Combine cutting-edge XDR technology, multi-signal threat intelligence and 24/7 Elite Threat Hunters to help you build a world-class security operation.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Cyber risk and advisory programs that identify security gaps and build security strategies to address them.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
XDR with machine learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Seamless integration and threat investigation across your existing tech stack.
Defend brute force attacks, active intrusions and unauthorized scans.
Guard endpoints by isolating and remediating threats to prevent lateral spread.
Investigation and threat detection across multi-cloud or hybrid environments.
Remediate misconfigurations, vulnerabilities and policy violations.
Investigate and respond to compromised identities and insider threats.
Stop ransomware before it spreads.
Meet regulatory compliance mandates.
Detect and respond to zero-day exploits.
End misconfigurations and policy violations.
Defend third-party and supply chain risk.
Prevent disruption by outsourcing MDR.
Adopt a risk-based security approach.
Meet insurability requirements with MDR.
Protect your most sensitive data.
Build a proven security program.
Operationalize timely, accurate, and actionable cyber threat intelligence.
THE THREAT Beginning in early September 2024, eSentire observed an increase in the number of incidents involving Lumma Stealer malware; this activity has remained common leading into…
Oct 02, 2024THE THREATA recently disclosed vulnerability impacting Zimbra mail servers is being actively exploited by attacker(s). On September 27th, Zimbra publicly disclosed CVE-2024-45519, a…
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Multi-Signal MDR with 300+ technology integrations to support your existing investments.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
Three MDR package tiers are available based on per-user pricing and level of risk tolerance.
The latest security advisories, blogs, reports, industry publications and webinars published by TRU.
Compare eSentire to other Managed Detection and Response vendors to see how we stack up against the competition.
See why 2000+ organizations globally have chosen eSentire for their MDR Solution.
On August 22, 2024, global multinational energy firm Halliburton disclosed through an 8-K form filing to the Securities and Exchange Commission (SEC) that they were working with law enforcement to determine the extent of a successful computer systems breach conducted by an unauthorized third party.
The breach is believed to be linked to the RansomHub ransomware group, though Halliburton has not confirmed a ransom demand. Recently, the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, the HHS, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have published a joint advisory detailing RansomHub attacks.
Initially, minimal details were shared, but it has since been confirmed that data was accessed and exfiltrated from Halliburton’s systems during the cyberattack. Discovered on August 21, 2024, this breach resulted in service disruptions to portions of the company’s business applications and corporate systems, prompting Halliburton to take certain systems offline as a containment measure.
They also disclosed that they were continuing their investigation to determine an assessment of materiality, and that some staff were asked not to connect to internal networks.
That said, Halliburton has not disclosed the initial vector of the attack, and to date it does not appear that any ransomware gang has claimed responsibility for this incident. As such, any statement that ransomware was involved is speculative at best.
Upon disclosure, their stock (NYSE: HAL) briefly dipped but quickly regained its previous levels. It appears that the broader market did not perceive this incident as materially significant to the company’s overall performance. Moreover, the U.S. Department of Energy (DOE) disclosed that this incident had not impacted any energy services.
I would like to pose this statement: Halliburton undoubtedly is the target for at least hundreds of thousands of attacks every quarter – the fact that one reached a level of success is not entirely surprising. It is not possible to proactively stop every single attack, especially at this size of company, its very nature of geographic diversity, and employee base.
The initial vector is likely a subset of the “usual suspects”: a social engineering attack (or leaked) credentials, a “clicked” URL or “opened” infected attachment, an unpatched system, or a zero-day vulnerability in an external system.
So, what now?
The Halliburton breach underscores a critical dilemma that many organizations face: balancing the legal and strategic imperatives of disclosure with the need for a measured tactical response. On one hand, companies are legally required to report significant breaches, particularly when sensitive data or financial performance may be impacted. On the other, there’s a need to manage the situation carefully to prevent further damage, both operationally and reputationally.
Moreover, disclosing too early or too late carries legal risks. Early disclosure can trigger panic or stock volatility (as seen with Halliburton’s brief stock dip), while delayed reporting could lead to accusations of negligence or regulatory penalties. Halliburton’s decision to disclose the breach early but limit the specifics demonstrates an effort to thread this needle carefully.
Halliburton’s response has included activating a cyber incident response plan, notifying law enforcement, and collaborating with external experts to investigate and remediate the breach. It appears that Halliburton has fulfilled the letter of the law by informing the market of its current situation. It is critical from a fiduciary duty that they clearly inform the broader market that there has been an incident – to register this fact – and that they are working on it.
Companies like Halliburton, which handle sensitive data and operate complex, geographically dispersed systems, must continuously invest in advanced detection and response capabilities to mitigate both IT and operational technology (OT) risks.
Since the DOE stated that there has been no impact to their delivery of energy, it hints that there was minimal entry (if any) or impact to Halliburton’s OT side, and that this might simply be contained to the (still significant though not as operationally dire) IT side of the business.
I have no doubt that further details will be entailed during the next shareholders meeting and that further 8-K filings should be anticipated.
General Schwarzkopf once said, “The more you sweat in peace, the less you bleed in war.”
If anything, this incident highlights the increasing risks faced by critical infrastructure sectors and underscores the importance of maintaining robust operational resilience, including tactical preparation for the eventual cybersecurity attack.
To learn more about how you can protect your organization from modern ransomware attacks and prevent business disruption, connect with an eSentire cybersecurity specialist today.
Eldon Sprickerhoff is the original pioneer and inventor of what is now referred to as Managed Detection and Response (MDR). In founding eSentire, he responded to the incipient yet rapidly growing demand for a more proactive approach to preventing and investigating information security breaches. Now with over 20 years of tactical experience, Eldon is acknowledged as a subject matter expert in information security analysis. Eldon holds a Bachelor of Mathematics, Computer Science degree from the University of Waterloo.