The addition of cloud visibility into the Managed Detection and Response service responds to the user vulnerability to issues like phishing and data exfiltration, and presents a strong new opportunity for partners.
Cambridge ON-based eSentire, which sells its cybersecurity solutions through a SaaS model, has announced the integration of cloud sources to its eSentire Managed Detection and Response service.
“We are a leader in Gartner’s Managed Detection and Response space,” said Mark McArdle, eSentire’s CTO. “It’s based on the premise that prevention alone will not stop bad things from happening, especially since the bad guys have the first mover advantage. Managed detection and response detects unusual activities, that are the early sign of something bad. For example, if someone logs into Salesforce from Tokyo, and 10 minutes later they log into Google from Dallas, that’s a red flag. So is a lot of documents being pulled out.”
McArdle said that a service-based approach to this has enormous advantages over using a pure technology product.
“Our service leverages trained security operation centre analysts, who assess these different elements,” he said. “They look for reconnaissance, command and control activities, and weird use of bandwidth. This is especially important in the midmarket, where they don’t have the luxury of hiring people to wait for alerts at 2 am.”
McArdle said that eSentire hadn’t felt the need to add cloud visibility before now because cloud simply wasn’t an important enough consideration for their customers until fairly recently.
“We have been watching this carefully for the last few years,” he said. “Cloud adoption hadn’t been an issue until early 2016. Our clients were looking at it but were still scared of it. Now they are less concerned about basic cloud security, but there is still a major issue for them, even though some aren’t aware of it. The big cloud providers invest heavily in preventing abuse of their infrastructure. But when it comes to abuse of legitimate credentials, such as acquiring them by phishing or data exfiltration, that’s not the infrastructure provider’s problem, that’s the customer’s problem.”
Adding 360-degree visibility across the cloud to the network and endpoints the service previously covered provides the most effective way of addressing this issue, McArdle said.
“As more clients in the midmarket look to cloud-based service providers, these new challenges have emerged, but we have invested with some of the leading cloud service providers, which allows us to watch wherever things are happening,” he said. Cloud services supported include AWS IAM, Office365, Google Docs, Salesforce.com, Okta and DUO.
“The new work required for the cloud offering was providing a transport mechanism to connect with cloud services and pull the telemetry,” McArdle added. “The actual work of assessing the patterns themselves is not new, and is something we have been developing over many years. They are similar in concept to the local sources in client networks.”
eSentire has been expanding its channel beyond its original direct model over the last several years, including signing on Ingram Micro last year to handle their distribution, as they drive to getting their channel business to 50 per cent of revenues. McArdle said that for the channel in particular, adding cloud visibility is a major asset.
“This basically is a broadening of a comprehensive solution,” he said. “The channel is asked by their customers to ensure they are not abused, and this increases the likelihood of their being able to do so. It’s definitely an attractive add from a channel perspective.”
Cloud integration for eSentire Managed Detection and Response is available now.