What We Do
How We Do
Resources
Company
Partners
Get Started

Our SOC Team Stands Guard 24/7
So You Don’t Have To

With eSentire MDR you get SOC-as-a-Service that provides the 24/7 coverage you need to investigate and respond to threats before they impact your business. Our 24/7 Security Operations Center (SOC) Cyber Analysts are an extension of your team and will pick up the phone to provide immediate expertise, peace of mind, and hands-on assistance to remediate threats on your behalf when and where you need it.

GET STARTED

ALL-IN-ONE MANAGED DETECTION AND RESPONSE SERVICE

eSentire MDR provides advanced detection, 24/7 threat hunting, end-to-end coverage, and complete response.

LEARN MORE

BUILD OR BUY YOUR SECURITY OPERATIONS CENTER (SOC)?

See what it would cost to staff and run your own 24/7 team compared to eSentire SOC-as-a-Service.

CALCULATE YOUR COSTS

ESENTIRE SECURITY OPERATIONS CENTER (SOC) IN ACTION

Explore a real-life scenario where the eSentire SOC team worked tirelessly to stop a cyberattack.

READ NOW

ESENTIRE SECURITY OPERATIONS CENTER (SOC) PROCESS

Review the steps our SOC takes with every incident to protect you 24/7 and continuously improve your security posture.

READ NOW

Around-the-clock
Elite Protection with the eSentire SOC Team

Meet our Global SOC Team and get an inside view on how the 24/7 eSentire SOC operates to stop the most advanced cyberattacks before they disrupt your business.

Our open XDR cloud platform automatically disrupts high fidelity threats known to eSentire. This allows our 24/7 SOC, staffed with Elite Threat Hunters and experienced Cyber Analysts to focus on multi-signal investigation, threat containment and response. Backed by our industry-renowned Threat Response Unit (TRU), we offer around the clock security monitoring, unlimited threat hunting, threat disruption, containment, and unlimited incident handling and remediation.

About our SOCs

TWO SECURITY OPERATIONS CENTERS

TWO SECURITY OPERATIONS CENTERS

Waterloo,
ON, Canada

Cork,
Ireland

Additional analysts operating across the US, EMEA, and APAC.

HIGHLY CERTIFIED SOC TEAM

HIGHLY CERTIFIED SOC TEAM

Our SOC team holds advanced credentials, including SSCP, OSCP, CSAP, CISSP, Security+, Network+, Linux+, Server+, and more.

MATURE OPERATIONS

MATURE OPERATIONS

We are PCI compliant, SOC 2 and ISO27001 certified. We deliver cutting-edge SecOps capabilities, optimized staffing and workload management, quality assurance, and complete 24/7 support.

15
Minute Mean Time To Contain

Initial Response in Seconds and Containment in Minutes

The time from alert to action is critical to prevent disruption across your business. eSentire SOC-as-a-Service provides initial threat response in seconds and contains threats with a 15-minute Mean Time to Contain.

How We Do It – 24/7 SOC Coverage

When an incident hits you want a team that will pick up the phone - live - to provide expertise, peace of mind, and complete response when you need it most.

With eSentire MDR it's how we do it that makes all the difference.

24/7 SOC COVERAGE

DETECT

EVALUATE

INVESTIGATE

INFORM, RESPOND & REMEDIATE

CONTINUOUSLY IMPROVE

CLICK TO REVIEW THE ESENTIRE SOC STEPS HERE

DETECT

Detect

A SOC Analyst receives an XDR-enriched output and cross-references detection and signal properties for event validation. They conduct a comprehensive review of the metadata, including endpoint processes, file downloads, and network traffic summaries related to the event.

Next, they conduct a preliminary investigation, including the reputation check of the involved public IP. They use various tools to establish data points and assess the domains leveraging the IP for hosting purposes.

Evaluate

EVALUATE

Evaluate

The SOC Analyst then examines business-specific information (e.g., work-flow handling notations, IP notations, and common knowledge notes) to determine if there are any considerations that could influence how the investigation should be handled.

Investigate

INVESTIGATE

Investigate

The SOC Analyst will investigate to determine if the detection triggered was rule noise, a malicious attack, a suspicious incident, or initiated by a benign actor. The success of the attack is determined based on:

  • IOCs and/or IOAs for the intrusion
  • Details of the intrusion
  • Level of access the attacker achieved
  • Related malicious activity
  • Indications of lateral movement

Inform, Respond & Remediate

INFORM, RESPOND & REMEDIATE

Inform, Respond & Remediate

The SOC Analyst will determine if the incident requires customer notification, complying with the documented escalation and containment procedures for email and phone call communication. Simultaneously, our SOC team will isolate and contain the threat, and initiate threat response measures, which align with our response processes based on signal type and customer preference.

