D ATA S H E E T

esLOG
Critical visibility accelerating detection across modern hybrid IT environments

CLOUD, DETECT. VALIDATE. COMPLIANCE.

HYBRID, HUNT. ACCELERATE. REPORTING.
OR ON-PREMISES. PRIORITIZE. REMEDIATE. SIMPLIFICATION.

Gain critical threat Identify the most Minimize threat actor Realize the traditional
visibility that evolves elusive of threats. dwell time with rapid benefits of a SIEM
regardless of your Focus on those that response to prevent without the complexity
environment. Remove matter most. business disruption. and cost.
potentially dangerous
blind spots.

Whether your data is on-premises, in the cloud or machine learning, customized rule-sets and behavioral
somewhere in between, esLOG evolves with the analysis to make sense of expected and unexpected
requirements of your modern hybrid IT environment. events and behaviors across your environment.
This cloud-native, SIEM alternative, embedded in Proprietary threat-hunting methodology and full forensic
eSentire’s Managed Detection and Response services, investigation are performed to confirm a threat’s presence
aggregates meaningful and actionable intelligence from and determine the extent to which the threat actor has
your network assets, endpoints, applications and cloud spread. Minimizing threat actor dwell time, false positives
services. And, you can have it up and running in a fraction are eliminated and our analysts alert you to confirmed
of the time of a traditional SIEM. threats, giving you step-by-step guidance to contain
and eliminate attacks. Data visualizations, customizable
esLOG is designed to be more than a compliance and
reporting and KPIs are available, giving your team visibility
reporting tool. esLOG provides critical visibility across
to what our analysts are investigating and ensuring you
your threat landscape to eSentire Security Operations
meet the strictest of regulatory requirements.
Center (SOC) analysts who leverage big data analytics,

VISIBILITY AWS Services Database Google Compute Platform

• Microsoft SQL
Microsoft • MongoDB IT Infrastructure
esLOG handles the on- • Active Directory • MySQL
premises sources you • Azure Operating System
• Oracle
expect a traditional • O365 • Host Metrics
SIEM to cover, with the DevOps • Linux
Compliance and Security • Docker • Windows
added ability to support • Box
• Github
a collection of custom • Duo Storage
• Jenkins
applications via script. • Cylance
• Kubernetes Web Server
It also delivers an • Crowdstrike
• Apache
extensive library of • Cisco ASA
• Apache Tomcat
available integrations • Okta
• IIS
• Palo Alto
including, but not • Nginx
• Trend Micro
limited to:
• Zscalar

DATA SHEET : esLOG 1

 WHAT IS esLOG DESIGNED TO SOLVE FOR?

Improving visibility and scalability across hybrid Mapping threats to affected resources
IT environments
Performing ad hoc queries on stored data for
Reducing costly deployment, staffing and forensics
ongoing maintenance requirements
Accelerating investigation and response times
Accelerating time-to-value
Eliminating false positives
Applying advanced analytic and hunting
Prioritizing alerts
capabilities to detect known and unknown threats
Simplifying reporting
Correlating multiple events into a single incident
Addressing policy and compliance requirements

FEATURES

24x7 MONITORING WITH CRITICAL THREAT VISIBILIT Y

Cross-Platform Monitoring and Visibility • AWS Security

esLOG collects, aggregates and monitors data esLOG integrates with your AWS cloud environment
across on-premises, cloud, multi-cloud and hybrid providing SOC analysts with a comprehensive view to
platforms like AWS, Microsoft Azure, Apache, and the see who is accessing AWS and when they make
Google Cloud Platform providing our 24x7x365 SOC changes (CloudTrail), what they change (Config), where
analysts with critical visibility to threats across your this impacts network traffic and latency (VPC Flow), and
entire threat landscape. how this affects your security and compliance posture
(Inspector).
• Azure Cloud Security • Apps for Extended Log Analytics
esLOG utilizes machine learning and monitoring
esLOG extends functionality of log analytics with an
capabilities across your Azure environment for
extensive library of apps that help optimize data
real-time visibility, analysis and data visualizations.
collection for better security monitoring.
• Google Cloud Platform Security
esLOG integrates directly into your GCP
environment, providing instant insights into
potential security issues and user activity for
Google VPC, IAM, Cloud Audit and Google
App Engine.

