eSentire MDR for Log

Robust Multi-Cloud and Hybrid Environment Coverage

eSentire MDR for Log delivers critical visibility across your multi-cloud and hybrid environments without the day-to-day challenges of curating signals from various sources. MDR for Log ingests and stores logs across AWS, Microsoft 365, Azure, and your existing security controls. We aggregate meaningful and actionable intelligence from multi-signal ingestion across your network assets, endpoints, applications and cloud services to accelerate our investigations and enable complete response against cyber threats. MDR for Log satisfies your regulatory requirements such HIPAA, PCI, GDPR, etc.

We detect a multitude of attack types and techniques including but not limited to:

• Phishing attacks
• Data exfiltration
• Insider threats
• Suspicious or unusual user behavior
• Cloud service misconfigurations
• Modular malware
• Privilege escalations and alterations
• Cryptojacking
• Suspicious VPN activity
• Defense evasion

Our Best of Breed Ecosystem of Technology Partners

Our best-of-breed MDR approach means we partner with the leading technology platforms in data analytics, log management, and cloud SIEM. We can also leverage your existing investment in bring your own license (BYOL) service scenarios.

Detection Engineering Driven By Our Elite Threat Response Unit

Our Log Ingest Capabilities

We gather data from all sources in your environment that generate logs and prioritise high-value logs for our SOC investigations. This helps us respond to threats early in the kill chain and prevent cybercriminals from ever disrupting your business.

High-Fidelity Runbooks and Detection Engineering Driven By Our Elite Threat Response Unit

eSentire MDR for Log is powered by dynamic threat detections and high-fidelity runbooks for novel emerging threats to ensure you stay ahead of attackers. The eSentire Threat Response Unit (TRU) manages the entire detection engineering process through original research and enriched threat intelligence, mapping all detectors to the MITRE ATT&CK framework. Using these runbooks and original detections, our SOC Cyber Analysts identify malicious activity earlier and respond rapidly to threats in your environment with a 15-minute Mean Time to Contain.

Detection Engineering Spotlight: Malkara

With more employees working remotely than ever before, most organizations have VPN or similar network access mechanisms in place to facilitate remote access. The problem is, attackers who have obtained valid account credentials can leverage VPNs or network gateways as a way to “walk in the front door” of your network undetected. MITRE ATT&CK classifies this technique as T1078 – Valid Accounts and it’s typically one of the more difficult techniques to identify before it’s too late.

To take on this challenge, eSentire’s TRU developed a proprietary machine learning model code-named Malkara as part of eSentire’s MDR for Log service. The model analyzes all remote access sessions leveraging data from VPN technology and cloud IAM controls from AWS, Azure, and GCP to identify any anomalous activity and the end user who triggered the alert. eSentire SOC Cyber Analysts follow investigative runbooks to determine the validity of the event and if the activity is determined to be malicious, take action available to them to contain the threat.

Robust Hybrid Environment Coverage

As we continue expanding our log ingestion, we are building adding more runbooks for SaaS platforms and enterprise applications. When log activity from these platforms can indicate suspicious activity, we stitch together their context-free telemetry to identify similar attacker tactics in your environment.

SaaS Platforms and Security Infrastructure

We Do More than Managed Log - And Multi-Signal Matters

Our multi-signal approach ingests endpoint, network, log, cloud, asset and vulnerability data that enables complete attack surface visibility. Automated blocking capabilities built into our eSentire Atlas XDR Cloud Platform prevent attackers from gaining an initial foothold while our expert Elite Threat Hunters can initiate manual containment at multiple levels of the attack surface. Through the use of host isolation, malicious network communication disruption, identity-based restriction and other measures, we can stop attackers at multiple vectors and minimize the risk of business disruption.

At eSentire we recognize that the attack surface is continuously evolving and expanding. While our MDR service protects your organization from modern attackers and the vectors they target most often, we are continuously analyzing and developing new services & detections to outpace the adversaries. In our twenty year + history, we pride ourselves on the fact that no eSentire client has experienced a business disrupting breach. With 1500+ customers across 80+ countries, we don’t just claim to deliver complete response. We prove it, and are proud to earn our global reputation as the Authority in Managed Detection and Response, each and every day.