If the SOC Analyst determines there is a hands-on-keyboard attacker or ransomware attack unfolding, the analyst will engage our Incident Handling Team that is on staff for every shift. They will take command of the incident at that point, and they become the main point of contact for the customer. Our Incident Handling Team will also work cross-functionally with eSentire’s Threat Response Unit to scope the intrusion, identify threat actor activity in the environment and to ensure full remediation.

Continuously Improve

CONTINUOUSLY IMPROVE

Continuously Improve

Our SOC team collaboratively enhances your overall security posture over time and becomes an extension of your security team. We leverage insights gained from each investigation in our SOC, providing ongoing improvements in your MDR service to bolster your organization's cyber resilience.

Watch this video for more information on eSentire SOC-as-a-Service.

×
 

The eSentire SOC Team in Action

Citrix Vulnerability Case Study

In this incident our SOC Cyber Analysts on shift detected internal systems downloading malicious payloads from external sources, prompting the team to engage our customer about the activity. The malicious infrastructure was added to our global deny list and the SOC Incident Handling team was quickly engaged to provide containment and remediation recommendations, including resetting multiple compromised accounts, blocking malicious IP addresses on the firewalls, and isolating impacted systems.

The customer actioned SOC recommendations while the Incident Handling team continued their investigation where the attack source was traced to a threat actor-controlled host connected to the corporate VPN.

After containment actions were taken, the Incident Handling team joined a call with the customer. The root cause was identified as the Citrix vulnerability tracked in CVE-2023-4966, and the customer proceeded to rebuild vulnerable systems with patched software in accordance with Citrix advisories. As a continuation of the efforts, the Incident Handler requested logs and identified additional threat actor details, and searched for evidence of data exfiltration and confirmed that none was identified.

Ultimately, the actions taken by our SOC in this situation and other daily attacks ensure our 2000+ customers are protected from business disruption.

EXPAND TO READ THE FULL STORY +

We received an urgent alert about a compromise on our network due to speed of patching across our environment. eSentire’s 24/7 SOC includes incident handling expertise so we were able to partner to narrow the threat immediately, contain it in minutes, and remediate fully. The Analyst was able to demonstrate exactly how the threat actors took advantage of our network, and stayed on with us past the end of his shift to ensure we had no further questions or concerns. He showcased with confidence that no data was exfiltrated or system compromised. eSentire’s SOC is so much more than alerting. The depth of analyst knowledge, expertise and 24/7 support is truly impressive.

Chief Information Officer

Global Asset Management Firm

FINANCE INDUSTRY
A logo of Citrix featured next to an eSentire SOC-as-a-Service case study.

Citrix Vulnerability Case Study

In this incident our SOC Cyber Analysts on shift detected internal systems downloading malicious payloads from external sources, prompting the team to engage our customer about the activity. The malicious infrastructure was added to our global deny list and the SOC Incident Handling team was quickly engaged to provide containment and remediation recommendations, including resetting multiple compromised accounts, blocking malicious IP addresses on the firewalls, and isolating impacted systems.

The customer actioned SOC recommendations while the Incident Handling team continued their investigation where the attack source was traced to a threat actor-controlled host connected to the corporate VPN.

After containment actions were taken, the Incident Handling team joined a call with the customer. The root cause was identified as the Citrix vulnerability tracked in CVE-2023-4966, and the customer proceeded to rebuild vulnerable systems with patched software in accordance with Citrix advisories. As a continuation of the efforts, the Incident Handler requested logs and identified additional threat actor details, and searched for evidence of data exfiltration and confirmed that none was identified.

Ultimately, the actions taken by our SOC in this situation and other daily attacks ensure our 2000+ customers are protected from business disruption.

COLLAPSE -

Why 2000+ Companies Trust the eSentire SOC

eSentire provides a comprehensive MDR solution that is scalable for companies of any size. Their SOC is incredibly responsive and gives us near-instant insight into suspicious activity on endpoints and network assets. Of late, eSentire has been closely partnering with Microsoft, aligning well with our increased leverage of Azure resources.

Jordan F.

