Abstract image of a woman sitting on books and studying on a laptop

From MSP to MSSP using Elastic

Elasticsearch, profile picture
Elasticsearch

The document outlines Eze Castle's transition from a Managed Service Provider (MSP) to a Managed Security Service Provider (MSSP) using Elastic technology, highlighting the challenges faced with log management and security visibility. Key milestones in their integration journey include partnerships with third-party vendors, onboarding systems, and product relaunches, emphasizing the benefits of using Elastic's cloud and support services. The initiative has led to significant improvements in event ingestion rates, threat feed integrations, and overall customer onboarding times.

Technology
1 of 15
Download to read offline
1
2
Most read
3
4
5
Most read
6
7
8
9
10
11
Most read
12
13
14
15
From MSP to MSSP Our Journey with Elastic
Eze Castle Integration Overview Managed Service Provider (MSP) Cloud Service Provider (CSP) Internet Service Provider (ISP) Managed Security Service Provider (MSSP)
Technology Growth at Eze Castle
The Challenge •Technology Silos Each department or team managing their own logs •Non-standard Formatting Logs stored in original format without normalization •Compliance with Regulatory Requirements and Guidelines Difficultly guaranteeing log retention •Search Finding needles in haystack •Detection and Response Lack of visibility on suspicious activity
Our SIEM Journey 2018-09 Partnered with 3 rd party vendor 2019-03 Finished onboarding internal systems 2019-07 Product launch 2019-08-26 Build POC on Elastic Cloud 2019-09-30 Partnered with Elastic 2019-10 Finished onboarding internal systems 2019-11 Relaunched the product 2019-08-23 Vendor went out of business
From MSP to MSSP using Elastic
From MSP to MSSP using Elastic
Windows Agents
Do It Right the First Time One-on-one with experts Validate your design Ask anything! Less Headache Easy to scale Easy to upgrade No infrastructure Great feature parity Cost effective Do It Right All the Time Great instructors Instructor-led and on-demand Full-blown lab Great content Get Help When You Need It Good response time Knowledgeable Team Phone Support Dedicated Support Engineer ServicesWe Use ELASTIC CLOUD ELASTIC CONSULTING ELASTIC LEARNING ELASTIC SUPPORT
YESWE CAN! Filebeat Dozens of built-in modules supporting ingest via syslog, API, or reading text files with Filebeat and Logstash Logstash No Filebeat module? No problem!
Managed SIEM –Technology Integrations Elastic Built-in Filebeat Modules Custom Developed ActiveMQ Apache Auditd AWS AWS Fargate Azure Barracuda Bluecoat CEF Check Point Cisco CoreDNS Crowdstrike Cyberark Cyberark PAS Cylance Elasticsearch Envoyproxy F5 Fortinet Google Cloud Google Workspace GSuite haproxy IBM MQ Icinga IIS Imperva Infoblox Iptables Juniper Kafka Kibana Logstash Microsoft MISP MongoDB MSSQL MySQL MySQL Enterprise nats NetFlow Netscout Nginx Office 365 Okta Oracle Osquery Palo Alto Networks pensando PostgreSQL Proofpoint RabbitMQ Radware Redis Santa Snort Snyk Sonicwall Sophos Squid Suricata System Threat Intel Tomcat Traefik Zeek (Bro) Zoom Zscaler Citrix Netscaler DMARC iboss Microsoft DHCP Proofpoint TAP SentinelOne SpyCloud 2+ billion events per day avg. ingestion rate, that’s 23,148 events / second
Eze Managed SIEM –Threat Feed Integrations Pre miu m Fee ds SOC Prime Bad Packets Co mm unit y Fee ds Alienvault OTX CINSscore CyberCrime Tracker Feodo Tracker FireHOL GreenSnow IPSum ListDynamic DNS providers MalShare MalSilo OpenPhish Phishtank Proofpoint Emerging Threats TOR Exit Nodes Vxvault
What Happened Since Values shown are accurate as of June 02, 2021 < 2 Weeks avg. onboarding time per customer
• More integrations • More enrichment • More machine learning • More beats • Elastic Agents Next Steps
www.eci.com

