It seems like just yesterday (April 2022) we launched our Free SIEM edition, with additional offerings to help bring advanced threat detection and response to small and medium-sized businesses (SMBs).
Now, after many months of work by our industrious engineering and product team, we’re revamping our editions with a very important expansion into the XDR (extended detection and response) market category.
Blumira’s Evolution To XDR
Here’s a brief look at Blumira’s product evolution:
- SIEM – In 2018, Blumira started with a solid cloud SIEM foundation, building in valuable integrations with managed detection rules and response playbooks to lift the burden off of lean IT teams that don’t have time or dedicated security expertise. For cloud integrations, the SIEM platform can be set up in minutes, at least five times faster than the average SIEM provider (according to G2). Recently we expanded our Free SIEM, increasing flexibility for our customers by including three cloud integrations completely for free.
- Endpoint Visibility – Early in 2023, we partnered with LimaCharlie to build additional Windows detections paired with their technology, offering a lightweight endpoint agent called Blumira Agent, to support remote work and enable IT teams to isolate endpoint threats. Blumira Agent’s bandwidth usage is significantly lower (about four times less) compared to server-hosted sensors, such as NXLog.
- Automated Response – Finally, in May 2023, we’ve launched our XDR platform for SMBs with automated response capabilities. Ideal for time-strapped IT admins, our XDR platform works around the clock to protect organizations by immediately containing an endpoint threat or blocking traffic from known malicious sources.
Our new XDR platform combines our SIEM, endpoint visibility and automated response capabilities into one easy, effective and efficient solution designed for SMBs.
But the acronym doesn’t matter; what does is how we’re solving real customer problems and innovating with automation for improved security outcomes.
Listening to Our Customers’ Challenges
Our product team interviewed Blumira users to better understand their day-to-day challenges and security needs. We heard similar refrains, over and over, when we asked our users about their team size — “It’s just me, I’m flying solo for the most part. I’m the lone man.” Or from other organizations with small IT/security teams: “Two… actually, really just me. The IT department is pretty much just me.” And, “Three staff members are regularly involved in security.”
Our customers have lean IT teams that find it challenging to complete both IT and manual security tasks on a daily basis due to lack of time, people, expertise and resources.
I don’t have the staff dedicated to sit and read logs all day or with the skillset to analyze our data. We chose Blumira for its simplicity – I needed a solution that would simplify, consolidate and show me what I really need to see. – Jim Paolicelli, IT Director, Atlantic Constructors, Inc. (ACI)
Vendor sprawl, or the procurement of disparate security solutions, results in too much data, too many alerts, workflow redundancies and lack of operational efficiency.
We’re required by CJIS and IRS Pub 1075 compliance to review our logs daily. Blumira has saved us time because we can’t monitor all of our logs — we would need a team of 100 to go through all of these logs manually. – Mike Morrow, Technical Infrastructure Manager, Ottawa County
Blumira’s XDR platform provides greater value and solves the real problems of these struggling IT teams by:
- Reducing complexity by consolidating multiple security tools into one platform
- Integrating broadly to provide insight across the entire environment with an open XDR platform supporting third-party services
- Using automation to significantly speed up detection and response
We’re focused on increasing visibility for our users’ modern hybrid environments, enhancing their usability of security tools, and removing any friction related to threat detection and response to more effectively prevent a data breach.
New Feature: Automated Host Isolation
With the release of Blumira Agent in January, users can manually isolate an endpoint associated with an identified threat or finding. That means they can click on any endpoint enrolled with Blumira Agent, isolate it in a few clicks and cut off its network access until they can investigate further.
Our customers’ IT and security teams are small; on average, 1-3 people. But threats can occur at any time. Since threats don’t operate on a 9-5 schedule, sometimes manual host isolation just isn’t fast enough.
That’s why we’ve launched Automated Host Isolation, a feature that can immediately isolate an endpoint based on the criticality of a threat (P1– P3). This gives IT admins a peace of mind during all hours of the day, even if they’re not available to investigate or manually disable a device’s access to their systems. Faster response times create better security outcomes, helping protect against a compromised endpoint or an attempt to spread malware.
With this feature (part of Blumira Agent), users can easily automate the isolation of a device at any time. The dark blue banner shows when Automated Host Isolation is running, the number of devices isolated and the ability to easily pause the feature as needed.
Learn more about Automated Host Isolation.
Example of a P1 Threat
What kind of threats do we identify and how can Automated Host Isolation be used to stop attacker lateral movement? See one example below:
In this Priority 1 finding named Suspected Cobalt Strike Service Execution, Blumira’s platform has automatically identified a potential Cobalt Strike beacon being executed. Cobalt Strike is a commercially available post-exploitation framework. While intended for use by authorized penetration testers, cracked versions of the software are abundant and its ease of use makes it a popular choice among cyber criminals. This tool has been seen used by red teams, APT (Advanced Persistent Threat) actors, and ransomware threat actors, according to our incident detection engineers.
After opting into the feature and configuring it for P1 findings, Blumira’s Automated Host Isolation will immediately isolate any endpoints associated with this finding after it is detected, giving IT admins the opportunity to investigate while reducing any further risk right away. This real-time finding notifies IT teams in under a minute of initial detection, greatly expediting your time to respond.
See Our Editions & Try XDR
Automated Host Isolation is part of our new XDR Platform. Check out our new editions, at a glance below, and head to our Pricing page to view the complete list of features:
Anyone can sign up for free and easily set up three cloud integrations today. Get more information on what to expect and how to get started here.
Blumira’s XDR platform makes advanced detection and response easy and effective for small and medium-sized businesses, accelerating ransomware and breach prevention for hybrid environments. Time-strapped IT teams can do more with one solution that combines SIEM, endpoint visibility and automated response.
The platform includes:
- Managed detections for automated threat hunting to identify attacks early
- Automated response to contain and block threats immediately
- One year of data retention and option to extend to satisfy compliance
- Advanced reporting and dashboards for forensics and easy investigation
- Lightweight agent for endpoint visibility and response
- 24/7 Security Operations (SecOps) support for critical priority issues
Interested in trying out our new XDR platform? We’ll set you up with a free trial to demo all of our latest features.