Not long after I arrived at Blumira, it became very apparent that we had a growing need to support the work-from-home world that was thrust upon us so quickly in 2020. We needed a better way to support Windows logs directly to the Blumira cloud without the requirement of a sensor behind a firewall.
Our platform has always been extremely well received by our partners. We’ve turned a complex security tool (Security Information and Event Management – aka SIEM) built by security people, for security people, and turned it into an easily manageable solution built for IT admins. Add that to the fact that we have simple and affordable user-based pricing, and it makes perfect sense why over 900 MSP partners have joined our NFR program since we launched the MSP program in January of 2022.
But even with all that we had going for us, there’s always something you can improve upon….
For many partners I’ve spoken to since I arrived at Blumira, not being able to fully support Windows logs was a non-starter. I’ve had hundreds of conversations that go something like this, “We love the platform. You find things others don’t and our techs love the analysis the alerts provide and how the playbooks teach them how to respond to security incidents. We’re really happy with the low noise level too. But we can’t make you a standard until you make it easier to support remote Windows logs. Please call us when you get there!”
MSPs: What you’ve been asking for has finally arrived!
In January, we released the Blumira Agent, a Windows Agent that sends Windows logs directly to the Blumira cloud over any internet connection and also supports automated host isolation. In March, we got MSPs early access to pricing that bundles the Blumira Agent into the per-user pricing.
Our initial release of Blumira Agent was priced as a $6 add-on, but after listening to feedback from the partner community, we have repackaged paid editions that include one Agent per user in the per-user pricing.
The Blumira Agent was the cornerstone to unlock Blumira’s open XDR platform, since universal endpoint visibility is a major component of any XDR product. That’s why our new editions include XDR, SIEM + Endpoint Visibility (SIEM+), and SIEM Pro. See MSRP and feature info here.
Well, we’re there y’all! Blumira provides the most value in the MSP security space that meets all of the baseline requirements: M365, Windows, firewall logs, of the vast majority of SMBs out there. Not only do we provide our partners with free-for-internal-use NFR environments, we also offer a Free SIEM to extend our product-led growth approach to our partner community. Once you have clients ready, our MSP program and pricing makes it easy to work with us and more lucrative as you scale us out to your client base.
The Value of Blumira Agent
While Blumira has supported Windows logs for years using NXlog and Sysmon, collecting them was a function of the Blumira Sensor, an Ubuntu VM that sits behind the firewall. So having visibility behind the firewall was a prerequisite for collecting them…not ideal in a remote-first world.
Let’s discuss why Blumira Agent is such a game changer.
Simplifies and Reduces Overhead
Some may have hesitation around adding yet-another agent to the Windows endpoints and servers. Our prior approach, using Poshim to deploy NXlog and Sysmon, was actually using two agents, so switching to the Blumira Agent simplifies and consolidates your setup greatly. For some environments, the Blumira Agent might replace the need for the sensor entirely, reducing overhead.
Not only does the Blumira Agent change that by sending logs directly to the Blumira cloud over the internet, but in testing, we’ve seen a 5x improvement in CPU and bandwidth consumed vs the NXlog approach. The Agent also updates itself, negating the management required for you to manually keep NXlog and Sysmon updated on each device.
More Automation, More Visibility
The agent also includes automated host isolation. Though many EDRs also include host isolation, using ours will allow for continuous log collection which enables real-time investigations on an isolated host and no gap in data retained if needed later for incident response. The Agent consumes Microsoft Defender data and Windows network traffic as well, giving Blumira more security visibility than we had previously into the host devices.
Blumira Agent is our go-forward path for development in regards to endpoint visibility and we’ll continue to add new features and valuable functionality to it over time.
Improved Incident Response
Most EDR/MDRs do not retain logs for a long period of time; if optional, it’s often at a significant added cost. When logs are needed for IR (incident response) purposes, one year is the desired requirement that will ensure a quicker and more successful engagement.
