Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Visibility and response across your entire Microsoft security ecosystem.
XDR with Machine Learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert threat hunting, original research, and proactive threat intelligence.
TRU is foundational to our MDR service. No add-ons or additional costs required.
Flexible MDR packages that enhance your cyber resilience and security operations.
Stop ransomware attacks before they disrupt your business.
Detect and respond to zero-day exploits.
Protect against third-party and supply chain risk.
Adopt a risk-based approach to cybersecurity.
Protect your most sensitive data.
Meet cybersecurity regulatory compliance mandates.
Eliminate misconfigurations and policy violations.
Prevent business disruption by outsourcing MDR.
Meet insurability requirements with MDR.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and mediating threats to prevent lateral spread.
Enhance investigation and threat detection across multi-cloud or hybrid environments.
Remediate critical misconfigurations, security vulnerabilities and policy violations across cloud and containerized environments.
Detect malicious insider and identity-based behavior leveraging machine learning models.
THE THREAT eSentire is aware of widespread exploitation attempts targeting the recently disclosed ownCloud vulnerability CVE-2023-49103. CVE-2023-49103 (CVSS: 10) is tracked as a disclosure of… READ NOW
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company's mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Waterloo, ON and GITEX GLOBAL 2023, Dubai, UAE – October 18, 2023 – eSentire, Inc., the Authority in Managed Detection and Response (MDR), today announced that Inspira Enterprise Inc, (Inspira), a… READ NOW
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
We believe a multi-signal approach is paramount to protecting your complete attack surface. See why eSentire MDR means multi-signal telemetry and complete response.
See how our 24/7 SOC Cyber Analysts and Elite Threat Hunters stop even the most advanced cyberattacks before they disrupt your business.
Choose the right mix of Managed Detection and Response, Exposure Management, and Incident Response services to strengthen your cyber resilience.
Try our interactive tools including the MITRE ATT&CK Tool, the SOC Pricing Calculator, the Cybersecurity Maturity Assessment, and our MDR ROI Calculator.
Read the latest security advisories, blogs, reports, industry publications and webinars published by eSentire's Threat Response Unit (TRU).
See why 2000+ organizations count on eSentire to build resilience and prevent business disruption.
This blog was originally published on CyFIR.com and has been reposted as-is here following eSentire’s acquisition of CyFIR Inc. in June 2021. As of the date of the acquisition, no changes have been made to the content below.
Cybersecurity breaches are in the news daily, and as forensic investigation and incident response practitioners, we have seen several common themes among victim companies. Attackers often pass over larger companies with robust cybersecurity measures and instead prey upon small to mid-sized businesses that are softer targets with weaker security postures. These seven steps to reducing your cyberattack surfaces will help to strengthen your defenses.
The weakest link in any cybersecurity program is the human workforce operating within it. Phishing attacks–in which users are tricked or deceived into opening an unsafe email attachment or visiting a fraudulent website–are among the strongest weapons in an attacker’s arsenal because they work against people, not software. Institute a regular cybersecurity awareness program that includes not only instruction but also random testing throughout the year. Repeated failures of such random testing should be considered a notable area for improvement for employee progression. If your company lacks the resources or abilities to perform such training, several outsourced providers have these training and awareness platforms at the ready.
An attack known as “credential stuffing” is extremely effective at helping attackers gain access to multiple systems at once by taking valid username and password combinations (called “credentials”) stolen from one computer system or website and trying them against others such as corporate logins, online banking, and more. As people often reuse passwords across platforms to make remembering passwords easier, this also leaves systems—including the computers and accounts they use for work—vulnerable to compromise.
To combat credential stuffing, an organization’s best defense today is the combination of strong passwords (long passwords with a mix of capital letters, lower case letters, numbers, and symbols) and password managers—secure programs designed to generate strong passwords and store them for easy recall, to make using unique strong passwords on every account and website easy. This also assists with “corporate memory” of shared or administrative passwords, as particular entries can be made accessible to a certain group of users. Password managers such as 1Password, LastPass, and Dashlane also have web browser extensions that make it extremely easy to have a different strong password for each website visited. They often also have the capability to provide for personal and professional password vaults to ensure that users have a common experience to improve the likelihood that they will adhere to using a password manager and not using only “password123.”
