KEMBAR78
From MSP to MSSP using Elastic | PDF
Elasticsearch, profile picture
Uploaded byElasticsearch
771 views

From MSP to MSSP using Elastic

The document outlines Eze Castle's transition from a Managed Service Provider (MSP) to a Managed Security Service Provider (MSSP) using Elastic technology, highlighting the challenges faced with log management and security visibility. Key milestones in their integration journey include partnerships with third-party vendors, onboarding systems, and product relaunches, emphasizing the benefits of using Elastic's cloud and support services. The initiative has led to significant improvements in event ingestion rates, threat feed integrations, and overall customer onboarding times.

Download to read offline
From MSP to MSSP Our Journey with Elastic
Eze Castle Integration Overview Managed Service Provider (MSP) Cloud Service Provider (CSP) Internet Service Provider (ISP) Managed Security Service Provider (MSSP)
Technology Growth at Eze Castle
The Challenge •Technology Silos Each department or team managing their own logs •Non-standard Formatting Logs stored in original format without normalization •Compliance with Regulatory Requirements and Guidelines Difficultly guaranteeing log retention •Search Finding needles in haystack •Detection and Response Lack of visibility on suspicious activity
Our SIEM Journey 2018-09 Partnered with 3 rd party vendor 2019-03 Finished onboarding internal systems 2019-07 Product launch 2019-08-26 Build POC on Elastic Cloud 2019-09-30 Partnered with Elastic 2019-10 Finished onboarding internal systems 2019-11 Relaunched the product 2019-08-23 Vendor went out of business
Windows Agents
Do It Right the First Time One-on-one with experts Validate your design Ask anything! Less Headache Easy to scale Easy to upgrade No infrastructure Great feature parity Cost effective Do It Right All the Time Great instructors Instructor-led and on-demand Full-blown lab Great content Get Help When You Need It Good response time Knowledgeable Team Phone Support Dedicated Support Engineer ServicesWe Use ELASTIC CLOUD ELASTIC CONSULTING ELASTIC LEARNING ELASTIC SUPPORT
YESWE CAN! Filebeat Dozens of built-in modules supporting ingest via syslog, API, or reading text files with Filebeat and Logstash Logstash No Filebeat module? No problem!
Managed SIEM –Technology Integrations Elastic Built-in Filebeat Modules Custom Developed ActiveMQ Apache Auditd AWS AWS Fargate Azure Barracuda Bluecoat CEF Check Point Cisco CoreDNS Crowdstrike Cyberark Cyberark PAS Cylance Elasticsearch Envoyproxy F5 Fortinet Google Cloud Google Workspace GSuite haproxy IBM MQ Icinga IIS Imperva Infoblox Iptables Juniper Kafka Kibana Logstash Microsoft MISP MongoDB MSSQL MySQL MySQL Enterprise nats NetFlow Netscout Nginx Office 365 Okta Oracle Osquery Palo Alto Networks pensando PostgreSQL Proofpoint RabbitMQ Radware Redis Santa Snort Snyk Sonicwall Sophos Squid Suricata System Threat Intel Tomcat Traefik Zeek (Bro) Zoom Zscaler Citrix Netscaler DMARC iboss Microsoft DHCP Proofpoint TAP SentinelOne SpyCloud 2+ billion events per day avg. ingestion rate, that’s 23,148 events / second
Eze Managed SIEM –Threat Feed Integrations Pre miu m Fee ds SOC Prime Bad Packets Co mm unit y Fee ds Alienvault OTX CINSscore CyberCrime Tracker Feodo Tracker FireHOL GreenSnow IPSum ListDynamic DNS providers MalShare MalSilo OpenPhish Phishtank Proofpoint Emerging Threats TOR Exit Nodes Vxvault
What Happened Since Values shown are accurate as of June 02, 2021 < 2 Weeks avg. onboarding time per customer
• More integrations • More enrichment • More machine learning • More beats • Elastic Agents Next Steps
www.eci.com

More Related Content

PPTX
SOAR and SIEM.pptx
byAjit Wadhawan
 
PPTX
Cyber Defense Matrix: Revolutions
bySounil Yu
 
PDF
From SIEM to SOC: Crossing the Cybersecurity Chasm
byPriyanka Aash
 
PDF
Rothke secure360 building a security operations center (soc)
byBen Rothke
 
PPTX
Security Operation Center - Design & Build
bySameer Paradia
 
PPTX
Cyber Defense Matrix: Reloaded
bySounil Yu
 
PDF
Building Security Operation Center
byS.E. CTS CERT-GOV-MD
 
PPSX
Next-Gen security operation center
byMuhammad Sahputra
 
SOAR and SIEM.pptx
byAjit Wadhawan
 
Cyber Defense Matrix: Revolutions
bySounil Yu
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
byPriyanka Aash
 
