability). If exploited successfully, an authenticated attacker can escalate privileges in environments where ADCS is running on the domain. eSentire is aware of technical details and tooling [2] for…
Read More
View all Advisories →
Company
ABOUT ESENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1200+ organizations in 75+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
May 17, 2022
Cybersecurity Leader eSentire Continues Its Commitment to Rigorous Security Standards Earning PCI DSS Certification
Waterloo, ON, May 17, 2022 — eSentire, the Authority in Managed Detection and Response (MDR), maintains one of the most secure and robust IT environments of any MDR provider in the industry. To that end, eSentire today announced that it has received the Payment Card Industry Data Security Standard (PCI DSS) certification, considered one of the most stringent and comprehensive payment card…
Read More
Partners
PARTNER PROGRAM
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
ECOSYSTEM PARTNER RESOURCES
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
Resources
Blog — Sep 19, 2018

Why real-time logging, event management and SIEM services are so important

Speak With A Security Expert Now

Real-time logging can play a critical part in providing valuable information and visibility across an IT environment. The value of this can only ever be realized if there is an ability to interpret the information in real-time and take immediate action in response. If there aren’t mechanisms in place to interpret and act upon the information provided by real-time logging, then there is nothing more than an increased amount of data to store and after the fact details that did not protect or prevent a breach.

Traditionally, real-time logging captures data as it happens and stores it for safe keeping. Log management provides a firehose of information that can be tapped into. In security, logs help answer more detailed questions and aid with thorough follow up investigations when something has gone wrong. They are useful when designing monitoring controls around suspect business behavior, such as account elevations or unusual logins for a user.

By placing logs in a more modern context and combining them with the power of a Managed Detection and Response (MDR) service organizations have the benefits of full threat visibility and real-time response across the entire IT environment. The ability to combine log analytics directly into ongoing real-time investigations, threat containment, and incident response activities is a powerful capability that organizations can count on to truly keep themselves safe.

Why eSentire Added Log Analytics to our Existing MDR Solution

Most MDR providers rely solely upon log data and are limited to simple alerts generated by myopic prevention technologies. esLOG, when deployed with esENDPOINT and esNETWORK, enables our analysts to go beyond alerts by empowering them with the ability to act on an organization’s behalf when a possible threat is detected. By implementing targeted, tactical host isolation or network communication disruption, threats can be contained in near real-time, mitigating the damage from attacks.

With the availability of cloud native Security Information and Event Management (SIEM) alternatives and log analytics solutions, it was the right time to expand our services, especially in technology not core to defining and creating MDR. A strong cloud data analytics partner would free us to focus on threat hunting.

The current and coming needs of our customers to have protection over local and cloud infrastructure means investing in a data platform that can we can integrate with, one that rounds out our portfolio with added high fidelity signals, expanded signal sources, shorter time to value, and rich API capabilities.

Why Sumo Logic?

Having brought to market the first managed log solution (LogSentry) more than 10 years ago, we have long recognized the role that logging plays in MDR. At our core, eSentire is a MDR company and with market evolution, we felt now was the right time to partner with a leading SIEM technology provider to further enhance our platform with enriched logging capabilities. We needed a platform in which we could make use of leading analytics and data strengths that complement ours. We found Sumo Logic to be by far the most compelling offering. Fundamental to our decision was their ease of deployment and integration into our MDR service via a rich set of APIs. We did an extensive evaluation of 10 separate technologies and in the end Sumo Logic was our clear choice technically and commercially. Sumo Logic’s ability to integrate with our MDR service, ease of log collection for on-premise and hosted applications, as well as their built-in analytics fit the model we needed to support both client compliance and discovery. This allows us to focus more of our efforts in developing IP around our data platform, machine learning and continuous Security Operations Center (SOC) improvements. Other SIEM vendors we evaluated had diluted ability to perform the quality of search and analytics.

The Opportunity for Our Partners

eSentire and its partners are now able to offer customers a platform that provides full threat visibility across modern IT environments, the benefits of a SIEM without the complexity and cost, while simplifying compliance and reporting. eSentire now provides our partners with a greater ability to integrate with market-leading cloud environments over that of other SIEM providers while dealing directly with us.

View Most Recent Blogs
Alexander Feick
Alexander Feick Technical Director, Security Services Architecture