What We Do
How we do it
Resources
TRU INTELLIGENCE CENTER
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
View Threat Intelligence Resources →
SECURITY ADVISORIES
Jun 01, 2023
Critical Vulnerability in MOVEit Transfer
THE THREAT eSentire is aware of reports relating to the active exploitation of a currently unnamed vulnerability impacting Progress Software’s managed file transfer software MOVEit Transfer.…
Read More
View all Advisories →
Company
ABOUT ESENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
Mar 20, 2023
Exertis and eSentire Partner to Deliver 24/7 Multi-Signal MDR, Digital Forensics & IR Services and Exposure Management to Organisations Across the UK, Ireland, and Europe
Basingstoke, UK– 20 March, 2023. Leading technology distributor, Exertis, announced today that it has bolstered its cybersecurity services, adding eSentire, the Authority in Managed Detection and Response (MDR), to its Enterprise portfolio of offerings. eSentire’s award-winning, 24/7 multi-signal MDR, Digital Forensics & Incident Response (IR), and Exposure Management services will be available…
Read More
Partners
PARTNER PROGRAM
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
ECOSYSTEM PARTNER RESOURCES
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
Resources
Blog — Jun 30, 2021

Better Together: How Combining MDR and IR Create Stronger Cyber Resilience

4 minutes read
Speak With A Security Expert Now

It’s impossible for businesses to participate in today’s interconnected and data-centric economy without becoming exposed to cyber risk. No matter how strong your safeguards are or how robust your processes are, cyber defenses can—and will—fail.

For small and midsized organizations without the resources to build, staff, and maintain an in-house 24/7 Security Operations Center (SOC), relying on a trusted partner to deliver these Managed Detection and Response (MDR) capabilities is essential.

Beyond detection and containment

While MDR gives you access to 24/7 expert SOC support necessary to detect and contain potential breaches, it’s not designed to provide evidence that can hold in a court of law. By nature, MDR is meant to stop threat actors before they can successfully gain access into your networks, not remediate a breach.

If you need to conclusively determine the precise extent of data loss, or if you’re looking to investigate an incident in granular detail—right down to the level of the individual compromised record—you’ll need to tap into a different skillset: Digital Forensics and Incident Response.

Incident Response (IR) is explicitly designed to fulfill the most exacting requirements of cyber insurers, regulators, and prosecutors. These services comprise a distinct discipline that incorporate evidence-handling techniques as well as the mastery of digital forensics tools.

It’s important to note that while organizations can engage an MDR provider or IR services provider, there will always be a distinct advantage to augmenting MDR capabilities with Digital Forensics and IR.

Adopting an “assume breached” mentality and the emerging imperative of due diligence

Today’s Chief Information Security Officers (CISOs) and IT departments are increasingly adopting the “assume breached” mentality. This approach includes creating robust security monitoring capabilities which enable teams to rapidly detect, respond to, and contain any cyber threat with the potential to disrupt the business.

New and evolving threats are increasingly revealing the shortcomings of traditional IR. For businesses that operate by driving billable hours, on-site client meetings, and a reliance on stale technologies, legacy IR providers are far too slow and expensive to provide the timely and effective incident response needed.

In addition, trusting IR to a non-expert isn’t really a viable option as doing so introduces different kinds of risks, which defeats the purpose. For example:

Since all cyber risk cannot be mitigated, CISOs and their teams must exercise due diligence to demonstrate that they did what any reasonable person would do to balance these risks. Insurers, regulators, and courts frequently expect that organizations will have IR capabilities in-house or will maintain these capabilities through an external IR retainer agreement.

Organizations must be able to meet these expectations, especially as cybersecurity insurance policies continue to change in the face of the current devastating global ransomware epidemic.

Modern IR to deal with modern threats

In our recent announcement to extend our core response capabilities deeper into the incident lifecycle, Bryan Sartin, our Chief Services Officer, stated, “When faced with a security incident, how quickly an organization can contain and recover is paramount to limiting business disruption and reputational damage.”

That’s why our Digital Forensics and Incident Response capabilities provide a 4-hour remote threat suppression service level agreement for organizations anywhere in the world. This agreement is only possible because of our innovative engagement model that converges Incident Response, Threat Intelligence and our 24/7 SOC Cyber Analyst expertise with advanced technology to deliver time-to-value in terms of threat suppression and complete incident resolution.

In addition to determining the true extent of a breach, eSentire’s Cyber Security Investigations team can provide support in satisfying reporting obligations, transitioning findings to law enforcement, implementing lessons learned, and providing guidance through crisis communications—tasks that are challenging, if not impossible, for most businesses to perform on their own.

As we explain in our new ebook, MDR + IR: A Recipe for Cyber Resilience in a Twenty-First Century Risk Landscape, by converging MDR and IR within a single response provider, we are able to:

Ultimately, we’ve created modern IR to deal with modern threats.

To learn more about the IR needs of today’s businesses, please check out the on-demand webinar, The Next Generation of Cyber Investigation and Response, featuring eSentire thought leaders, Bryan Sartin, Chief Services Officer, and Mark Sangster, VP and Industry Security Strategist.

View Most Recent Blogs
eSentire
eSentire

eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization’s cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world’s most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit: www.esentire.com and follow @eSentire.