More Related Content

PPTX
SEIM-Microsoft Sentinel.pptx
AmrMousa51
 
PPT
Application Security
Reggie Niccolo Santos
 
PDF
introduction to Azure Sentinel
Robert Crane
 
PDF
Microsoft Azure Sentinel
BGA Cyber Security
 
PPTX
Azure Sentinel.pptx
Mohit Chhabra
 
PDF
Patch and Vulnerability Management
Marcelo Martins
 
PDF
Maturity Model of Security Disciplines
Florian Roth
 
PDF
INCIDENT RESPONSE NIST IMPLEMENTATION
Sylvain Martinez
 
SEIM-Microsoft Sentinel.pptx
AmrMousa51
 
Application Security
Reggie Niccolo Santos
 
introduction to Azure Sentinel
Robert Crane
 
Microsoft Azure Sentinel
BGA Cyber Security
 
Azure Sentinel.pptx
Mohit Chhabra
 
Patch and Vulnerability Management
Marcelo Martins
 
Maturity Model of Security Disciplines
Florian Roth
 
INCIDENT RESPONSE NIST IMPLEMENTATION
Sylvain Martinez
 

What's hot (20)

PPTX
Secure coding practices
Mohammed Danish Amber
 
PPTX
Roadmap to security operations excellence
Erik Taavila
 
PDF
DevSecOps in Baby Steps
Priyanka Aash
 
PDF
Security operations center 5 security controls
AlienVault
 
PPTX
Splunk Overview
Splunk
 
PDF
2019 DevSecOps Reference Architectures
Sonatype
 
PDF
SAST vs. DAST: What’s the Best Method For Application Security Testing?
Cigital
 
PPTX
Web application security
Kapil Sharma
 
PDF
Cyber Threat Intelligence - It's not just about the feeds
Iain Dickson
 
PPTX
Vulnerabilities in modern web applications
Niyas Nazar
 
PDF
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
PDF
ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CK
MITRE ATT&CK
 
PDF
AWS Security Hub
Crishantha Nanayakkara
 
PDF
Cloud Security Demystified
Michael Torres
 
PPTX
Vulnerability Assessment
primeteacher32
 
PDF
ATT&CK Updates- ATT&CK for ICS
MITRE ATT&CK
 
PDF
Microsoft 365 Enterprise Security with E5 Overview
David J Rosenthal
 
PDF
Microsoft Office 365 Security and Compliance
David J Rosenthal
 
PDF
Web application security & Testing
Deepu S Nath
 
PPTX
7 Steps to Threat Modeling
Danny Wong
 
Secure coding practices
Mohammed Danish Amber
 
Roadmap to security operations excellence
Erik Taavila
 
DevSecOps in Baby Steps
Priyanka Aash
 
Security operations center 5 security controls
AlienVault
 
Splunk Overview
Splunk
 
2019 DevSecOps Reference Architectures
Sonatype
 
SAST vs. DAST: What’s the Best Method For Application Security Testing?
Cigital
 
Web application security
Kapil Sharma
 
Cyber Threat Intelligence - It's not just about the feeds
Iain Dickson
 
Vulnerabilities in modern web applications
Niyas Nazar
 
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CK
MITRE ATT&CK
 
AWS Security Hub
Crishantha Nanayakkara
 
Cloud Security Demystified
Michael Torres
 
Vulnerability Assessment
primeteacher32
 
ATT&CK Updates- ATT&CK for ICS
MITRE ATT&CK
 
Microsoft 365 Enterprise Security with E5 Overview
David J Rosenthal
 
Microsoft Office 365 Security and Compliance
David J Rosenthal
 
Web application security & Testing
Deepu S Nath
 
7 Steps to Threat Modeling
Danny Wong
 
Ad

Similar to From MSP to MSSP using Elastic (20)

PDF
The Journey from Zero to SOC: How Citadel built its Security Operations from ...
Elasticsearch
 
PDF
For UK MSP, optimizing customer experience is key to successful security post...
Dana Gardner
 
PPTX
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault
 
PDF
Getting Started with Security for your Oracle SOA Suite Integrations
Revelation Technologies
 
PDF
What's new at Elastic: Update on major initiatives and releases
Elasticsearch
 