Rothke secure360 building a security operations center (soc)
byBen Rothke
 
Security Operation Center - Design & Build
bySameer Paradia
 
Cyber Defense Matrix: Reloaded
bySounil Yu
 
Building Security Operation Center
byS.E. CTS CERT-GOV-MD
 
Next-Gen security operation center
byMuhammad Sahputra
 

What's hot

PPTX
Security Information and Event Managemen
byS Periyakaruppan CISM,ISO31000,C-EH,ITILF
 
PPTX
Azure sentinel
byMarius Sandbu
 
PPTX
SIEM presentation final
byRizwan S
 
PDF
Cybersecurity Capability Maturity Model Self-Evaluation Report Jan 27 2023.pdf
byssuser7b150d
 
PPTX
What is SIEM
byPatten John
 
PDF
DTS Solution - Building a SOC (Security Operations Center)
byShah Sheikh
 
PDF
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
byIBM Security
 
PDF
Building an Analytics Enables SOC
bySplunk
 
PPTX
Security operation center (SOC)
byAhmed Ayman
 
PPTX
Security Operations Center (SOC) Essentials for the SME
byAlienVault
 
PPTX
New Paradigms for the Next Era of Security
bySounil Yu
 
PPTX
Security Information and Event Management (SIEM)
byhardik soni
 
PPTX
SEIM-Microsoft Sentinel.pptx
byAmrMousa51
 
PPTX
6 Steps for Operationalizing Threat Intelligence
bySirius
 
PDF
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
byEdureka!
 
PPTX
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
bySirius
 
PDF
Microsoft Azure Sentinel
byBGA Cyber Security
 
PDF
What is SIEM? A Brilliant Guide to the Basics
bySagar Joshi
 
PDF
State of the ATT&CK
byMITRE ATT&CK
 
PPTX
IBM Security QRadar
byVirginia Fernandez
 
Security Information and Event Managemen
byS Periyakaruppan CISM,ISO31000,C-EH,ITILF
 
Azure sentinel
byMarius Sandbu
 
SIEM presentation final
byRizwan S
 
Cybersecurity Capability Maturity Model Self-Evaluation Report Jan 27 2023.pdf
byssuser7b150d
 
What is SIEM
byPatten John
 
DTS Solution - Building a SOC (Security Operations Center)
byShah Sheikh
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
byIBM Security
 
Building an Analytics Enables SOC
bySplunk
 
Security operation center (SOC)
byAhmed Ayman
 
Security Operations Center (SOC) Essentials for the SME
byAlienVault
 
New Paradigms for the Next Era of Security
bySounil Yu
 
Security Information and Event Management (SIEM)
byhardik soni
 
SEIM-Microsoft Sentinel.pptx
byAmrMousa51
 
6 Steps for Operationalizing Threat Intelligence
bySirius
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
byEdureka!
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
bySirius
 
Microsoft Azure Sentinel
byBGA Cyber Security
 
What is SIEM? A Brilliant Guide to the Basics
bySagar Joshi
 
State of the ATT&CK
byMITRE ATT&CK
 
IBM Security QRadar
byVirginia Fernandez
 

Similar to From MSP to MSSP using Elastic

PDF
The Journey from Zero to SOC: How Citadel built its Security Operations from ...
byElasticsearch
 
PDF
For UK MSP, optimizing customer experience is key to successful security post...
byDana Gardner
 
PPTX
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
byAlienVault
 
PDF
Getting Started with Security for your Oracle SOA Suite Integrations
byRevelation Technologies
 
PDF
What's new at Elastic: Update on major initiatives and releases
byElasticsearch
 
PDF
Forrester Emerging MSSP Wave
byEnvision Technology Advisors
 
PDF
Elastic Security keynote
byElasticsearch
 
PDF
ESM v5.0 Service Layer Developer's Guide
byProtect724
 
PDF
ESM v5.0 Service Layer Developer's Guide
byProtect724
 
PPT
Security Outsourcing - Couples Counseling - Atif Ghauri
byAtif Ghauri
 
PPTX
SOA Mainframe Service Architecture and Enablement Practices Best and Worst Pr...
byMichael Erichsen
 