All of our detections and guided responses are delivered after the logs are received in the cloud, therefore there won’t be any fighting between our agent and your current endpoint protection of choice.
Satisfies Cyber Insurance, Compliance Requirements
For a few years now, SMBs and their IT partners have had to field insurance questionnaires like this:
“Please provide an overview of how your EDR product is monitored and managed (e.g. Internal IT team or outsourced to a third party)”
Now, a Blumira customer with the Blumira Agent deployed on all Windows devices could answer that question with something like this:
“Using Blumira’s endpoint agent, our Windows endpoint logs are sent to Blumira’s advanced detection and response platform which monitors and analyzes logs for suspicious or threat activity.
The platform notifies us when it detects anomalies and we follow playbook instructions on how to respond, including isolating the host if recommended to contain a threat on an endpoint, cutting off access to the rest of the network. Blumira’s incident detection engineers proactively manage detections, updating them to keep us protected from new vulnerabilities and exploits.
Blumira’s 24/7 security operations (SecOps) team provides support for all critical priority issues and helps our IT provider with guided response, security advice, and investigation. If needed, they will work with an incident response team to help resolve any identified issues.”
In fact, Blumira also checks many other boxes that insurers and compliance frameworks require like:
- 1 Year Log Retention
- Log Monitoring
- SIEM
- 24/7 SOC
- Endpoint Detection and Response (EDR)
- Automated Host Isolation
- Advanced Threat Protection / Detection
- Firewall IPS and Log Retention
- Network Monitoring for suspicious or malicious activity
- Audit and prevent unauthorized access to privileged information
- Monitoring protection of privileged user accounts
Given the tightening insurance markets and impending requirements from frameworks like CMMC, and PCI DSS, there’s a very compelling reason to get ahead of the mandatory requirements and standardize on a tool that will help increase both you and your clients security maturity.
Of course, you’ll need to read all of the included definitions to ensure our solution — and how you’re using it — meets the requirements for any specific application, but that’s why we put this Cyber Insurance Application Questions and Suggested Responses resource together to help.
XDR = Endpoint Visibility, Log Correlation + Automated Response
The Blumira Agent was the cornerstone to unlock Blumira’s open XDR platform that makes advanced detection and response easy and effective for small and medium-sized businesses, accelerating ransomware and breach prevention for hybrid environments. Time-strapped IT teams can do more with one solution that combines SIEM, endpoint visibility and automated response.
The platform includes:
- Managed detections – our Incident Detection Engineering team does all of the threat hunting, detection, analysis and workflow creation and tuning to identify attacks early
- Automated response to contain and block threats immediately
- One year of data retention and option to extend to satisfy compliance
- Advanced reporting and dashboards for forensics and easy investigation
- Lightweight agent for endpoint visibility and response
- 24/7 Security Operations (SecOps) support for critical priority issues
Blumira has seen tremendous momentum over the past year with 100% year-over-year customer growth, including an 8x growth in the MSP channel.
To continue accelerating innovation on the best XDR technology for SMBs, Blumira recently raised a $15M Series B financing round led by Ten Eleven Ventures and joined by RPS Ventures, Mercury Fund, HPA, and Duo Security co-founder Jon Oberheide. Read the full press release here.
How can I start testing today?
The Blumira Agent is available as a part of your NFR environment today.
Don’t have a free-for-internal-use NFR environment of Blumira yet? Request one here.
Please use the Agents in your NFR to test the functionality and start building this into your go-forward Blumira strategy as it will become a more and more important piece of the platform over time.
Get started with Installing Blumira Agent on a remote device and learn more about managing and isolating devices in Managing your Blumira Agent devices.
More from the blog
View All PostsWARNING: Some “SIEM” Vendors Are Not Actually Selling A SIEM
Read MoreBuilding a security-first culture for MSPs: Always ready, always protected
Read MoreCustomer Story: Connect Cause
Read MoreSubscribe to email updates
Stay up-to-date on what's happening at this blog and get additional content about the benefits of subscribing.