PDF
Forrester Emerging MSSP Wave
Envision Technology Advisors
 
PDF
Elastic Security keynote
Elasticsearch
 
PDF
ESM v5.0 Service Layer Developer's Guide
Protect724
 
PDF
ESM v5.0 Service Layer Developer's Guide
Protect724
 
PPT
Security Outsourcing - Couples Counseling - Atif Ghauri
Atif Ghauri
 
PPTX
SOA Mainframe Service Architecture and Enablement Practices Best and Worst Pr...
Michael Erichsen
 
PDF
Presentation big data
xKinAnx
 
PDF
ICTA Technology Meetup 01 - Enterprise Application Integration
Crishantha Nanayakkara
 
PDF
Attacking XML Security
Yusuf Motiwala
 
PDF
Elastic SIEM (Endpoint Security)
Kangaroot
 
PDF
Architecting and Tuning IIB/eXtreme Scale for Maximum Performance and Reliabi...
Prolifics
 
PDF
What's new at Elastic: Update on major initiatives and releases
Elasticsearch
 
PDF
Tips to Remediate your Vulnerability Management Program
BeyondTrust
 
PPTX
Splunk für Security
Splunk
 
PDF
Empower your security practitioners with the Elastic Stack
Elasticsearch
 
The Journey from Zero to SOC: How Citadel built its Security Operations from ...
Elasticsearch
 
For UK MSP, optimizing customer experience is key to successful security post...
Dana Gardner
 
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault
 
Getting Started with Security for your Oracle SOA Suite Integrations
Revelation Technologies
 
What's new at Elastic: Update on major initiatives and releases
Elasticsearch
 
Forrester Emerging MSSP Wave
Envision Technology Advisors
 
Elastic Security keynote
Elasticsearch
 
ESM v5.0 Service Layer Developer's Guide
Protect724
 
ESM v5.0 Service Layer Developer's Guide
Protect724
 
Security Outsourcing - Couples Counseling - Atif Ghauri
Atif Ghauri
 
SOA Mainframe Service Architecture and Enablement Practices Best and Worst Pr...
Michael Erichsen
 
Presentation big data
xKinAnx
 
ICTA Technology Meetup 01 - Enterprise Application Integration
Crishantha Nanayakkara
 
Attacking XML Security
Yusuf Motiwala
 
Elastic SIEM (Endpoint Security)
Kangaroot
 
Architecting and Tuning IIB/eXtreme Scale for Maximum Performance and Reliabi...
Prolifics
 
What's new at Elastic: Update on major initiatives and releases
Elasticsearch
 
Tips to Remediate your Vulnerability Management Program
BeyondTrust
 
Splunk für Security
Splunk
 
Empower your security practitioners with the Elastic Stack
Elasticsearch
 
Ad

More from Elasticsearch (20)

PDF
An introduction to Elasticsearch's advanced relevance ranking toolbox
Elasticsearch
 
PDF
Cómo crear excelentes experiencias de búsqueda en sitios web
Elasticsearch
 
PDF
Te damos la bienvenida a una nueva forma de realizar búsquedas
Elasticsearch
 
PDF
Tirez pleinement parti d'Elastic grâce à Elastic Cloud
Elasticsearch
 
PDF
Comment transformer vos données en informations exploitables
Elasticsearch
 
PDF
Plongez au cœur de la recherche dans tous ses états.
Elasticsearch
 
PDF
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]
Elasticsearch
 
PDF
An introduction to Elasticsearch's advanced relevance ranking toolbox
Elasticsearch
 
PDF
Welcome to a new state of find
Elasticsearch
 
PDF
Building great website search experiences
Elasticsearch
 
PDF
Keynote: Harnessing the power of Elasticsearch for simplified search
Elasticsearch
 
PDF
Cómo transformar los datos en análisis con los que tomar decisiones
Elasticsearch
 
PDF
Explore relève les défis Big Data avec Elastic Cloud
Elasticsearch
 
PDF
Comment transformer vos données en informations exploitables
Elasticsearch
 
PDF
Transforming data into actionable insights
Elasticsearch
 
PDF
Opening Keynote: Why Elastic?
Elasticsearch
 
PDF
Empowering agencies using Elastic as a Service inside Government
Elasticsearch
 
PDF
The opportunities and challenges of data for public good
Elasticsearch
 
PDF
Enterprise search and unstructured data with CGI and Elastic
Elasticsearch
 
PDF
クローラーを迅速に入手:効果的なWebクローラーの作成方法
Elasticsearch
 
An introduction to Elasticsearch's advanced relevance ranking toolbox
Elasticsearch
 