Director of Technology, Mid-market Company

FINANCE INDUSTRY
READ THE FULL REVIEW

eSentire excels with advanced threat detection, real-time monitoring, MDR services, customized security, 24/7 SOC, and proactive threat hunting.

David P.

Mid-Market Company

READ THE FULL REVIEW

What I like best is the collaboration that we have with eSentire to help continue to keep our environment safe. We get quick responses from our Account Manager as well as the SOC when needed. The tools are very accessible and are easy to work with to monitor our systems.

Randall K.

Network and Security Engineer

ENTERPRISE COMPANY
READ THE FULL REVIEW

I like that they are responsible for funneling the thousands of alerts through their SOC and only escalating to us when appropriate.

Verified Customer

Financial Services

READ THE FULL REVIEW

It is a complete system, the support is excellent. I like that they can isolate a resource at 2:00 AM without waking me up.

Verified Customer

Utilities

READ THE FULL REVIEW

I like the fact that we can engage at anytime throughout the day with the SOC team and they are always ready to help with whatever security issues we are facing.

Bryon S.

Enterprise Company

READ THE FULL REVIEW

What You Can Expect from eSentire’s SOC-as-a-Service

Click to view our SOC differences and the results you can expect

24/7 Live SOC Cyber Analyst Support

Unlimited Incident Handling and Threat Hunting

Advanced Certification and Training Program

Powerful Open XDR Cloud Platform Support

Industry-Leading Research and Models from TRU

OUR DIFFERENCE

24/7 Live SOC Cyber Analyst Support

YOUR RESULTS

Get immediate support and expertise from our SOC team 24/7. Speak with a live analyst who is already engaged and initiate expert-level response as an extension of your team.

OUR DIFFERENCE

Incident Handlers and Elite Threat Hunters on Every Shift

YOUR RESULTS

Remain confident that each SOC shift team is supported by senior technical experts who perform global threat sweeps and proactively hunt threats across your environment based on the latest intelligence from our Threat Response Unit (TRU).

OUR DIFFERENCE

Advanced Certification and Training Program

YOUR RESULTS

Get expert guidance from a SOC team that is highly certified and experienced. With an average tenure of 6 years and a 90%+ retention rate, our team proudly holds advanced certs including SSCP, CSAP, CISSP, Security+, Network+, Linux +, Server +, and more.

OUR DIFFERENCE

Powerful Open XDR Cloud Platform Support

YOUR RESULTS

If an orchestrated response isn’t possible, our platform equips our SOC team with the insights they need to perform deep investigation and execute manual containment, delivering a Mean Time To Contain of 15 minutes.

OUR DIFFERENCE

Industry-Leading Research and Models from TRU

YOUR RESULTS

Our SOC team is supported by top research and machine learning experts, so you benefit from improved detection, response, and timely threat advisories.

Review our SOC-as-a-Service FAQ

View Now

SOC-as-a-Service/Managed SOC FAQ

What is a SOC?

A SOC or Security Operations Center is a facility where a team of security analysts implement various tools and technologies (e.g., SIEM, XDR, Endpoint, Network) to conduct threat investigations and develop threat intelligence to hunt, investigate, and respond to cyber threats in real-time. SOC Cyber Analysts monitor your IT environment (e.g., endpoints, network, log, and cloud) for suspicious activity and are the first to investigate and respond when security threats emerge or when potentially malicious activity is detected.

What is SOC-as-a-Service/Managed SOC Services?

SOC-as-a-Service or Managed SOC services refer to outsourcing security monitoring, threat detection, and threat response to a dedicated team of security experts. Managed SOC services give organizations access to advanced security monitoring capabilities without requiring them to invest in the security tools, personnel, and operational expenses to run and manage a SOC in-house.

Why should I buy vs build my SOC?

Security leaders often underestimate the cost of building and running an internal SOC. You need to consider the up-front cost and ongoing investment involved as you weigh your options. Most organizations don’t have the resources they need to navigate today’s threat landscape on their own. Try our SOC Calculator to see what it would cost to staff and run your own 24/7 SOC team compared to eSentire MDR here.

What are the benefits of SOC-as-a-Service/Managed SOC?

A Managed SOC should provide continuous monitoring, advanced threat detection, and immediate expert response to security incidents, ensuring that threats are addressed before they impact your business. Your managed SOC provider should act as an extension of your team, providing peace of mind and hands-on assistance to remediate threats.

