It seems like just yesterday (April 2022) we launched our Free SIEM edition, with additional offerings to help bring advanced threat detection and response to small and medium-sized businesses (SMBs).
Now, after many months of work by our industrious engineering and product team, we’re revamping our editions with a very important expansion into the XDR (extended detection and response) market category.
But the acronym doesn’t matter; what does is how we’re solving real customer problems and innovating with automation for improved security outcomes.
Our product team interviewed Blumira users to better understand their day-to-day challenges and security needs. We heard similar refrains, over and over, when we asked our users about their team size — “It’s just me, I’m flying solo for the most part. I’m the lone man.” Or from other organizations with small IT/security teams: “Two… actually, really just me. The IT department is pretty much just me.” And, “Three staff members are regularly involved in security.”
Our customers have lean IT teams that find it challenging to complete both IT and manual security tasks on a daily basis due to lack of time, people, expertise and resources.
I don’t have the staff dedicated to sit and read logs all day or with the skillset to analyze our data. We chose Blumira for its simplicity – I needed a solution that would simplify, consolidate and show me what I really need to see. – Jim Paolicelli, IT Director, Atlantic Constructors, Inc. (ACI)
Vendor sprawl, or the procurement of disparate security solutions, results in too much data, too many alerts, workflow redundancies and lack of operational efficiency.
We’re required by CJIS and IRS Pub 1075 compliance to review our logs daily. Blumira has saved us time because we can’t monitor all of our logs — we would need a team of 100 to go through all of these logs manually. – Mike Morrow, Technical Infrastructure Manager, Ottawa County
Blumira’s XDR platform provides greater value and solves the real problems of these struggling IT teams by:
We’re focused on increasing visibility for our users’ modern hybrid environments, enhancing their usability of security tools, and removing any friction related to threat detection and response to more effectively prevent a data breach.
With the release of Blumira Agent in January, users can manually isolate an endpoint associated with an identified threat or finding. That means they can click on any endpoint enrolled with Blumira Agent, isolate it in a few clicks and cut off its network access until they can investigate further.
Our customers’ IT and security teams are small; on average, 1-3 people. But threats can occur at any time. Since threats don’t operate on a 9-5 schedule, sometimes manual host isolation just isn’t fast enough.
That’s why we’ve launched Automated Host Isolation, a feature that can immediately isolate an endpoint based on the criticality of a threat (P1– P3). This gives IT admins a peace of mind during all hours of the day, even if they’re not available to investigate or manually disable a device’s access to their systems. Faster response times create better security outcomes, helping protect against a compromised endpoint or an attempt to spread malware.
With this feature (part of Blumira Agent), users can easily automate the isolation of a device at any time. The dark blue banner shows when Automated Host Isolation is running, the number of devices isolated and the ability to easily pause the feature as needed.
Learn more about Automated Host Isolation.
What kind of threats do we identify and how can Automated Host Isolation be used to stop attacker lateral movement? See one example below:
In this Priority 1 finding named Suspected Cobalt Strike Service Execution, Blumira’s platform has automatically identified a potential Cobalt Strike beacon being executed. Cobalt Strike is a commercially available post-exploitation framework. While intended for use by authorized penetration testers, cracked versions of the software are abundant and its ease of use makes it a popular choice among cyber criminals. This tool has been seen used by red teams, APT (Advanced Persistent Threat) actors, and ransomware threat actors, according to our incident detection engineers.
After opting into the feature and configuring it for P1 findings, Blumira’s Automated Host Isolation will immediately isolate any endpoints associated with this finding after it is detected, giving IT admins the opportunity to investigate while reducing any further risk right away. This real-time finding notifies IT teams in under a minute of initial detection, greatly expediting your time to respond.
Automated Host Isolation is part of our new XDR Platform. Check out our new editions, at a glance below, and head to our Pricing page to view the complete list of features:
Anyone can sign up for free and easily set up three cloud integrations today. Get more information on what to expect and how to get started here.
Blumira’s XDR platform makes advanced detection and response easy and effective for small and medium-sized businesses, accelerating ransomware and breach prevention for hybrid environments. Time-strapped IT teams can do more with one solution that combines SIEM, endpoint visibility and automated response.
The platform includes:
Interested in trying out our new XDR platform? Talk to our team to see Blumira in action and request a trial to test all of our latest features.