Software developers—including those who write operating systems, office platforms, and even security software—are human, and bugs or vulnerabilities can exist in even the most secure computing platforms. As these issues are discovered, software manufacturers will fix and release new versions of these products. It’s critical that you have a regular cadence for updating the operating systems, applications, and security tools that your company depends upon. When responding to incidents, it’s not uncommon for responders to find several “critical” systems to an organization that are running on long outdated and unsupported versions of Windows or Linux servers. Outdated and unsupported operating systems often have several vulnerabilities and wide-open attack surfaces which serve as open doors for attackers.
Needless to say, always make sure your organization’s antivirus (you do have an organization-wide antivirus in place already, yes?) is regularly updated to receive the freshest definitions and algorithms, but remember, antivirus only helps with malware-based attacks.
In nearly every operating system, network, file system, and application, user accounts have varying degrees of permissions to accomplish tasks or access data. Administrators tend to have the most and standard users tend to have the least. Ensure that each user account, including system accounts used for handling automated tasks, has the amount of authority and permissions necessary to complete the job at hand—but no more. For example, while a company’s CEO might drive the policy and agenda for the entire organization, he or she doesn’t necessarily need access to detailed engineering plans or code repositories; they won’t use that data as a course of normal business, but it expands their attack surface tremendously and increases the potential for a catastrophic breach should their credentials be compromised by clicking on a nefarious link in an email message.
Operating systems, application platforms (such as Microsoft’s Office 365), and many websites provide enhanced security and authentication through “two-factor authentication.” Two-factor authentication often combines something you know (such as a password) with something you have (such as a one-time randomized key) to authorize credentials. At a minimum, two-factor authentication should be a requirement for any Office 365 Administrator account, and it’s no less recommended for standard user accounts as well.
Two-factor authentication is often accomplished through a program that runs on one’s mobile phone, providing “one time passcodes” that rotate every thirty seconds with a unique number that will provide an additional verification your user credentials. Common two-factor authentication programs include Google Authenticator, Authy, and Microsoft Authenticator, and many password manager programs also can generate authentication passcodes as well.
Due to the growth in cyberattacks and cybercrime, organizations are beginning to understand that it isn’t about if they’ll face a data breach, but when. As a result, the difference between catastrophic organizational damage and cyber resiliency can be the manner and speed in which an organization responds to a breach when it happens, along with the programs, procedures, and processes in place beforehand to best position the organization for recovery.
While a full incident response plan with trained, dedicated staff at the ready is great, this is definitely an area where perfect shouldn’t be the enemy of good. Critical days or even weeks can be lost after a breach while a company looks for an incident response contractor, negotiates contracts (at panic pricing), and waits for the contractor to begin their response in an unfamiliar network belonging to an unfamiliar company. When you don’t have an active incident is the time to contract with an incident response and/or managed security services firm, because you can set fair pricing, reasonable retainers, and the contractor will have time to learn what’s “normal” in your company and network before a crisis happens. Even if your plan is to “call our account rep at our incident response contractor,” that can be enough to stop a security incident from becoming a security breach.
Most desktop and server operating systems can encrypt the contents of their hard drives right out of the box. From a single user’s laptop to the information stored in your corporate-wide databases, encryption should be the standard, not the exception. Before a computing device is provided to an employee, activate the on-board disk encryption to reduce exposure to loss or theft, and ensure that your cloud computing platforms, corporate databases, and email servers are also covered by their encryption capabilities. Emergency decryption keys can be stored within the safety of your password manager for cases when an employee leaves suddenly, but not providing encryption on that employee’s laptop can be a disaster if it’s lost or stolen in an airport café.
Speaking of travel, when employees are on the road, they should connect to the Internet through a Virtual Private Network (VPN), preferably one provided by and running through the corporate network to maintain control and assure data security. Open Wi-Fi access points may be a boon to travelers, but they’re also a goldmine for data thieves who may listen-in on unencrypted connections. In a pinch, commercial VPN services are also available on an individual basis, and computing enthusiasts can set-up their own using open-source platforms such as AlgoVPN for the price of a cup of coffee.
In summary, while there is no one end-all, be-all to cybersecurity, there are a number of simple, practical steps that organizations can take to dramatically improve their cybersecurity posture. Many of these options are free or come with the software you’ve already purchased. Others, while they do charge a fee, cost significantly less than the amounts associated with a data breach in loss of customer confidence, loss of intellectual property, incident response costs, fines, penalties, legal fees, and more. Cybersecurity should be another risk that needs to be quantified, monitored, and managed by your C-suite and Board, and policies must be drafted and enforced accordingly.
eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization’s cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world’s most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit: www.esentire.com and follow @eSentire.