What We Do
How we do it
May 11, 2022
CVE-2022-26923 - Active Directory Domain Services Elevation of Privilege Vulnerability
THE THREAT Microsoft has disclosed a new vulnerability impacting Active Directory Certificate Services (ADCS) tracked as CVE-2022-26923 (Active Directory Domain Services Elevation of Privilege Vulnerability). If exploited successfully, an authenticated attacker can escalate privileges in environments where ADCS is running on the domain. eSentire is aware of technical details and tooling [2] for…
Read More
View all Advisories →
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1200+ organizations in 75+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
May 10, 2022
Cybersecurity Leader eSentire Introduces e3 Partner Ecosystem Transforming How Value Is Delivered to Business Leaders
Waterloo, ON, May 10, 2022— eSentire, the Authority in Managed Detection and Response (MDR), today announced the launch of its e3 partner ecosystem, representing experience, expertise, eSentire. The e3 ecosystem focuses on mapping partner engagement, productivity and overall experience to how business leaders are choosing to consume best-in-class cybersecurity services. Believing that we all have…
Read More
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Blog — Jul 15, 2019

Cybersecurity for the modern manufacturing plant

Speak With A Security Expert Now

Originally posted in Industry Today on July 10 ,2019

Modern manufacturing faces a trinity of issues when it comes to cybersecurity. First is the merging of manufacturing IT and OT ecosystems and the adoption of new technologies. Second is the increasingly sophisticated cyber criminals who will exploit any vulnerability. Third is the resulting board and executive level of accountability when it comes to cyber risks. To succeed in today’s digital economy, manufacturing companies need to fully understand why and how each of these areas affect security.

Digital transformation and emerging technologies

As operational (OT) and information technology (IT) systems converge and blend into one ecosystem, the job of securing these systems typically sits in two different teams who aren’t used to talking to each other. This is a cultural barrier that must be overcome. Historically, manufacturers have interacted with not one technology team, but two. And these two teams aren’t aligned.

IT teams move at a fast pace to cope with evolving technology for their administrative networks. They regularly reconfigure and refresh equipment and software to cope with new business challenges. OT teams, on the other hand, think in much longer terms. They expect their technologies, like programmable logic controllers and distributed control systems, to be in place for many years. What’s more, IT and OT don’t speak the same language. The DevOps, agile sprints and canary software releases that come up in IT meetings are worlds away from plant-floor technology discussions.

And at the same time, manufacturing firms are adopting new technologies like cloud, machine learning and analytics, and IoT/IIoT, which all come with their own cyber risks. These technologies reduce errors, increase productivity, make better production projections and more. That leads to cost savings, increased profits and competitive advantage. However, they also eradicate the “air gap” that once kept OT systems off the internet and safe from attack.

This provides new opportunities for attackers. Cyber criminals are getting more brazen as they continue to adapt to new technologies and systems. They will prey on the areas they find most lucrative, which includes law firms, healthcare organizations and manufacturers. And in particular, smaller and medium-sized manufacturers typically make easier targets than larger organizations. That’s because they often don’t realize how valuable their data and intellectual property are.

Accountability remains a core issue

In a 2018 FutureWatch report conducted by eSentire, manufacturing firms self-ranked higher than financial institutions when it came to vulnerability to cyber attacks.

Manufacturers are starting to understand that cybersecurity is a board-level issue; they need to view it as an enterprise problem, not just a technology problem. OT risk and IT risk both jeopardize the business.

To overcome this enterprise problem, manufacturers need to create cybersecurity best practices and policies. This requires top-level coordination, which in turn requires cybersecurity to be a core strategic issue, with a chain of command and clear allocation of responsibilities. That means it must start at the board level.

Risk management is a key component of cybersecurity. Manufacturers will need both IT and OT’s help in identifying cybersecurity risks and prioritizing them based on likelihood and impact. Teams can weigh vulnerabilities based on their impact to those assets that are mission-critical to the company.

In addition to overseeing internal systems, manufacturers must extend risk management and cybersecurity protections to their supply chain partners’ security issues, too. To do this, they must identify the risk associated with the supply chain and contractually obligate those supply chain elements to specific security standards. A manufacturer should behave like a privacy regulator by establishing a cybersecurity trigger, so that when an event occurs, they must report it in a certain time frame.

Dotting cyber I’s and crossing cyber T’s

Attacks on manufacturing firms don’t show any signs of slowing down and, in fact, will likely increase. There are no magic bullets, but there are several key steps that firms can take to reduce risk and improve their ability to respond and recover:

United you stand

With so many new technologies at its disposal, the manufacturing sector has an exciting future. Possibilities abound for new processes and products, greater efficiencies and higher revenues. But along with these opportunities come the risks of an expanded threat landscape and the need for a comprehensive cybersecurity strategy. This strategy must start at the board level and align OT and IT teams to create a united front.

View Most Recent Blogs
Mark Sangster
Mark Sangster Vice President and Industry Security Strategist

Mark Sangster is Vice President, Industry Security Strategies at eSentire and the author of No Safe Harbor: The Inside Truth About Cybercrime and How to Protect Your Business. He is an award-winning speaker at international conferences and prestigious stages including the Harvard Law School and RSAConference. His thought-provoking work and perspective on shifting risk trends has influenced industry thought leaders. Mark has appeared on CNN News Hour to provide expert opinion on international cybercrime issues, and is a go-to subject matter expert for leading publications and media outlets including the Wall Street Journal and Forbes when covering major data breach events. Mark's experience unites a strong technical aptitude and an intuitive understanding of regulatory agencies. He has continued to build mutually beneficial relationships with regulatory agencies in key sectors.