What We Do
How we do it
Resources
SECURITY ADVISORIES
May 11, 2022
CVE-2022-26923 - Active Directory Domain Services Elevation of Privilege Vulnerability
THE THREAT Microsoft has disclosed a new vulnerability impacting Active Directory Certificate Services (ADCS) tracked as CVE-2022-26923 (Active Directory Domain Services Elevation of Privilege Vulnerability). If exploited successfully, an authenticated attacker can escalate privileges in environments where ADCS is running on the domain. eSentire is aware of technical details and tooling [2] for…
Read More
View all Advisories →
Company
ABOUT ESENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1200+ organizations in 75+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
May 17, 2022
Cybersecurity Leader eSentire Continues Its Commitment to Rigorous Security Standards Earning PCI DSS Certification
Waterloo, ON, May 17, 2022 — eSentire, the Authority in Managed Detection and Response (MDR), maintains one of the most secure and robust IT environments of any MDR provider in the industry. To that end, eSentire today announced that it has received the Payment Card Industry Data Security Standard (PCI DSS) certification, considered one of the most stringent and comprehensive payment card…
Read More
Partners
PARTNER PROGRAM
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
ECOSYSTEM PARTNER RESOURCES
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
Resources
Blog — Jun 17, 2020

A Call for Modern Endpoint Security in a Distributed World

Speak With A Security Expert Now

There has never been a more relevant time to make the case for modern endpoint security solutions than today’s current business climate of massive global distributed workforces.

Endpoints have always been a favorite attack point for adversaries. In Nuix’s second annual Black Report, 54 percent of surveyed cyberattackers reported they could breach a target’s perimeter, identify critical data and exfiltrate in under 15 hours. Fifty-nine percent of attackers also identified social engineering, phishing, ransomware and other endpoint originated attacks as their favorite and most successful vector. In the 2020 CrowdStrike Global Threat Report the speed at which an adversary accomplishes lateral movement after initial compromise was just under 19 minutes for nationstate attackers, with a global average of 4 hours 37 minutes across all threat groups. In contrast, dwell time, the timeframe from undetected intrusion to containment, has extended to 243 days[1] for organisations across the U.K.

With distributed workforces in play, minimising detection-to-remediation timeframes has never been more critical, especially with 68 percent of organisations reporting an endpoint attack that compromised assets, according to the 2020 State of Endpoint Security Risk Study. And for many organisations in the U.K., it is seemingly impossible to adhere to recommended standards such as CrowdStrike’s 1-10-60 rule, which says companies should aim for 1 minute to detect a threat, 10 minutes to triage it, and 60 minutes to contain its impact.

As budgets tighten due to current economic conditions, cybersecurity teams are challenged with adapting endpoint defences to an increasingly exposed vector of attack. The information and charts below serve as guidance and justification for strengthening endpoint protection by understanding the probability of an endpoint breach and subsequent yearly risk incurred.

Probability of one or more endpoint incidents in a 12-month time period in the U.K.

This table indicates the probability of one or more bypasses of existing endpoint controls based on eSentire observed Security Operations Centre (SOC) data. Notice as the number of locations increases (and relative endpoints), the probability of an endpoint incident increases due to exposure. This data however does not mean that the incident results in data disclosure.

Locations

1

2

3

4

5

6

7

8

9

10

Probability

19%

35%

47%

58%

66%

72%

78%

82%

85%

88%

Probability of an endpoint incident and that incident resulting in data disclosure across the U.K.

This table indicates the probability of one or more incidents and that incident converting to data disclosure. While these percentages are lower than the previous table, these numbers take into account the conversion rate of incidents to data disclosure. These calculations assume a minimum of one incident in a 12-month period are calculated using the table above multiplied by the conversion rate of incidents to data disclosure for all global industries (29.6%).

Locations

1

2

3

4

5

6

7

8

9

10

5.6%

10.4%

13.9%

17.2%

19.5%

21.3%

23.1%

24.3%

25.2%

26.0%

Incurred yearly risk

Using the probability of an incident and that incident converting to data disclosure, the value of incurred risk can be calculated. Based on the Ponemon cost per record lost in a data breach scenario in the U.K., the table below represents the minimum value an organisation must account for with at least one endpoint incident in a 12-month period. The incurred yearly risk is dependent upon the projected number of records that could potentially be lost in a data breach scenario, which the table gives visibility from 1,000 to 100,000 records lost. While these values only indicate the incurred risk, the cost of the breach would be far greater when and if a breach does occur. Incurred risk is similar to how insurance providers calculate financial risk outlay for customers, acknowledging an event will happen, in this case a data breach, incurred yearly risk is the financial outlay they must account for to accommodate when a breach does occur. An important note is to acknowledge that the greater the number of incidents, the greater the financial risk outlay, however each incident is independent in projected records lost.

Locations

Probability of an incident and that incident converting to data disclosure

Projected Records Lost In a Data Breach Scenario

1,000

5,000

10,000

25,000

50,000

100,000

1

5.60%

£8,680

£43,400

£86,800

£217,000

£434,000

£868,000

2

10.40%

£16,120

£80,600

£161,200

£403,000

£806,000

£1,612,000

3

13.90%

£21,545

£107,725

£215,450

£538,625

£1,077,250

£2,154,500

4

17.20%

£26,660

£133,300

£266,600

£666,500

£1,333,000

£2,666,000

5

19.50%

£30,225

£151,125

£302,250

£755,625

£1,511,250

£3,022,500

6

21.30%

£33,015

£165,075

£330,150

£825,375

£1,650,750

£3,301,500

7

23.10%

£35,805

£179,025

£358,050

£895,125

£1,790,250

£3,580,500

8

24.30%

£37,665

£188,325

£376,650

£941,625

£1,883,250

£3,766,500

9

25.20%

£39,060

£195,300

£390,600

£976,500

£1,953,000

£3,906,000

10

26.00%

£40,300

£201,500

£403,000

£1,007,500

£2,015,000

£4,030,000

While these calculations are intended to raise awareness of endpoint risk across the U.K., incurred risk will vary in accordance with a number of factors including industry, existing security controls and contextual threat landscape applicable to individual organisations.

With a growing number of customisable tools and the use of fileless malware, threat actors will continue to break through endpoint defences with record speed and precision. While the value of advanced endpoint security is irrefutable, when combined with network, logs and cloud telemetry, organisations can accelerate detection and containment timeframes.

That’s why CrowdStrike and eSentire have joined forces to bring cloud-delivered Managed Detection and Response (MDR) solutions to the mid-market with esENDPOINT, powered by CrowdStrike. Leveraging CrowdStrike’s endpoint protection platform and eSentire’s proprietary technology stack that identifies elusive threats across network, endpoint and cloud sources, organisations gain comprehensive visibility across their dynamically changing environments no matter where users or data reside. Aligning to CrowdStrike’s 1-10-60 rule, eSentire’s SOC average 35 seconds to detection and 20 minutes to containment thereby minimising the probability of a breach and risk to business operations. Read the full case study here.

View Most Recent Blogs
Wes Hutcherson
Wes Hutcherson Director of Product Marketing
As eSentire's Director of Product Marketing, Wes oversees market intelligence, competitive research and go-to-market strategies. His mult-faceted, technology experience spans over a decade with market leaders such as Hewlett-Packard and Dell SecureWorks.