The benefits of SOC-as-a-Service/Managed SOC include:

  1. Enhanced Security Expertise: Skilled security professionals act as an extension of your team, specializing in threat detection, investigation, and response so you can minimize threat actor dwell time and eliminate threats before they spread through your environment.
  2. Continuous Monitoring: 24/7 monitoring and real-time threat detection ensure comprehensive protection against emerging threats.
  3. Cost-Effectiveness: Cost saving for internal staffing, training, operational expenses, security tools and threat intelligence.
  4. Rapid Incident Response: Immediate response to security incidents minimizes the impact of threats and helps prevent business disruption.
  5. Scalability: SOC-as-a-Service/Managed SOC services can protect your organization's changing security needs, providing flexibility and adaptability as your business grows.

What is the significance of initial response security for a Managed SOC service?

Initial response security is a critical aspect of a Managed SOC service as it ensures immediate threat response and quick containment to prevent business disruption. In a matter of minutes, a well-established SOC team can:

  • Isolate hosts affected with threats like malware or ransomware
  • Triage incoming security alerts and cyber threats
  • Conduct in-depth investigations of advanced cyber threats
  • Provide complete response and remediation for cyber threats before they can impact your business

See how the eSentire SOC handles security incidents to protect you 24/7 and continuously improve your security posture here.

How quickly does eSentire's 24/7 SOC respond to security incidents?

eSentire's 24/7 SOC provides initial threat response in seconds and contains threats with a 15-minute Mean Time to Contain, ensuring swift and effective action to prevent business disruption.

What experience and certifications does eSentire’s SOC-as-a-Service/Managed SOC Team have?

Our 24/7 SOC Cyber Analysts are an extension of your team. With an average tenure of 6 years and a 90%+ retention rate, our technical team proudly holds advanced certifications including SSCP, CSAP, CISSP, Security+, Network+, Linux+, Server+, and more.

What services does eSentire SOC-as-a-Service/Managed SOC include?

The eSentire Security Operations Center (SOC) offers comprehensive services that cover everything from initial triage to investigation and remediation actions. If needed, we also escalate to our Incident Handling teams, the Threat Response Unit (TRU), or our Incident Responders.

Our 24/7 SOC Cyber Analysts are an extension of your team and will pick up the phone to provide immediate expertise, peace of mind, and hands-on assistance to remediate threats on your behalf when and where you need it.

Watch this video to get an inside view on how the 24/7 eSentire SOC operates to stop the most advanced cyberattacks before they disrupt your business.

Where are eSentire's Security Operations Centers (SOCs) located?

eSentire operates two Security Operations Centers in Waterloo, ON, Canada, and Cork, Ireland, with additional analysts operating across the US, EMEA, and APAC, ensuring global coverage and support.

What does a day look like for an eSentire SOC Analyst?

No two days are the same for our SOC analysts. Our Cyber Analysts investigate enriched alerts from our Open XDR Platform and actively work to quickly determine if malicious behavior is occurring. When they do find a positive indicator, there is a sense of urgency and ownership that a customer is under threat and our analysts immediately begin response and remediation.

If one of our Cyber Analyst determines there is a hands-on-keyboard attacker or ransomware attack unfolding, the analyst will engage our Incident Handling Team, that is on staff for every shift. They will take command of the incident and ensure full remediation.

Watch this video featuring Team Leads, Cyber Analysts, and Incident Handlers to get an inside look at eSentire’s 24/7 SOCs and how we investigate enriched alerts if malicious behavior is detected.

Solving the Cybersecurity Skills Gap

We apply a six-point methodology for how we develop and retain skilled cybersecurity professionals. As a result of our global expansion, we’ve refined this process over the last decade and gained a distinct competitive advantage given the global skills shortage.

Watch this video featuring Team Leads, Cyber Analysts and Incident Handlers, that act as an extension of our customers’ teams, to get an inside look at eSentire’s 24/7 SOCs.

WATCH NOW

Establishing a SOC Talent Pipeline

Recruiting top talent for our SOC Cyber Analyst positions begins with the relationships we’ve formed with top technical institutions in the Waterloo and Cork regions. Our partnerships with local colleges, universities, municipal boards, and not-for-profit organizations help us maintain a robust pipeline of talent for our expanding security operations.

We also encourage elementary, high school, and college students to pursue careers in cybersecurity. Our leadership team is actively engaged with many educational and advisory boards, providing recommendations on information security program training.

