Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert hunting, research and content.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and remediating threats to prevent lateral spread.
Investigation and enhanced threat detection across multi-cloud or hybrid environments.
Configuration escalations, policy and posture management.
Detects malicious insider behavior leveraging Machine Learning models.
Customer testimonials and case studies.
Stories on cyberattacks, customers, employees, and more.
Cyber incident, analyst, and thought leadership reports.
Demonstrations, seminars and presentations on cybersecurity topics.
Information and solution briefs for our services.
MITRE ATT&CK Framework, Cybersecurity Assessment, SOC Calculator & more
The very nature of the third-party relationships required in supply chain management presents the greatest weakness. Security leaders are tasked with being proactive, maintaining the highest level of visibility and control in their environments in order to balance security and functionality, as well as align with business objectives.
Security leaders and their teams must also continue to manage risk, which from an internal perspective means identifying and minimizing the impact of organizational risk. When a third party is introduced, organizations are placed in more of a reactive position, relying on attestations and details from the supplier regarding security posture, policies, etc. Visibility and control become drastically reduced.
In particular, ransomware has become a topic of discussion globally as cybersecurity leaders grapple with the magnitude and impact of cyber risk and the threat of downtime revenue disruption to their business. Successful attacks unfold in mere hours from Initial Access to data exfiltration and ransomware deployment, making the time to detect and time to contain critical factors in building an effective cybersecurity program.
Unless you’re prepared to defend against ransomware, these attacks result in your organization being locked out of critical systems and applications for days and weeks. In many cases, the resulting downtime can cost organizations upwards of $225,000 per day, which drives many CEOs to pay the ransom.
And these attacks are, unfortunately, not uncommon. Between the end of February and mid-July 2022, two affiliates of the Conti Ransomware Group - one of the longest-running and most lethal ransomware groups today – claimed that they had compromised 81 victim organizations. Fifty-nine percent of those victims are U.S.-based.
Mail-borne threats Emotet and Qakbot currently dominate the threat landscape for Manufacturing. These threats, which can lead to network-wide ransomware intrusions, arrive in email inboxes disguised as typical business communications with subjects like Invoice and Shipping. Qakbot has also been known to hijack and replay older email threads, sometimes from business partners, giving recipients the sense that the email is familiar and trustworthy.
Web-borne threats such as RedLine Stealer, SocGholish, and SolarMarker, are encountered when employees are browsing the web. These malwares depend on the user downloading and executing them. Their purpose is to steal data directly from the computer they are executed on, scraping browser history, passwords, cookies, and fingerprint telemetry from the user’s endpoint. This information can then be sold on the dark web and leveraged for further operations against the organization, often by utilizing the credentials to gain access.
At this point you may be asking “Is it realistic to think that we can develop a nationally secure and resilient supply chain against these and other ever-evolving threats?” As cyber criminals evolve and supply chain attacks continue to grow exponentially, these attacks offer threat actors increasingly stealthy, scalable, and privileged access to any organization’s on-premises, cloud, or hybrid environment. But while we may never be free of supply chain attacks, we can become more resilient, which will limit and eventually minimize the damage.
To make the case for new security investments, you need a clear understanding of the ROI you can deliver versus how operational downtime will impact your business revenue.
The solution: a multi-layered defense strategy along with a strong Incident Response (IR) plan in place is crucial to secure your organization against future attacks. Again, there is a need to focus on resilience, which by definition (according to NIST) is, “the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.”
Let’s break down what that means in practice:
Outsourcing security operations, although a bit of control is relinquished, can enhance an organization’s security posture and cyber resiliency. Financial resources used to ensure security operations, leveraging the talent of external experts rather than applied to the purchase of individual controls that need to be internally managed, has proven to show a strong return on investment.
Originally posted on www.ien.com
As Senior Vice President, Security Services & Incident Response, Larry is responsible for shaping the eSentire Global Incident Response Program. He is a veteran of the digital forensics and incident response world, having accumulated over 21 years of experience leading the investigation of technology-based crimes.
Larry has completed many forensics training programs with the RCMP, OPP e-Crimes, FBI, National White-Collar Crime Committee and the International Association of Computer Investigative Specialists as well as with several technology vendors. Larry is a Certified Forensic Computer Examiner (IACIS 2001), and GIAC Certified Incident Handler. He has extensive experience testifying as a qualified expert in both criminal and civil matters.