PDF
Presentation big data
byxKinAnx
 
PDF
ICTA Technology Meetup 01 - Enterprise Application Integration
byCrishantha Nanayakkara
 
PDF
Attacking XML Security
byYusuf Motiwala
 
PDF
Elastic SIEM (Endpoint Security)
byKangaroot
 
PDF
Architecting and Tuning IIB/eXtreme Scale for Maximum Performance and Reliabi...
byProlifics
 
PDF
What's new at Elastic: Update on major initiatives and releases
byElasticsearch
 
PDF
Tips to Remediate your Vulnerability Management Program
byBeyondTrust
 
PPTX
Splunk für Security
bySplunk
 
PDF
Empower your security practitioners with the Elastic Stack
byElasticsearch
 
The Journey from Zero to SOC: How Citadel built its Security Operations from ...
byElasticsearch
 
For UK MSP, optimizing customer experience is key to successful security post...
byDana Gardner
 
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
byAlienVault
 
Getting Started with Security for your Oracle SOA Suite Integrations
byRevelation Technologies
 
What's new at Elastic: Update on major initiatives and releases
byElasticsearch
 
Forrester Emerging MSSP Wave
byEnvision Technology Advisors
 
Elastic Security keynote
byElasticsearch
 
ESM v5.0 Service Layer Developer's Guide
byProtect724
 
ESM v5.0 Service Layer Developer's Guide
byProtect724
 
Security Outsourcing - Couples Counseling - Atif Ghauri
byAtif Ghauri
 
SOA Mainframe Service Architecture and Enablement Practices Best and Worst Pr...
byMichael Erichsen
 
Presentation big data
byxKinAnx
 
ICTA Technology Meetup 01 - Enterprise Application Integration
byCrishantha Nanayakkara
 
Attacking XML Security
byYusuf Motiwala
 
Elastic SIEM (Endpoint Security)
byKangaroot
 
Architecting and Tuning IIB/eXtreme Scale for Maximum Performance and Reliabi...
byProlifics
 
What's new at Elastic: Update on major initiatives and releases
byElasticsearch
 
Tips to Remediate your Vulnerability Management Program
byBeyondTrust
 
Splunk für Security
bySplunk
 
Empower your security practitioners with the Elastic Stack
byElasticsearch
 

More from Elasticsearch

PDF
An introduction to Elasticsearch's advanced relevance ranking toolbox
byElasticsearch
 
PDF
Cómo crear excelentes experiencias de búsqueda en sitios web
byElasticsearch
 
PDF
Te damos la bienvenida a una nueva forma de realizar búsquedas
byElasticsearch
 
PDF
Tirez pleinement parti d'Elastic grâce à Elastic Cloud
byElasticsearch
 
PDF
Comment transformer vos données en informations exploitables
byElasticsearch
 
PDF
Plongez au cœur de la recherche dans tous ses états.
byElasticsearch
 
PDF
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]
byElasticsearch
 
PDF
An introduction to Elasticsearch's advanced relevance ranking toolbox
byElasticsearch
 
PDF
Welcome to a new state of find
byElasticsearch
 
PDF
Building great website search experiences
byElasticsearch
 
PDF
Keynote: Harnessing the power of Elasticsearch for simplified search
byElasticsearch
 
PDF
Cómo transformar los datos en análisis con los que tomar decisiones
byElasticsearch
 
PDF
Explore relève les défis Big Data avec Elastic Cloud
byElasticsearch
 
PDF
Comment transformer vos données en informations exploitables
byElasticsearch
 
PDF
Transforming data into actionable insights
byElasticsearch
 
PDF
Opening Keynote: Why Elastic?
byElasticsearch
 
PDF
Empowering agencies using Elastic as a Service inside Government
byElasticsearch
 
PDF
The opportunities and challenges of data for public good
byElasticsearch
 
PDF
Enterprise search and unstructured data with CGI and Elastic
byElasticsearch
 
PDF
クローラーを迅速に入手:効果的なWebクローラーの作成方法
byElasticsearch
 
An introduction to Elasticsearch's advanced relevance ranking toolbox
byElasticsearch
 
Cómo crear excelentes experiencias de búsqueda en sitios web
byElasticsearch
 
Te damos la bienvenida a una nueva forma de realizar búsquedas
byElasticsearch
 
Tirez pleinement parti d'Elastic grâce à Elastic Cloud
byElasticsearch
 
Comment transformer vos données en informations exploitables
byElasticsearch
 
Plongez au cœur de la recherche dans tous ses états.
byElasticsearch
 
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]
byElasticsearch
 
An introduction to Elasticsearch's advanced relevance ranking toolbox
byElasticsearch
 
