Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Visibility and response across your entire Microsoft security ecosystem.
XDR with Machine Learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert threat hunting, original research, and proactive threat intelligence.
TRU is foundational to our MDR service. No add-ons or additional costs required.
Stop ransomware attacks before they disrupt your business.
Detect and respond to zero-day exploits.
Protect against third-party and supply chain risk.
Adopt a risk-based approach to cybersecurity.
Protect your most sensitive data.
Meet cybersecurity regulatory compliance mandates.
Eliminate misconfigurations and policy violations.
Prevent business disruption by outsourcing MDR.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and mediating threats to prevent lateral spread.
Enhance investigation and threat detection across multi-cloud or hybrid environments.
Remediate critical misconfigurations, security vulnerabilities and policy violations across cloud and containerized environments.
Detect malicious insider and identity-based behavior leveraging machine learning models.
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company's mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
We believe a multi-signal approach is paramount to protecting your complete attack surface. See why eSentire MDR means multi-signal telemetry and complete response.
See how our 24/7 SOC Cyber Analysts and Elite Threat Hunters stop even the most advanced cyberattacks before they disrupt your business.
Choose the right mix of Managed Detection and Response, Exposure Management, and Incident Response services to strengthen your cyber resilience.
Try our interactive tools including the MITRE ATT&CK Tool, the SOC Pricing Calculator, the Cybersecurity Maturity Assessment, and our MDR ROI Calculator.
Read the latest security advisories, blogs, reports, industry publications and webinars published by eSentire's Threat Response Unit (TRU).
See why 2000+ organizations count on eSentire to build resilience and prevent business disruption.
This blog was originally published on CyFIR.com and has been reposted as-is here following eSentire’s acquisition of CyFIR Inc. in June 2021. As of the date of the acquisition, no changes have been made to the content below.
CyFIR Founder, Ben Cotton, recently joined a panel discussion moderated by Jason Miller, Executive Editor, Federal News Network, including other industry experts such as Dr. Shue-Jane Thompson, Vice President and Partner, Cyber & Biometrics Practice, IBM.
It’s been almost three years since the White House issued Presidential Policy Directive 41 (PPD-21) and the corresponding cyber incident response plan. PPD-41 outlined some key concepts around defining what a cyber incident and a major cyber incident meant, while also providing guiding principles for incident response. From that PPD, the Homeland Security Department developed a national cyber incident response plan (NCIR), providing even more details about the activities and the lead agencies for each activity.
But PPD-41 and the NCIR are reactive documents and plans that come after being victimized by a cyber attack. What is missing is how agencies can get ahead of the attack through proactive threat hunting and a more strategic response.
The evolution of cyber tools and capabilities over the last few years, most notably the sharing of threat intelligence, has enabled agencies to do more to get ahead of the cyber threats.
In the 2018 national cybersecurity strategy, the White House specifically called out the use of cyber threat hunting capabilities, saying the government “will be able to assess the security of its data by reviewing contractor risk management practices and adequately testing, hunting, censoring and responding to incidents on contractor systems. Contracts with federal departments and agencies will be drafted to authorize such activities for the purpose of improving cybersecurity.”
There are several benefits from this proactive stance agencies are starting to take, including reducing damage to the organization and improving the speed to response.
Agencies need to consider several factors as they move more toward this proactive model. Watch the 3 segment videos on Threat Hunting and Incident Response, The Use of Data, and The Cloud Impact to hear Ben's contribution to the discussion.
(Minute 6:05) "To see more is to know more. If you take the threat intelligence data and then you apply it to a forensics process that has visibility on every single aspect of what’s going on an endpoint then you are able to ascertain if those threats do exist inside of your environment. The trick to that is to do that in a timely fashion so that you are looking simultaneously across all of your end points and you are not focused on a narrow lane where you miss those threats that exist on other endpoints or other parts of your network."
(Minute 5:07) "There's the automatic collection of data by necessity requires an automated correlation of the data. From an example standpoint, we had a client that had a very good IDS system in place and they were receiving IDS indicators that they had a compromise but it was taking them 24 hours to correlate that IDS, back to a person, back to a process, back to the endpoint at which it actually occurred. So it's about the right type of data, the correlation of that data in an automated fashion, and it's also about search. As we talk about hunting, at the very root of hunting is your ability to search across your network and to be able to do that very quickly.
It's not just about processes, and it's not just about network connections, but it's also about what is existing on those hard drives, even down into the unallocated space of those hard drives. The more sophisticated actors can actually customize the addressing of their malware into the unpartitioned space on a hard drive.
A good hunting team not only has the automated collection piece, but also has the ability to pivot and simultaneously ask very complex questions across their entire environment, and get that data back extremely quickly."
(Minute 10:15) "Remember we think forensics first on all of this data collection. The analysis of that data, I like to think of it as weeding the wheat from the chaff, so that you can get 100% of your human capital gray matter focused on the problem very quickly. I think there's a consensus here with the panel that that human gray matter, as good as AI (artificial intelligence), as good as ML (machine learning) will get, human gray matter is never going to be eliminated from the equation. From a forensics standpoint, the automation, the AI, the ML, is leveraged to sort that wheat from the chaff and get down to what's important very quickly and focus on that."
(Minute 5:35) "Most of those skillsets have remained consistent. You need to have a firm foundation in technology. You need to understand networks. You need to understand how computers work. How those types of things function. But one of the unique things we look for when we're hiring people is actually called Investigative Mindset. The ability to pick out an anomaly and then have that urge to dive down into it to figure out why it's there, what it's doing, how it got there and what the result is as it influences the investigation."
"It's about is this going to be the person who's going to have the independence, and the curiosity and the knowledge base to answer those tough complex questions that are asymmetric in nature."
eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization’s cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world’s most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit: www.esentire.com and follow @eSentire.