Robust Multi-Cloud and Hybrid Environment Coverage
eSentire MDR for Log delivers critical visibility across your multi-cloud and hybrid environments without the day-to-day challenges of curating signals from various sources. MDR for Log ingests and stores logs across AWS, Microsoft 365, Azure, and your existing security controls. We aggregate meaningful and actionable intelligence from multi-signal ingestion across your network assets, endpoints, applications and cloud services to accelerate our investigations and enable complete response against cyber threats. MDR for Log satisfies your regulatory requirements such HIPAA, PCI, GDPR, etc.
We detect a multitude of attack types and techniques including but not limited to:
- Phishing attacks
- Data exfiltration
- Insider threats
- Suspicious or unusual user behavior
- Cloud service misconfigurations
- Modular malware
- Privilege escalations and alterations
- Cryptojacking
- Suspicious VPN activity
- Defense evasion
Our Best of Breed Ecosystem of Technology Partners
Our best-of-breed MDR approach means we partner with the leading technology platforms in data analytics, log management, and cloud SIEM. We can also leverage your existing investment in bring your own license (BYOL) service scenarios.
Detection Engineering Driven By Our Elite Threat Response Unit
Our Log Ingest Capabilities
We gather data from all sources in your environment that generate logs and prioritise high-value logs for our SOC investigations. This helps us respond to threats early in the kill chain and prevent cybercriminals from ever disrupting your business.
High-Fidelity Runbooks and Detection Engineering Driven By Our Elite Threat Response Unit
eSentire MDR for Log is powered by dynamic threat detections and high-fidelity runbooks for novel emerging threats to ensure you stay ahead of attackers. The eSentire Threat Response Unit (TRU) manages the entire detection engineering process through original research and enriched threat intelligence, mapping all detectors to the MITRE ATT&CK framework. Using these runbooks and original detections, our SOC Cyber Analysts identify malicious activity earlier and respond rapidly to threats in your environment with a 15-minute Mean Time to Contain.
Detection Engineering Spotlight: Malkara
With more employees working remotely than ever before, most organizations have VPN or similar network access mechanisms in place to facilitate remote access. The problem is, attackers who have obtained valid account credentials can leverage VPNs or network gateways as a way to “walk in the front door” of your network undetected. MITRE ATT&CK classifies this technique as T1078 – Valid Accounts and it’s typically one of the more difficult techniques to identify before it’s too late.
To take on this challenge, eSentire’s TRU developed a proprietary machine learning model code-named Malkara as part of eSentire’s MDR for Log service. The model analyzes all remote access sessions leveraging data from VPN technology and cloud IAM controls from AWS, Azure, and GCP to identify any anomalous activity and the end user who triggered the alert. eSentire SOC Cyber Analysts follow investigative runbooks to determine the validity of the event and if the activity is determined to be malicious, take action available to them to contain the threat.
Robust Hybrid Environment Coverage
As we continue expanding our log ingestion, we are building adding more runbooks for SaaS platforms and enterprise applications. When log activity from these platforms can indicate suspicious activity, we stitch together their context-free telemetry to identify similar attacker tactics in your environment.
SaaS Platforms and Security Infrastructure
Features
24/7 Monitoring
Human-led investigations and correlation from expert analysts in our 2 global Security Operations Centers(SOCs) across modern enterprise environments.
Threat Detection Across Hybrid and Cloud Environments
We detect threats based on business rules, MITRE ATT&CK techniques, user behaviors, the promotion of detections from existing security tools, and more.
Machine Learning-powered Detection Engineering
Atlas XDR machine learning-powered security force multipliers that hunt and respond to elusive threats through vast amounts of data.
Cloud SIEM Implementation and Maintenance
Included configuration and ongoing maintenance services from experienced SIEM practitioners for supported Cloud SIEM technologies.
Flexible Log Consumption, Analysis and Storage Options
Focus on the data that matters the most to your business in order to maximize your investment.
Simplified Compliance Management
Satisfy and report on the logging regulatory requirements of frameworks such as HIPAA, PCI, GDPR, etc.
We Do More than Managed Log - And Multi-Signal Matters
Our multi-signal approach ingests endpoint, network, log, cloud, asset and vulnerability data that enables complete attack surface visibility. Automated blocking capabilities built into our eSentire Atlas XDR Cloud Platform prevent attackers from gaining an initial foothold while our expert Elite Threat Hunters can initiate manual containment at multiple levels of the attack surface. Through the use of host isolation, malicious network communication disruption, identity-based restriction and other measures, we can stop attackers at multiple vectors and minimize the risk of business disruption.
At eSentire we recognize that the attack surface is continuously evolving and expanding. While our MDR service protects your organization from modern attackers and the vectors they target most often, we are continuously analyzing and developing new services & detections to outpace the adversaries. In our twenty year + history, we pride ourselves on the fact that no eSentire client has experienced a business disrupting breach. With 1500+ customers across 80+ countries, we don’t just claim to deliver complete response. We prove it, and are proud to earn our global reputation as the Authority in Managed Detection and Response, each and every day.