How We Reduce Turnover and Prevent Burnout to Provide the Best SOC-as-a-Service

8-hour Shifts

We rotate three (3), 8-hour shifts per day to keep our team fresh and engaged, instead of the 12-hour industry norm.

Intelligent SOC Shift Staffing

We base our staff presence on investigative data insights and balance skills across our Cyber Analysts, Elite Threat Hunters, Threat Response Unit, and other technical experts on a 24/7 basis.

Mentorship Program

After they complete training, new SOC Analysts are paired with a senior SOC team member in a pilot/co-pilot model so they learn as productively as possible.

Encouraged PTO

We have a flexible vacation policy so our team can take the time they need to create a productive and healthy balance.

eSentire SOC Quality Assurance Measures

No matter what, we guarantee that your call will be answered live every time by a trained SOC Cyber Analyst, day or night. Plus, we perform regular audits of our service and investigations, sharing the results across our team so we can continuously improve the service we deliver.

Sample

Analysts check against a random sampling of 75-100 security events every 24 hours.

Analyze

SOC Analysts assess the quality and validity of alerts that are being sent to customers.

Audit

The SOC uses this data to audit from both a process and technology perspective, checking the alerting quality from start to finish.

Report

The data is gathered and sent to each analyst for continuous performance tracking.

Improve

The SOC is able to identify issues the team faces or address areas of improvement for additional training.

Accelerating the Efficiency of our SOC-as-a-Service

Our XDR platform disrupts high fidelity threats, recognizing malicious IOCs and IPs that can be automatically blocked and contained. That way, our SOC team and Elite Threat Hunters spend their time on higher-priority security events.

If an automated response isn't possible, our XDR platform enables the SOC Cyber Analysts to perform deep threat investigation and execute manual containment, when required, with a Mean Time to Contain of only 15 minutes.

Plus, every positive SOC Investigation fuels the Security Network Effects across our global customer base. We add 200+ malicious IOCs and IPs to our global block list daily to continue to improve customer defenses.

Continuous SOC Education and Certification

Our SOC onboarding and training process is managed by a dedicated team of learning professionals. We are committed to advancing the certifications and cyber education of our SOC Cyber Analysts.

A schematic showing eSentire’s SOC onboarding and training process, which includes the ongoing investment in cyber education and certification of SOC Cyber Analysts. The expertise of an outsourced SOC team is a key consideration when evaluating SOC-as-a-Service providers. A schematic showing eSentire’s SOC onboarding and training process, which includes the ongoing investment in cyber education and certification of SOC Cyber Analysts. The expertise of an outsourced SOC team is a key consideration when evaluating SOC-as-a-Service providers - Mobile.

Career Progression

With 100+ internal promotions in the last 12 months and multiple paths for our SOC Cyber Analysts to progress in their careers, our team develops the specific expertise needed to protect your business.

  • Sales Engineering
  • Threat Response Unit (TRU)
  • Vulnerability Management Team
  • Distinguished Security Practitioner
  • Penetration Testing

Watch this video featuring Team Leads, Cyber Analysts and Incident Handlers, that act as an extension of our customers’ teams, to get an inside look at eSentire’s 24/7 SOCs.

WATCH NOW

Cross-Functional Threat Intelligence Backing eSentire's SOC

Our SOC Team delivers comprehensive services from triage to remediation, escalating to our cross-functional threat intelligence team as needed. Upon detecting real-time malicious activity, we bring in our team of elite SOC Analysts, Incident Handlers, Threat Response Unit (TRU) to shut down the cyberattack, prevent lateral spread, and identify the attack vector to help your team reduce future risks.

Unlimited Threat Hunting with eSentire’s Threat Response Unit

TRU is foundational to our SOC service and our elite Threat Hunters are at hand every shift as part of our 24/7 unlimited threat hunting approach.

Learn More About TRU

Latest TRU Resources

We have discovered some of the most dangerous threats and nation-state attacks in our space, including the Kaseya MSP breach, the malicious more_eggs malware, and Gootloader malware attacks. Our Elite Threat Hunters also tracked the identity of VENOM SPIDER, the threat actor behind one of the most capable and stealthy malware suites—Golden Chickens.

As part of our 24/7 MDR service, you receive our latest Threat Response Unit reports and Security Advisories.

You should be protected by the best SOC in the business

Submit your information and an eSentire representative will be in touch to help you reduce your risks and build a more resilient security operation today.