Welcome to a new state of find
byElasticsearch
 
Building great website search experiences
byElasticsearch
 
Keynote: Harnessing the power of Elasticsearch for simplified search
byElasticsearch
 
Cómo transformar los datos en análisis con los que tomar decisiones
byElasticsearch
 
Explore relève les défis Big Data avec Elastic Cloud
byElasticsearch
 
Comment transformer vos données en informations exploitables
byElasticsearch
 
Transforming data into actionable insights
byElasticsearch
 
Opening Keynote: Why Elastic?
byElasticsearch
 
Empowering agencies using Elastic as a Service inside Government
byElasticsearch
 
The opportunities and challenges of data for public good
byElasticsearch
 
Enterprise search and unstructured data with CGI and Elastic
byElasticsearch
 
クローラーを迅速に入手:効果的なWebクローラーの作成方法
byElasticsearch
 

Recently uploaded

PDF
NDP Act GAID Simplified: From Confusion to Compliance
byMuiz Adeleke
 
PDF
Agentic AI Guide for Enterprise Use-cases
byDebmalya Biswas
 
PPTX
BioVault.net ADW 2025 CODATA: SyftBox: a General Purpose Solution for Data Vi...
byMadhava Jay
 
PDF
NSSHOEU-J 4x35mm² Cable Specification.pdf
byAnhui Feichun Special Cable Co., Ltd.
 
PDF
Application Monitoring and Observability: Elastic Stack Solution for Producti...
byPattabhi Amperayani
 
PDF
Ethical Initiatives in AI and accountability.pdf
byShiwani Gupta
 
PDF
Expert Python App Development Company for Modern Enterprises
bySynapseIndia
 
PDF
Session 4 - Specialized AI Associate Series: UiPath Document Understanding O...
byDianaGray10
 
PDF
Planetek Italia Corporate Profile brochure
byPlanetek Italia Srl
 
PDF
Ask Me Anything About AI Assist: Practical Answers for Real Workflows
bySafe Software
 
PDF
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
PDF
UiPath DevConnect 2025: Introduction to Agentic Automation
byDianaGray10
 
PDF
Getting the Best of TrueDEM – October News & Updates
bypanagenda
 
PDF
TrustArc Webinar - Migration to TrustArc: What Your Journey Will Look Like
byTrustArc
 
PDF
UnityNet Digital Sovereignty Checklist 2025-10-13
byLHelferty
 
PDF
What's New? ThousandEyes Features and Highlights: October 2025
byThousandEyes
 
PPTX
CBD Belgium 2025 - The adventures of a Microsoft 365 Platform Owner.pptx
byJasper Oosterveld
 
PDF
Combining AI with Red Teaming and Bug Bounty
byRamin Farajpour Cami
 
PDF
From Bots to Brains: Getting Started with Agentic Automation in UiPath
byUiPathCommunity
 
PDF
What is Google Cloud Platform (GCP)? A 5-Minute Guide for Beginners (2025)
byTeleglobal International
 
NDP Act GAID Simplified: From Confusion to Compliance
byMuiz Adeleke
 
Agentic AI Guide for Enterprise Use-cases
byDebmalya Biswas
 
BioVault.net ADW 2025 CODATA: SyftBox: a General Purpose Solution for Data Vi...
byMadhava Jay
 
NSSHOEU-J 4x35mm² Cable Specification.pdf
byAnhui Feichun Special Cable Co., Ltd.
 
Application Monitoring and Observability: Elastic Stack Solution for Producti...
byPattabhi Amperayani
 
Ethical Initiatives in AI and accountability.pdf
byShiwani Gupta
 
Expert Python App Development Company for Modern Enterprises
bySynapseIndia
 
Session 4 - Specialized AI Associate Series: UiPath Document Understanding O...
byDianaGray10
 
Planetek Italia Corporate Profile brochure
byPlanetek Italia Srl
 
Ask Me Anything About AI Assist: Practical Answers for Real Workflows
bySafe Software
 
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
UiPath DevConnect 2025: Introduction to Agentic Automation
byDianaGray10
 
Getting the Best of TrueDEM – October News & Updates
bypanagenda
 
TrustArc Webinar - Migration to TrustArc: What Your Journey Will Look Like
byTrustArc
 
