eSentire Exec: ‘Not Every Single MDR Is Created Equal’

‘For customers, we limit their security risk, taking action faster than any other provider could even pick up the phone and try to call and tell them something’s going bump in the night,’ says eSentire’s Bob Layton.

eSentire stands apart from other managed detection and response platforms because the company quickly isolates and stops threats on its own, said Chief Channel Officer Bob Layton.

The Waterloo, Ontario-based MDR provider said it’s able to put eyes on glass within 30 to 40 seconds of detecting a security issue and can typically isolate and contain whatever is happening within nine minutes, he said. eSentire doesn’t see any competitors today that can beat the company on either how fast it responds to security incidents or how it can apply the telemetry it has ingested, he said.

“We don’t pick up the phone and call you [the MSP] or the client and say, ‘Hey, you’ve got to change this, take this offline, shut down that spam port.’ We don’t do that. There’s no time,” Layton said in a session at XChange+ 2021, hosted by CRN parent The Channel Company. “Most competitors are not even able to figure out who’s the point of contact and actually get them on the phone that fast [in nine minutes].”

[Related: ThreatLocker CEO: Thwart Ransomware With Endpoint Controls]

Layton said eSentire’s secret sauce is its Atlas extended detection and response (XDR) platform, which ingests telemetry from six different sources and tells Security Operations Center analysts exactly what to do with it. Atlas each day can take the noise associated with 3 million different automated disruptions and get it down to an action the company is able to take on its own, according to Layton.

“For customers, we limit their security risk, taking action faster than any other provider could even pick up the phone and try to call and tell them something’s going bump in the night,” Layton said. “That’s important because we’re in a day and time where you cannot keep up with security. It’s just an impossibility.”

Atlas detects known and unknown threats and can respond before any disruption occurs to the customer, Layton said, adding that vendors can’t offer true MDR if they don’t have an XDR platform as well. eSentire also has a team that does threat hunting by reverse-engineering security issues the company has encountered in the wild, according to Layton.

“Not every single MDR is created equal,” Layton said. “We’re able to ingest up to six different signals that we have optimized for our platform today. The more of those signals that we bring in, the higher the fidelity of the response.”

The management and detection pieces of MDR aren’t that interesting since both have been around for nearly 20 years, Layton said. eSentire’s big differentiator is how it responds to security issues, specifically that the company takes mitigation action on its own without having to call the MSP or the end customer, according to Layton.

There’s no way MSPs or customers could hire and train people and give them the tools needed to do MDR on their own for less money or more effectively than eSentire is able to do on their behalf, Layton said. eSentire’s technicians can either work behind the scenes or engage with the customer alongside the MSP, and the company’s MDR capabilities will enhance the MSP’s brand and reputation.

Having deep visibility into both the endpoint and network makes it easier for eSentire to determine when something has gone awry and hit the kill switch more quickly, according to Layton.

“We’re seeing people think, ‘Well, if I have endpoint, maybe I can build a lot of intelligence into it,’” Layton said. “But as far as north-south, east-west, and looking at exactly what’s happening across the environment, I don’t think you have the same telemetry.”

ReelData Technologies has been looking for a product that effectively remediates security issues because solution providers today either have to do remediation on their own or engage with a SOC, which can be very expensive, said Jeff Spalla, partner at the Hollywood, Calif.-based solution provider.

ReelData today has a co-managed MDR offering for multiple customers, but Spalla said customers could benefit from additional outside support. From remediation to incident response, Spalla said ReelData is trying to identify which MDR platform would be best for its customers.

“This is one of those areas customers can really use help with,” Spalla said.