Managed Detection and Response (MDR) provider eSentire has launched esLOG, a new logging and event management platform that supports real-time threat detection and response across network, endpoint, and cloud services.
Unlike a traditional cloud-based Security Information and Event Management (SIEM) product or service, esLOG augments eSentire Managed Detection and Response (eSentire MDR), providing small, midsized, and large enterprises with security log aggregation and forensics capabilities without the complexity and costs associated with traditional SIEM solutions. esLOG offers comprehensive signal ingestion, enrichment, and threat investigation across on-premises sources and leading cloud-based applications.
“Integrating esLOG into our MDR service delivers end-to-end, enterprise-grade threat visibility and protection,” said Mark McArdle, CTO of eSentire. “In addition to supporting on-premises security technologies, the continued adoption of cloud-based services requires the ability to extend MDR visibility into the cloud. Securing the cloud is mission-critical and many organizations simply don’t know where to start. Traditional SIEM services are costly and complex for businesses who struggle with limited resources. And, traditional SIEM services cannot identify — much less respond — to new threats.”
In its Predicts 2017: Cloud Security report, Gartner states that: “The security posture of major cloud providers is as good as or better than most enterprise data centers, and that security should no longer be considered a primary inhibitor to the adoption of public cloud services. However, simply moving on-premises workloads to a public cloud doesn’t automatically make these workloads more secure”1.
“Cloud service providers are in the business of protecting their business and operations from cyber-attacks, but cloud data that is accessed using phished or stolen user credentials, or exfiltrated by rogue insiders, is the liability of the individual or business, not the cloud service provider. This presents a new and risky challenge to businesses as they continue to migrate cloud workloads,” added McArdle.
esLOG core functionality includes:
- Security forensic enrichment – provides additional rich context to unusual network, cloud, and endpoint activities, ensuring the full context of an attack is investigated.
- Log management – includes the collection, aggregation and analysis of raw log data from network, cloud, endpoints, and applications, all in real-time.
- Log archiving – provides eSentire Security Operations Center (SOC) analysts the ability to conduct log forensic investigations, drill down into log details, and assist with root cause analysis on any security incident.
- Real-time alerting – signals eSentire SOC analysts of any suspicious activities and anomalies discovered from various log data in real-time.
- Log data visualizations – provides eSentire SOC analysts and clients with customizable dashboards, security visualizations, data drill-down capabilities, and root cause analysis.
- Co-management – facilitates a client’s access to run their own advanced search queries, generate alerts, manage profiles, run reports, and investigate events alongside eSentire SOC analysts.
- Five Questions You Need To Ask Yourself When Evaluating SIEM Solutions - November 8, 2017
- Winning the Data Breach War with User and Entity Behavioral Analytics - November 3, 2017
- 5 Alternatives to The Gartner Magic Quadrant for SIEM - October 31, 2017