Blog | Sep 19, 2018

Why real-time logging, event management and SIEM services are so important

Real-time logging can play a critical part in providing valuable information and visibility across an IT environment. The value of this can only ever be realized if there is an ability to interpret the information in real-time and take immediate action in response. If there aren’t mechanisms in place to interpret and act upon the information provided by real-time logging, then there is nothing more than an increased amount of data to store and after the fact details that did not protect or prevent a breach.

Traditionally, real-time logging captures data as it happens and stores it for safe keeping. Log management provides a firehose of information that can be tapped into. In security, logs help answer more detailed questions and aid with thorough follow up investigations when something has gone wrong. They are useful when designing monitoring controls around suspect business behavior, such as account elevations or unusual logins for a user.

By placing logs in a more modern context and combining them with the power of a Managed Detection and Response (MDR) service organizations have the benefits of full threat visibility and real-time response across the entire IT environment. The ability to combine log analytics directly into ongoing real-time investigations, threat containment, and incident response activities is a powerful capability that organizations can count on to truly keep themselves safe.

Why eSentire Added Log Analytics to our Existing MDR Solution

Most MDR providers rely solely upon log data and are limited to simple alerts generated by myopic prevention technologies. esLOG, when deployed with esENDPOINT and esNETWORK, enables our analysts to go beyond alerts by empowering them with the ability to act on an organization’s behalf when a possible threat is detected. By implementing targeted, tactical host isolation or network communication disruption, threats can be contained in near real-time, mitigating the damage from attacks.

With the availability of cloud native Security Information and Event Management (SIEM) alternatives and log analytics solutions, it was the right time to expand our services, especially in technology not core to defining and creating MDR. A strong cloud data analytics partner would free us to focus on threat hunting.

The current and coming needs of our customers to have protection over local and cloud infrastructure means investing in a data platform that can we can integrate with, one that rounds out our portfolio with added high fidelity signals, expanded signal sources, shorter time to value, and rich API capabilities.

Why Sumo Logic?

Having brought to market the first managed log solution (LogSentry) more than 10 years ago, we have long recognized the role that logging plays in MDR. At our core, eSentire is a MDR company and with market evolution, we felt now was the right time to partner with a leading SIEM technology provider to further enhance our platform with enriched logging capabilities. We needed a platform in which we could make use of leading analytics and data strengths that complement ours. We found Sumo Logic to be by far the most compelling offering. Fundamental to our decision was their ease of deployment and integration into our MDR service via a rich set of APIs. We did an extensive evaluation of 10 separate technologies and in the end Sumo Logic was our clear choice technically and commercially. Sumo Logic’s ability to integrate with our MDR service, ease of log collection for on-premise and hosted applications, as well as their built-in analytics fit the model we needed to support both client compliance and discovery. This allows us to focus more of our efforts in developing IP around our data platform, machine learning and continuous Security Operations Center (SOC) improvements. Other SIEM vendors we evaluated had diluted ability to perform the quality of search and analytics.

The Opportunity for Our Partners

eSentire and its partners are now able to offer customers a platform that provides full threat visibility across modern IT environments, the benefits of a SIEM without the complexity and cost, while simplifying compliance and reporting. eSentire now provides our partners with a greater ability to integrate with market-leading cloud environments over that of other SIEM providers while dealing directly with us.

Alexander Feick

Alexander Feick

Technical Director, Security Services Architecture