What We Do
How we do it
Resources
TRU INTELLIGENCE CENTER
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
View Threat Intelligence Resources →
SECURITY ADVISORIES
Nov 21, 2022
ProxyNotShell Exploit Released
THE THREAT eSentire is aware of public Proof-of-Concept (PoC) exploit code for the ProxyNotShell Exchange vulnerabilities (CVE-2022-41040 [CVSS:8.8], CVE-2022-41082 [CVSS:8.0]). The publication of…
Read More
View all Advisories →
Company
ABOUT ESENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1500+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
Nov 07, 2022
Global Cybersecurity Leader eSentire Partners with InfoTrust to Deliver 24/7 Multi-Signal MDR and IR Services Across Australia
Waterloo, ON and Sydney, Australia – November 9, 2022 – eSentire, Inc., the Authority in Managed Detection and Response (MDR), today announced it has expanded its presence in Australia via a strategic partnership with InfoTrust. InfoTrust is a leading specialized cybersecurity provider that combines next-generation security controls, with the InfoTrust “Connective Tissue” of customer success,…
Read More
Partners
PARTNER PROGRAM
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
ECOSYSTEM PARTNER RESOURCES
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
Data sheet / solution brief

eSentire MDR for Log

Robust Multi-Cloud and Hybrid Environment Coverage

eSentire MDR for Log delivers critical visibility across your multi-cloud and hybrid environments without the day-to-day challenges of curating signals from various sources. MDR for Log ingests and stores logs across AWS, Microsoft 365, Azure, and your existing security controls. We aggregate meaningful and actionable intelligence from multi-signal ingestion across your network assets, endpoints, applications and cloud services to accelerate our investigations and enable complete response against cyber threats. MDR for Log satisfies your regulatory requirements such HIPAA, PCI, GDPR, etc.

We detect a multitude of attack types and techniques including but not limited to:

Our Best of Breed Ecosystem of Technology Partners

Our best-of-breed MDR approach means we partner with the leading technology platforms in data analytics, log management, and cloud SIEM. We can also leverage your existing investment in bring your own license (BYOL) service scenarios.

Detection Engineering Driven By Our Elite Threat Response Unit

eSentire MDR for Log is powered by dynamic threat detections and runbooks. The eSentire Threat Response Unit (TRU) manages the entire detection engineering process through original research, and enriched threat intelligence, mapping all detectors to the MITRE ATT&CK framework. We track all security content for accuracy and efficacy after deployment, making adjustments and decommissioning as necessary for optimized operational efficiency.

Detection Engineering Spotlight: Malkara

With more employees working remotely than ever before, most organizations have VPN or similar network access mechanisms in place to facilitate remote access. The problem is, attackers who have obtained valid account credentials can leverage VPNs or network gateways as a way to “walk in the front door” of your network undetected. MITRE ATT&CK classifies this technique as T1078 – Valid Accounts and it’s typically one of the more difficult techniques to identify before it’s too late.

To take on this challenge, eSentire’s TRU developed a proprietary machine learning model code-named Malkara as part of eSentire’s MDR for Log service. The model analyzes all remote access sessions leveraging data from VPN technology and cloud IAM controls from AWS, Azure, and GCP to identify any anomalous activity and the end user who triggered the alert. eSentire SOC Cyber Analysts follow investigative runbooks to determine the validity of the event and if the activity is determined to be malicious, take action available to them to contain the threat.

Robust Hybrid Environment Coverage

We Do More than Managed Log - And Multi-Signal Matters

Our multi-signal approach ingests endpoint, network, log, cloud, asset and vulnerability data that enables complete attack surface visibility. Automated blocking capabilities built into our eSentire Atlas XDR Cloud Platform prevent attackers from gaining an initial foothold while our expert Elite Threat Hunters can initiate manual containment at multiple levels of the attack surface. Through the use of host isolation, malicious network communication disruption, identity-based restriction and other measures, we can stop attackers at multiple vectors and minimize the risk of business disruption.

At eSentire we recognize that the attack surface is continuously evolving and expanding. While our MDR service protects your organization from modern attackers and the vectors they target most often, we are continuously analyzing and developing new services & detections to outpace the adversaries. In our twenty year + history, we pride ourselves on the fact that no eSentire client has experienced a business disrupting breach. With 1500+ customers across 80+ countries, we don’t just claim to deliver complete response. We prove it, and are proud to earn our global reputation as the Authority in Managed Detection and Response, each and every day.

Download Now