DATA SHEET : esLOG 2

 ADVANCED DETECTION CAPABILITIES AND HUMAN -BASED THREAT
HUNTING EMPOWER RAPID INVESTIGATION AND RESPONSE

Embedded Threat Hunting and Real-time Search and Visualizations

Forensic Investigation esLOG has preconfigured and customizable searches
esLOG includes embedded threat hunting and forensic and dashboards with KPIs, giving our SOC analysts and
investigation of aggregated log data to accelerate your security team visibility into abnormal behaviors
precision that facilitates rapid response and threat illuminating what matters most.
containment.
Log Retention
Big Data Analytics esLOG retains all raw log data giving SOC analysts the
esLOG leverages the power of big data and advanced ability to correlate information with data from
analytics to end-user behavior, to detect anomalies esENDPOINT and esNETWORK to conduct thorough
(deviations from the established baseline) and to flag forensic investigations, drill down into details and assist
exceptions to identify real and potential threats. with root cause analysis on any security incident.

Machine Learning Integration False Positive Elimination

esLOG utilizes machine learning and predictive esLOG increases the velocity and accuracy of threat
analytics to make sense of expected and unexpected detection so our SOC analysts can determine what is
behavior across your environment with pattern, noise vs. true security events to ensure your team is
anomaly and outlier detection. only alerted to verified threats.

SIMPLIFIED MANAGEMENT WITH DATA VISUALIZATIONS AND REPORTING

Co-Management Simplified Compliance Management Reporting

esLOG provides a co-managed model with access esLOG ensures compliance mandates are met
to run your own advanced search queries, with centralized logging, continuous monitoring,
generate alerts, manage profiles, run reports, and and automated retention policies with various out of
investigate events alongside our SOC analysts. the box, and custom security reports that meet
regulatory requirements such as HIPAA, PCI, SEC,
Time to Value GDPR, and more.
esLOG is a pure SaaS offering that features simple-
to-deploy collectors with rich filtering capabilities
that can be up and running within minutes. It offers
access to all the latest capabilities without the need
for time-consuming, expensive deployment and
upgrades.

DATA SHEET : esLOG 3

 BENEFITS

Comprehensive 24x7x365 threat monitoring Improved post-attacks forensics

Complete threat visibility across your threat landscape Reduction of false positives

Flexibility to run your own queries, alerts, profiles, Minimizes threat actor dwell time with integrated
reports, and investigate events alongside eSentire response
analysts
Threat containment* and co-managed remediation
Removes traditional complexity and cost of a SIEM
with rapid time-to-value Unparalleled insight with visualizations and
customizable searches
Comprehensive, correlated and accurate analytics
of security events provided by eSentire’s SOC Simplified compliance management and reporting

Detection of known and unknown threats *Requires esNetwork and/or esEndpoint

HOW DOES IT WORK?

CLIENT

on-premises and cloud-based collectors

NETWORK APPLICATIONS ENDPOINTS ACTIVE IDENTITY AND CLOUD CLIENT IT /

ASSETS DIRECTORY ACCESS MANAGEMENT SECURITY TEAM

• BI-DIRECTIONAL COMMUNICATION
• ALERTS • CONTAINMENT
esNETWORK esENDPOINT esLOG

Inspection of network Inspection and recording PLATFORM

data full packet capture of all endpoint telemetry
FULLY MANAGED FULLY MANAGED CO-MANAGED

THREAT MANAGED DETECTION SECURITY

INTELLIGENCE AND RESPONSE PLATFORM OPERATIONS CENTER

Data enrichment and cross • SUSPICIOUS • FORENSIC INVESTIGATION

EVENTS • CONFIRMATION OF
correlation of logs, PCAP
and full endpoint telemetry • ANOMALIES TRUE POSITIVE
• POTENTIAL • TACTICAL THREAT
• BEHAVIORAL ANALYTICS THREATS CONTAINMENT
• MACHINE LEARNING
• BIG DATA ANALYTICS • CO-MANAGED REMEDIATION

