What We Do
How We Do
Get Started
Data sheet / solution brief

eSentire MDR for Log


4 minutes read
Robust Multi-Cloud and Hybrid Environment Coverage
A graphic outlining key security outcomes you can expect from eSentire MDR for Log.

eSentire MDR for Log delivers critical visibility across your multi-cloud and hybrid environments without the day-to-day challenges of curating signals from various sources. MDR for Log ingests and stores logs across AWS, Microsoft 365, Azure, and your existing security controls. We aggregate meaningful and actionable intelligence from multi-signal ingestion across your network assets, endpoints, applications and cloud services to accelerate our investigations and enable complete response against cyber threats. MDR for Log satisfies your regulatory requirements such HIPAA, PCI, GDPR, etc.

We detect a multitude of attack types and techniques including but not limited to:

A table summarizing how eSentire MDR for Log ingests data from network assets, endpoints, applications and cloud services to aggregate threat intelligence, accelerate cyber threat investigation, and enable complete response.

Our Best of Breed Ecosystem of Technology Partners

Our best-of-breed MDR approach means we partner with the leading technology platforms in data analytics, log management, and cloud SIEM. We can also leverage your existing investment in bring your own license (BYOL) service scenarios.

A graphic with eSentire’s best-of-breed technology partners: Microsoft and Sumo Logic.

Detection Engineering Driven By Our Elite Threat Response Unit

Our Log Ingest Capabilities

We gather data from all sources in your environment that generate logs and prioritise high-value logs for our SOC investigations. This helps us respond to threats early in the kill chain and prevent cybercriminals from ever disrupting your business.

High-Fidelity Runbooks and Detection Engineering Driven By Our Elite Threat Response Unit

eSentire MDR for Log is powered by dynamic threat detections and high-fidelity runbooks for novel emerging threats to ensure you stay ahead of attackers. The eSentire Threat Response Unit (TRU) manages the entire detection engineering process through original research and enriched threat intelligence, mapping all detectors to the MITRE ATT&CK framework. Using these runbooks and original detections, our SOC Cyber Analysts identify malicious activity earlier and respond rapidly to threats in your environment with a 15-minute Mean Time to Contain.

Detection Engineering Spotlight: Malkara

With more employees working remotely than ever before, most organizations have VPN or similar network access mechanisms in place to facilitate remote access. The problem is, attackers who have obtained valid account credentials can leverage VPNs or network gateways as a way to “walk in the front door” of your network undetected. MITRE ATT&CK classifies this technique as T1078 – Valid Accounts and it’s typically one of the more difficult techniques to identify before it’s too late.

To take on this challenge, eSentire’s TRU developed a proprietary machine learning model code-named Malkara as part of eSentire’s MDR for Log service. The model analyzes all remote access sessions leveraging data from VPN technology and cloud IAM controls from AWS, Azure, and GCP to identify any anomalous activity and the end user who triggered the alert. eSentire SOC Cyber Analysts follow investigative runbooks to determine the validity of the event and if the activity is determined to be malicious, take action available to them to contain the threat.

Robust Hybrid Environment Coverage

A list of cloud infrastructure platforms, cloud applications, security infrastructure platforms, and tools that eSentire MDR for Log ingests to provide robust hybrid environment coverage.

As we continue expanding our log ingestion, we are building adding more runbooks for SaaS platforms and enterprise applications. When log activity from these platforms can indicate suspicious activity, we stitch together their context-free telemetry to identify similar attacker tactics in your environment.

SaaS Platforms and Security Infrastructure

Logos of SaaS platforms and security infrastructure that eSentire MDR for Log monitors to identify, contain, and remediate cyber threats.

We Do More than Managed Log - And Multi-Signal Matters

Our multi-signal approach ingests endpoint, network, log, cloud, asset and vulnerability data that enables complete attack surface visibility. Automated blocking capabilities built into our eSentire Atlas XDR Cloud Platform prevent attackers from gaining an initial foothold while our expert Elite Threat Hunters can initiate manual containment at multiple levels of the attack surface. Through the use of host isolation, malicious network communication disruption, identity-based restriction and other measures, we can stop attackers at multiple vectors and minimize the risk of business disruption.

At eSentire we recognize that the attack surface is continuously evolving and expanding. While our MDR service protects your organization from modern attackers and the vectors they target most often, we are continuously analyzing and developing new services & detections to outpace the adversaries. In our twenty year + history, we pride ourselves on the fact that no eSentire client has experienced a business disrupting breach. With 1500+ customers across 80+ countries, we don’t just claim to deliver complete response. We prove it, and are proud to earn our global reputation as the Authority in Managed Detection and Response, each and every day.

A bar chart with MDR signals and context drivers enabling eSentire to detect, investigate and respond to cyberattacks.

Ready to Get Started?

We’re here to help! Submit your information and an eSentire representative will be in touch to help you build a more resilient security operation today.