<img src="https://secure.leadforensics.com/69529.png" style="display:none;">
Blog  |  FAQ
esentire

eSentire Managed Detection and Response

SEE EVERYTHING MISS NOTHING ACT BEFORE IMPACT HARDEN AGAINST FUTURE ATTACKS
24x7x365 monitoring with full spectrum visibility across on-premises, cloud and hybrid IT environments Human threat hunting with machine learning-assisted detection uncovers known and never-before-seen attacks. Embedded incident response accelerates precision and speed, facilitating rapid tactical threat containment. Root cause investigation and remediation guidance defines corrective actions to harden security postures against evolving threats.

Security specific to you
Based on your business and risk management needs, you select from a spectrum of threat protection capabilities:

Rapid intrusion detection and response auto-detects and responds to known and unknown threats with:
• Real-time blocking of IOCs, signatures, and previously unseen attacks, including phishing, malware, ransomware, and botnets
• An extensive, proprietary rules library covering 40+ threat categories
• Highly-customizable rules and policies, including executable whitelists, geo-IP, and blocking access to specific sites

Log aggregation for threat hunting enables log correlation and playbook development to support and guide analysts, regardless of the network size, by:
• Aggregating and correlating log data to assist with reporting, compliance, and attack forensics
• Finding, tracking, and mapping threats to affected resources by querying, exploring, and pivoting across logs

Insider and persistent threat detection, regardless of the tools, tactics, or procedures (TTPs) used, by focusing on the few fundamental adversary behaviors:
• Automatically learns and constantly updates “normal” definitions for each host within a customer’s unique, growing, and changing environment
• Understands and ties together internal reconnaissance, collection, and exfiltration behaviors across time and the network
• Speeds investigations and provides comprehensive customer understanding with ThreatCases, contextual maps of unfolding threats

 

The eSentire Difference

Radical claims and marketing hype have created a confusing and crowded MDR marketplace. However, there is clear distinction between others vs. eSentire MDR that ultimately could mean the difference between a minor incident and a major disruption for your business. Take a closer look, then you be the judge.

 

Features

Other

MDR

eSentire

  24x7 always-on monitoring

  Visibility

Limited

  Network utilizing full PCAP

X

  Endpoint (Full telemetry)

Varies

  Log (On-premises and Cloud)

Varies

  Detection using signatures and        IoCs

  Detection of unknown leveraging patterns, behavioral analytics, machine learning and artificial intelligence

Limited

  Human Threat Hunting

Limited

  Ability to correlate endpoint, network (PCAP) and log data into investigations

X

  False Positive Reduction

Limited

  Alerts

  Alerting of suspicious behavior

X

  Network Tactical Threat Containment Performed on Client's Behalf

X

  Endpoint Tactical Threat Containment Performed on Client's Behalf

Varies

  Response plan for particular            incident

Limited

  Remediation Guidance

  Remediation verification

X

 

Full Spectrum Visibility

These threat protection capabilities are enabled by the esENDPOINT, esNETWORK, esLOG+, and esINSIDER technologies, and include:

  • Comprehensive data sources: north/south, east/west, endpoint activity, network sensors, log aggregation, netflow, DNS, proxy
  • Complete asset coverage: cloud, on-premises, and hybrid environments
  • Extensive human support: 24/7/365 SOC and advanced threat hunting

 

Features

 

Managed by 24x7x365 Operation Centers

Detects, isolates and responds to attacks in real-time with always-on service monitored by SOCs in North America and Europe.

 

Uncompromised Visibility

 

Log: Collects, aggregates and monitors data across on-premises, cloud, multi-cloud, and hybrid platforms like AWS, Microsoft Azure, and the Google Cloud Platform.

 

Network: Always-on full traffic capture including SSL decryption to support best-in-class forensic investigations.

 

Endpoint: Continuously monitors, records, centralizes and retains activity for every endpoint in your organization.

 

Known-threat Prevention

Real-time blocking of signature-based threats, including phishing, malware and botnets using thousands of rules in 40+ threat categories.

 

Unknown Threat Detection

Advanced anomaly detection and behavioral analytics alert and assist eSentire SOC analysts in investigating, detecting and responding to never-before-seen attacks.

 

Machine Learning Integration

Machine learning makes sense of expected and unexpected behavior across your environment with pattern, anomaly and outlier detection.

 

Big Data Analytics

Leverages the power of big data and advanced analytics to end-user behavior, to detect anomalies (deviations from the established baseline) and to flag exceptions to identify real and potential threats.

 

Embedded Threat Hunting and Forensic Investigation

Embedded threat hunting and forensic investigation accelerates precision and speed, facilitating rapid response and threat containment.

 

Tactical Threat Containment

Locks down and isolates compromised endpoints and disrupts malicious network traffic to prevent the spread of attacks.

 

Global Threat Intelligence Integration

Up-to-the-minute threat protection from multiple world renowned threat intelligence feeds.

 

Simplified Compliance Management and Reporting

Ensures compliance mandates are met with continuous monitoring, portal visualizations and automated retention policies with various out of the box, and custom security reports that meet regulatory requirements such as HIPAA, PCI, SEC, GDPR, and more.

 

Ready to start a conversation about managed detection and response?

    Get Free Widget

    Clients in the US & Canada

    apogee-sidebar-map-2

    Learn More