Cómo crear excelentes experiencias de búsqueda en sitios web
Elasticsearch
 
Te damos la bienvenida a una nueva forma de realizar búsquedas
Elasticsearch
 
Tirez pleinement parti d'Elastic grâce à Elastic Cloud
Elasticsearch
 
Comment transformer vos données en informations exploitables
Elasticsearch
 
Plongez au cœur de la recherche dans tous ses états.
Elasticsearch
 
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]
Elasticsearch
 
An introduction to Elasticsearch's advanced relevance ranking toolbox
Elasticsearch
 
Welcome to a new state of find
Elasticsearch
 
Building great website search experiences
Elasticsearch
 
Keynote: Harnessing the power of Elasticsearch for simplified search
Elasticsearch
 
Cómo transformar los datos en análisis con los que tomar decisiones
Elasticsearch
 
Explore relève les défis Big Data avec Elastic Cloud
Elasticsearch
 
Comment transformer vos données en informations exploitables
Elasticsearch
 
Transforming data into actionable insights
Elasticsearch
 
Opening Keynote: Why Elastic?
Elasticsearch
 
Empowering agencies using Elastic as a Service inside Government
Elasticsearch
 
The opportunities and challenges of data for public good
Elasticsearch
 
Enterprise search and unstructured data with CGI and Elastic
Elasticsearch
 
クローラーを迅速に入手:効果的なWebクローラーの作成方法
Elasticsearch
 

Recently uploaded (20)

PDF
giants, standing on the shoulders of - by Daniel Stenberg
Daniel Stenberg
 
PDF
Transform-Your-Streaming-Platform-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
PDF
Co-training pseudo-labeling for text classification with support vector machi...
IAESIJAI
 
PDF
LMS bot: enhanced learning management systems for improved student learning e...
IAESIJAI
 
PDF
Ensemble model-based arrhythmia classification with local interpretable model...
IAESIJAI
 
PDF
Dell Pro Micro: Speed customer interactions, patient processing, and learning...
Principled Technologies
 
PDF
Accessing-Finance-in-Jordan-MENA 2024 2025.pdf
Mustafa Kuğu
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
Safe Software
 
PDF
Electrocardiogram sequences data analytics and classification using unsupervi...
IAESIJAI
 
PDF
Early detection and classification of bone marrow changes in lumbar vertebrae...
IAESIJAI
 
PDF
Transform-Quality-Engineering-with-AI-A-60-Day-Blueprint-for-Digital-Success.pdf
Kalilur Rahman
 
PDF
The-2025-Engineering-Revolution-AI-Quality-and-DevOps-Convergence.pdf
Kalilur Rahman
 
PDF
Rapid Prototyping: A lecture on prototyping techniques for interface design
Mark Billinghurst
 
PDF
CXOs-Are-you-still-doing-manual-DevOps-in-the-age-of-AI.pdf
Kalilur Rahman
 
PDF
zbrain.ai-Scope Key Metrics Configuration and Best Practices.pdf
ChristopherTHyatt
 
PDF
Build Real-Time ML Apps with Python, Feast & NoSQL
ScyllaDB
 
PDF
Advancing precision in air quality forecasting through machine learning integ...
IAESIJAI
 
PPTX
Module 1 Introduction to Web Programming .pptx
kamleshkc191
 
PDF
Introduction to MCP and A2A Protocols: Enabling Agent Communication
Maxim Salnikov
 
PDF
SaaS reusability assessment using machine learning techniques
IAESIJAI
 
giants, standing on the shoulders of - by Daniel Stenberg
Daniel Stenberg
 
Transform-Your-Streaming-Platform-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
Co-training pseudo-labeling for text classification with support vector machi...
IAESIJAI
 
LMS bot: enhanced learning management systems for improved student learning e...
IAESIJAI
 
Ensemble model-based arrhythmia classification with local interpretable model...
IAESIJAI
 
Dell Pro Micro: Speed customer interactions, patient processing, and learning...
Principled Technologies
 
Accessing-Finance-in-Jordan-MENA 2024 2025.pdf
Mustafa Kuğu
 
Data Virtualization in Action: Scaling APIs and Apps with FME
Safe Software
 
Electrocardiogram sequences data analytics and classification using unsupervi...
IAESIJAI
 