UnityNet Digital Sovereignty Checklist 2025-10-13
byLHelferty
 
What's New? ThousandEyes Features and Highlights: October 2025
byThousandEyes
 
CBD Belgium 2025 - The adventures of a Microsoft 365 Platform Owner.pptx
byJasper Oosterveld
 
Combining AI with Red Teaming and Bug Bounty
byRamin Farajpour Cami
 
From Bots to Brains: Getting Started with Agentic Automation in UiPath
byUiPathCommunity
 
What is Google Cloud Platform (GCP)? A 5-Minute Guide for Beginners (2025)
byTeleglobal International
 
In this document
Powered by AI

Overview of the transition from Managed Service Provider (MSP) to Managed Security Service Provider (MSSP) at Eze Castle Integration.

Discusses technological growth challenges including technology silos, log management, compliance issues, and detection deficits.

Chronological journey of integrating SIEM, starting from vendor partnership in 2018 to product relaunch in 2019.

Focus on Windows agents and methodologies including Filebeat and Logstash for log data handling.

List of integrations with various technologies, highlighting an average ingestion rate of 2+ billion events per day.

Overview of premium and community threat feed integrations to enhance SIEM capabilities.

Details on onboarding times and mention of next steps including enhancements in services.

Website link for Eze Castle Integration.

From MSP to MSSP using Elastic

  • 1.
    From MSP toMSSP Our Journey with Elastic
  • 2.
    Eze Castle IntegrationOverview Managed Service Provider (MSP) Cloud Service Provider (CSP) Internet Service Provider (ISP) Managed Security Service Provider (MSSP)
  • 3.
  • 4.
    The Challenge •Technology Silos Eachdepartment or team managing their own logs •Non-standard Formatting Logs stored in original format without normalization •Compliance with Regulatory Requirements and Guidelines Difficultly guaranteeing log retention •Search Finding needles in haystack •Detection and Response Lack of visibility on suspicious activity
  • 5.
  • 8.
  • 9.
    Do It Right theFirst Time One-on-one with experts Validate your design Ask anything! Less Headache Easy to scale Easy to upgrade No infrastructure Great feature parity Cost effective Do It Right All the Time Great instructors Instructor-led and on-demand Full-blown lab Great content Get Help When You Need It Good response time Knowledgeable Team Phone Support Dedicated Support Engineer ServicesWe Use ELASTIC CLOUD ELASTIC CONSULTING ELASTIC LEARNING ELASTIC SUPPORT
  • 10.
    YESWE CAN! Filebeat Dozens ofbuilt-in modules supporting ingest via syslog, API, or reading text files with Filebeat and Logstash Logstash No Filebeat module? No problem!
  • 11.
    Managed SIEM –TechnologyIntegrations Elastic Built-in Filebeat Modules Custom Developed ActiveMQ Apache Auditd AWS AWS Fargate Azure Barracuda Bluecoat CEF Check Point Cisco CoreDNS Crowdstrike Cyberark Cyberark PAS Cylance Elasticsearch Envoyproxy F5 Fortinet Google Cloud Google Workspace GSuite haproxy IBM MQ Icinga IIS Imperva Infoblox Iptables Juniper Kafka Kibana Logstash Microsoft MISP MongoDB MSSQL MySQL MySQL Enterprise nats NetFlow Netscout Nginx Office 365 Okta Oracle Osquery Palo Alto Networks pensando PostgreSQL Proofpoint RabbitMQ Radware Redis Santa Snort Snyk Sonicwall Sophos Squid Suricata System Threat Intel Tomcat Traefik Zeek (Bro) Zoom Zscaler Citrix Netscaler DMARC iboss Microsoft DHCP Proofpoint TAP SentinelOne SpyCloud 2+ billion events per day avg. ingestion rate, that’s 23,148 events / second
  • 12.
    Eze Managed SIEM–Threat Feed Integrations Pre miu m Fee ds SOC Prime Bad Packets Co mm unit y Fee ds Alienvault OTX CINSscore CyberCrime Tracker Feodo Tracker FireHOL GreenSnow IPSum ListDynamic DNS providers MalShare MalSilo OpenPhish Phishtank Proofpoint Emerging Threats TOR Exit Nodes Vxvault
  • 13.
    What Happened Since Valuesshown are accurate as of June 02, 2021 < 2 Weeks avg. onboarding time per customer
  • 14.
    • More integrations •More enrichment • More machine learning • More beats • Elastic Agents Next Steps
  • 15.