DATA SHEET : esLOG 4

 BETTER TOGETHER: esLOG, esNETWORK AND esENDPOINT

Logs provide critical visibility that enable better TCP resets. esENDPOINT provides deep insight into
observation, orientation and decision making in disrupting processes, file changes, and more at the host level, with
the attacker kill chain. But, logs alone are limited in the the ability to isolate damaged systems or stop processes
depth of data that permits deeper investigation and in near real-time. esLOG, when deployed in combination
remediation of security incidents. In addition, log-based with esENDPOINT and esNETWORK, provides our SOC
security can delay detection of events and response analysts with a comprehensive set of enriched signals
due to lag time of inbound signals as opposed to the that eliminates blind spots in which threats can lurk.
near-instantaneous feedback of a live network stream Most Managed Detection and Response providers rely
or endpoint technology. The greater the signals and solely upon log data and are limited to simple alerts
forensic data available to analysts, the greater their generated by myopic prevention technologies. esLOG,
ability to cross-correlate information that accelerates when deployed with esENDPOINT and esNETWORK,
hunting, detection and response. enables our analysts to go beyond alerts empowering
their ability to take action on your behalf. Implementing
eSentire’s esNETWORK provides the gold standard
host isolation or network communication disruption,
for forensic data, with timestamps, full-packet capture
threats are contained in near real-time, mitigating risk
and analysis with the ability to contain threats through
to your organization.

WHY eSENTIRE?

Other Managed Security eSentire

Services Providers
Initial Deployment and Setup
Account/Role Setup
Setup/Deployment/Configuration of Collectors
Configuration of Sources
Training and Onboarding
Dashboard Setup
Ongoing Dashboard Maintenance
On-going Operations
Deployment/Setup of New Collectors and Apps
Parsing Operations
Log Collection, Management and Correlation
Writing of Search Queries Limited
Modification of Search Queries Limited
Creation of Reports
Modification of Reports
Patches, Hot fixes, and Functional Updates
Creation of Correlation Rules Limited
Modification of Correlation Rules Limited
Threat Intelligence Integration/Updates

DATA SHEET : esLOG 5

 Other Managed Security eSentire
Services Providers
Monitoring
24x7 Monitoring
Incident Investigation and Management
Threat Hunting
Forensics & Investigation
Correlation With Full Endpoint Telemetry*
Correlation With PCAP Data From The Network*
False Positive Elimination
Alerts
Tactical Threat Containment: Host*
Tactical Threat Containment: Network*
Response Plan
Remediation Guidance
Reporting
Daily Log Review For PCI
Monthly Reporting (system generated)
Creation/Maintenance of standard reports
Creation/Maintenance of customized reports
Compliance Report Creation/Updates
Report Validation and Review

*Requires esNetwork and/or esEndpoint

NEXT STEPS

Learn more about Access free

Put eSentire MDR Learn more about
eSentire Advisory cybersecurity tools
to the test eSentire MDR
Services and resources

DATA SHEET : esLOG 6

 in partnership with

About eSentire:

eSentire, Inc., the global leader in Managed Detection and Response (MDR), keeps
organizations safe from constantly evolving cyberattacks that technology alone cannot
prevent. Its 24x7 Security Operations Center (SOC), staffed by elite security analysts, hunts,
investigates and responds in real-time to known and unknown threats before they become
business disrupting events. Protecting more than $6 trillion AUM, eSentire absorbs the
complexity of cybersecurity, delivering enterprise-grade protection and the ability to comply
with growing regulatory requirements. For more information, visit www.esentire.com and
follow @eSentire.

About Sumo Logic:

Sumo Logic is the leading cloud-native, machine data analytics platform that delivers
continuous intelligence across the entire application life-cycle and stack. More than 1,600
customers around the globe rely on Sumo Logic for the analytics and insights to build, run
and secure their modern applications and cloud infrastructures. With Sumo Logic, customers
gain a service-model advantage to accelerate their shift to continuous innovation, increasing
competitive advantage, business value and growth.

Founded in 2010, Sumo Logic is a privately held company based in Redwood City, CA and is
backed by Accel Partners, DFJ, Greylock Partners, IVP, Sapphire Ventures, Sequoia Capital
and Sutter Hill Ventures. For more information, visit www.sumologic.com.