Combine cutting-edge XDR technology, multi-signal threat intelligence and 24/7 Elite Threat Hunters to help you build a world-class security operation.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Cyber risk and advisory programs that identify security gaps and build security strategies to address them.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
XDR with machine learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Seamless integration and threat investigation across your existing tech stack.
Proactive threat intelligence, original threat research and a world-class team of seasoned industry veterans.
Extend your team capabilities and prevent business disruption with expertise from eSentire.
We balance automated blocks with rapid human-led investigations to manage threats.
Guard endpoints by isolating and remediating threats to prevent lateral spread.
Defend brute force attacks, active intrusions and unauthorized scans.
Investigation and threat detection across multi-cloud or hybrid environments.
Remediate misconfigurations, vulnerabilities and policy violations.
Investigate and respond to compromised identities and insider threats.
Stop ransomware before it spreads.
Meet regulatory compliance mandates.
Detect and respond to zero-day exploits.
End misconfigurations and policy violations.
Defend third-party and supply chain risk.
Prevent disruption by outsourcing MDR.
Adopt a risk-based security approach.
Meet insurability requirements with MDR.
Protect your most sensitive data.
Build a proven security program.
Operationalize timely, accurate, and actionable cyber threat intelligence.
THE THREAT In recent weeks, eSentire’s Threat Response Unit (TRU) has traced numerous email account compromise cases to infrastructure hosted on several related hosting…
Dec 10, 2024THE THREATUpdate: Security patches to address this vulnerability were released by Cleo on December 12th. Organizations need to update to Cleo Harmony, VLTrader, and LexiCom versions…
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Multi-Signal MDR with 300+ technology integrations to support your existing investments.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
Three MDR package tiers are available based on per-user pricing and level of risk tolerance.
The latest security advisories, blogs, reports, industry publications and webinars published by TRU.
Compare eSentire to other Managed Detection and Response vendors to see how we stack up against the competition.
See why 2000+ organizations globally have chosen eSentire for their MDR Solution.
In April 2020, an IDC report stated that “Billions of dollars are spent on products like SIEM that do not operate efficiently because they are ingesting too much data and delivering an overwhelming number of false positives … garbage in garbage out.” Mark Gillett, director of product management, and Simon Thomas, director, EMEA channels, deliver a global perspective on the failures of legacy SIEM vs. the future-proofed success of Managed Detection and Response (MDR).
BY Mark Gillett
September 29, 2020 | 6 MINS READ
Depending on who you ask—and no matter where they live—it’s either an open secret or an obvious truth that legacy SIEM (Security Information and Event Management) hasn’t met expectations as a cybersecurity solution, let alone lived up to the hype that has surrounded it for what seems like forever.
Let’s quickly review why that’s the case and then turn to more important matters: how to achieve the desired security outcomes that once led us to consider SIEM in the first place.
The term “SIEM” itself first appeared in a 2005 Gartner Research report, capturing the amalgamation of Security Information Management (SIM) and Security Event Management (SEM)—functions which have existed in some form since the late 90s.
At inception, SIEM promised to aggregate security signals (primarily logs) and make them explorable via a single pane of glass. An admirable goal, but one that belies the complexity of the task and, rightly or wrongly, overlooks the key question of what one actually does with any insights that arise.
In pursuit of the one pane to rule them goal, SIEM platforms include a collection of aggregation, correlation, and alerting functions. For 15 LONG years a pattern has repeated:
And all the while, digital transformation means that the threat surface expands and highly motivated threat actors relentlessly innovate.
The problems endemic to SIEM platforms are well-documented and include:
To try and overcome these last two issues, SIEM vendors around the globe have claimed to augment their platforms to provide, or are being integrated with, User and Event Behavioral Analytics (UEBA) and Security Orchestration, Automation and Response (SOAR) functionality. Like SIEM, each of these is simply another tool; moreover, bolting SIEM to UEBA and/or SOAR introduces still more complexity.
Despite these shortcomings, SIEM platforms often appear as a default entry on cybersecurity shopping lists—and in 2015, SIEM was the fastest-growing security market segment. In part, this earlier popularity can be attributed to a business need to answer compliance questions: practically every regulatory compliance body has some text about log collection and review capabilities. So, many organizations decided that even though a log manager would suffice, they would go full-SIEM and grow into it over time.
Time, however, has proven this approach to be hopeful at best and Quixotic at worst: we find ourselves in the fourth and fifth generation of SIEM and still waiting for these platforms to deliver what is promised. And remember, even at its best a SIEM platform is only a piece of the detection puzzle.
Achieving a top-level business outcome—preventing and rapidly containing threats—requires considerably more. Perhaps that’s why Managed Detection and Response services are experiencing explosive growth.
In August 2020, Gartner released the fifth edition of its Market Guide for Managed Detection and Response Services.
According to the Guide, Gartner has observed “a 44 percent growth in end users’ inquiries into MDR services during the past 12 months,” and the firm anticipates that “by 2025, 50 percent of organizations will be using MDR services for threat monitoring, detection, and response functions that offer threat containment capabilities.”
The guide highlights that one driving factor behind the growth of MDR is that security leaders recognize that detecting a threat quickly is meaningless without the ability to quickly and effectively respond.
More generally, the wider IT community is accepting the painful reality that all organizations are under attack—whether opportunistic or targeted—and that the threat landscape is constantly changing.
There are a number of factors that continue to evolve that only serve to increase the burden for already overtaxed IT teams:
In the modern security environment, SIEM is but one tool of many that make up or enable a multi-layered approach. And beyond the technology toolset, organizations need to also invest in people and processes: it takes all three to build and maintain a strong security posture.
Today’s organizations—especially small and medium businesses and the channels who serve them—are turning to MDR because of its proven ability to deliver real business results. MDR is able to do so because it overcomes the problems outlined above:
And the proof is demonstrated in real world experience. In eSentire’s case, the average is 35 seconds to initiate action (respond) and 20 minutes to isolate and contain a threat.
The bottom line when it comes to SIEM is that a SIEM platform is just a technology tool (or toolkit). Some organizations will get use out of it eventually, provided they have the resources to install, build, maintain and extend the platform. But the last decade has shown quite clearly that most organizations, and especially small and medium businesses, are unable to attain the results for which they hoped.
While it’s true that the price tag for SIEM platforms has been trending downward, that really only applies to the upfront cost; the backend complexity will remain.
At eSentire, we encourage companies to take a business outcome-oriented approach to their cybersecurity needs. If your desired business outcome is wholly addressed by aggregating security events and information, then a SIEM might well be the tool you need, but experience shows that this well-defined and limited need represents only the minority of cases (and if you’re looking for regulatory compliance, then a log manager might do the trick much more cost-effectively).
In fact, we use a commercial-grade SIEM as an element within our overall enabling architecture … alongside our Atlas platform, proprietary machine learning algorithms, copious automation technologies, massive investment in people and processes, wide array of sensors, embedded agents to enable rapid response and so on.
We needed a next-gen SIEM as a piece within a larger MDR service.
Your business, we can assure you, needs the full capabilities of adaptive Managed Detection and Response to be set for now and the future.
Mark Gillett is Vice President, Product Management at eSentire. He has nearly 25 years experience in the cybersecurity industry, driving the evolution of detection, investigation, and response from the early days of SIEM to modern-day Managed Detection and Response (MDR) and Extended Detection and Response (XDR). In his current leadership role at eSentire, Mark leads the product management function for the company's core MDR services, with a specific focus on in-house developed technologies that assist in delivering those services to customers. Mark holds a Bachelor of Science degree from Laurier University in Waterloo, Canada.