The Monitor feature offers a team of cyber security analysts watching your network.
The last and potentially most important piece of a comprehensive security program is to monitor for threat activity and new vulnerabilities in your organization. The threat monitoring solution deploys a Network Interceptor from eSentire and provides a full time 24x7x365 team of security analysts watching your organization for malicious activity. If something malicious or nefarious is discovered eSentire will take action to shut down the attack, investigate the issue and report on the activity. The monitor solution also includes a Comprehensive Vulnerability Assessment, identifying internal and external technical vulnerabilities annually.
24X7 Global Security Operations Center
- Industry-leading security analyst-to-client ratio.
- Formally trained cybersecurity analysts.
- Geographic diversity.
Advanced Forensic Investigation
- Full-packet inspection improves accuracy and speed of investigations.
- Proprietary forensic investigation and mature process ensures faster response to unknown threats.
Holistic Threat Resolution
- Complete incident response including threat containment and resolution management keep you focused on your business.
- Host lock-down and quarantine enables the immediate removal of an infected machine from the network to prevent lateral spread.
- Ad-hoc queries and non-emergency support provide expert support whenever you need it.
Smarter Real-time Detection and Prevention
- Always-on full-packet capture provides complete visibility, enabling deep investigations that lead to the right decision, in less time.
- Whitelisted executables prevents download of potentially harmful files by employees.
- Decrypted SSL traffic analysis provides a complete visibility into threats hidden inside SSL.
- Host containment enables remote removal of an infected device from the network.
- Automatic signature-based intrusion detection and prevention stops known threats in real-time.
- Zero network latency ensures that your traffic flows uninterrupted.
- IP range blocking (geo-location blacklisting) can be tailored to reduce your attack exposure.
- Whitelisting/blacklisting and custom rules and signatures support your unique security needs.
Attack Pattern & Behavior-Based
- Combines data sets such as bandwidth surges, time-of-day, geo-location reputation, unusual protocol and port scanning to flag odd or suspicious behavior.
- System log aggregation and correlation improves detection and investigation by harnessing data from other security systems and devices deployed on your network.
Continuous Vulnerability Detection
- Automatic weekly vulnerability scanning of network and systems including web applications help reduce the exploit window.
- Recommended patch upgrades and support provided to eliminate newly discovered vulnerabilities on your network.
Historical Breach Detection
- Applies the latest threat intel against an archive of historical network traffic to find breaches that dwell in your network.