Early detection and classification of bone marrow changes in lumbar vertebrae...
IAESIJAI
 
Transform-Quality-Engineering-with-AI-A-60-Day-Blueprint-for-Digital-Success.pdf
Kalilur Rahman
 
The-2025-Engineering-Revolution-AI-Quality-and-DevOps-Convergence.pdf
Kalilur Rahman
 
Rapid Prototyping: A lecture on prototyping techniques for interface design
Mark Billinghurst
 
CXOs-Are-you-still-doing-manual-DevOps-in-the-age-of-AI.pdf
Kalilur Rahman
 
zbrain.ai-Scope Key Metrics Configuration and Best Practices.pdf
ChristopherTHyatt
 
Build Real-Time ML Apps with Python, Feast & NoSQL
ScyllaDB
 
Advancing precision in air quality forecasting through machine learning integ...
IAESIJAI
 
Module 1 Introduction to Web Programming .pptx
kamleshkc191
 
Introduction to MCP and A2A Protocols: Enabling Agent Communication
Maxim Salnikov
 
SaaS reusability assessment using machine learning techniques
IAESIJAI
 

From MSP to MSSP using Elastic

  • 1. From MSP to MSSP Our Journey with Elastic
  • 2. Eze Castle Integration Overview Managed Service Provider (MSP) Cloud Service Provider (CSP) Internet Service Provider (ISP) Managed Security Service Provider (MSSP)
  • 3. Technology Growth at Eze Castle
  • 4. The Challenge •Technology Silos Each department or team managing their own logs •Non-standard Formatting Logs stored in original format without normalization •Compliance with Regulatory Requirements and Guidelines Difficultly guaranteeing log retention •Search Finding needles in haystack •Detection and Response Lack of visibility on suspicious activity
  • 9. Do It Right the First Time One-on-one with experts Validate your design Ask anything! Less Headache Easy to scale Easy to upgrade No infrastructure Great feature parity Cost effective Do It Right All the Time Great instructors Instructor-led and on-demand Full-blown lab Great content Get Help When You Need It Good response time Knowledgeable Team Phone Support Dedicated Support Engineer ServicesWe Use ELASTIC CLOUD ELASTIC CONSULTING ELASTIC LEARNING ELASTIC SUPPORT
  • 10. YESWE CAN! Filebeat Dozens of built-in modules supporting ingest via syslog, API, or reading text files with Filebeat and Logstash Logstash No Filebeat module? No problem!
  • 11. Managed SIEM –Technology Integrations Elastic Built-in Filebeat Modules Custom Developed ActiveMQ Apache Auditd AWS AWS Fargate Azure Barracuda Bluecoat CEF Check Point Cisco CoreDNS Crowdstrike Cyberark Cyberark PAS Cylance Elasticsearch Envoyproxy F5 Fortinet Google Cloud Google Workspace GSuite haproxy IBM MQ Icinga IIS Imperva Infoblox Iptables Juniper Kafka Kibana Logstash Microsoft MISP MongoDB MSSQL MySQL MySQL Enterprise nats NetFlow Netscout Nginx Office 365 Okta Oracle Osquery Palo Alto Networks pensando PostgreSQL Proofpoint RabbitMQ Radware Redis Santa Snort Snyk Sonicwall Sophos Squid Suricata System Threat Intel Tomcat Traefik Zeek (Bro) Zoom Zscaler Citrix Netscaler DMARC iboss Microsoft DHCP Proofpoint TAP SentinelOne SpyCloud 2+ billion events per day avg. ingestion rate, that’s 23,148 events / second
  • 12. Eze Managed SIEM –Threat Feed Integrations Pre miu m Fee ds SOC Prime Bad Packets Co mm unit y Fee ds Alienvault OTX CINSscore CyberCrime Tracker Feodo Tracker FireHOL GreenSnow IPSum ListDynamic DNS providers MalShare MalSilo OpenPhish Phishtank Proofpoint Emerging Threats TOR Exit Nodes Vxvault
  • 13. What Happened Since Values shown are accurate as of June 02, 2021 < 2 Weeks avg. onboarding time per customer
  • 14. • More integrations • More enrichment • More machine learning • More beats • Elastic Agents Next Steps