Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Visibility and response across your entire Microsoft security ecosystem.
XDR with Machine Learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert threat hunting, original research, and proactive threat intelligence.
TRU is foundational to our MDR service. No add-ons or additional costs required.
Stop ransomware attacks before they disrupt your business.
Detect and respond to zero-day exploits.
Protect against third-party and supply chain risk.
Adopt a risk-based approach to cybersecurity.
Protect your most sensitive data.
Meet cybersecurity regulatory compliance mandates.
Eliminate misconfigurations and policy violations.
Prevent business disruption by outsourcing MDR.
Meet insurability requirements with MDR.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and mediating threats to prevent lateral spread.
Enhance investigation and threat detection across multi-cloud or hybrid environments.
Remediate critical misconfigurations, security vulnerabilities and policy violations across cloud and containerized environments.
Detect malicious insider and identity-based behavior leveraging machine learning models.
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company's mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
We believe a multi-signal approach is paramount to protecting your complete attack surface. See why eSentire MDR means multi-signal telemetry and complete response.
See how our 24/7 SOC Cyber Analysts and Elite Threat Hunters stop even the most advanced cyberattacks before they disrupt your business.
Choose the right mix of Managed Detection and Response, Exposure Management, and Incident Response services to strengthen your cyber resilience.
Try our interactive tools including the MITRE ATT&CK Tool, the SOC Pricing Calculator, the Cybersecurity Maturity Assessment, and our MDR ROI Calculator.
Read the latest security advisories, blogs, reports, industry publications and webinars published by eSentire's Threat Response Unit (TRU).
See why 2000+ organizations count on eSentire to build resilience and prevent business disruption.
In part one of “Gray War” I looked at the threats posed by gray zones looking to destabilize our economy by attacking non-military targets such as small and medium businesses. I also introduced the Cold War notion of deterrence by denial. In part two, I will explore how our security operations teams identify these attacks and stop them before they become business disrupting.
In multiple instances, our security operations stood between our clients and the malicious intent of these gray zone actors. In one case, a law firm was targeted in retaliation for their representation of a client, deemed a dissident by their home nation. In another, a manufacturer in the 5G supply chain was infiltrated using remote access tools. It doesn’t take much of an imagination to link 5G to security concerns around vendors from suspicious “friendemy” countries.
In one case, a state court was targeted. This case is worth exploring to first highlight the risk, but then demonstrate how quick detection and response means the difference between minor infection and terminal metastasization.
In the first, eSentire Security Operations Center (SOC) received an alert from esENDPOINT that a computer on a client’s network was conducting suspicious activity. The computer belonged to a legal assistant at the state court system. They had received an email from an attacker posing as a student from a local university asking if they would be interested in participating in an interview for an assignment the student (attacker) was working on about the legal profession. The legal assistant agreed and the fake student (attacker) sent her a link to a document with the interview questions.
Embedded in that document was a malicious macro that installed malware on the victim’s laptop. Cyberattackers often leverage Microsoft Office macros as a means of installing malware undetected (often a few windows open and close before the user becomes concerned).
The victim downloaded the malicious document from Amazon storage via an encrypted HTTPS connection, providing no opportunity to sandbox it before the assistant triggered the macro on their machine.
What’s worse, and all too common, their anti-virus software failed to identify the malware as
malicious. The sophisticated attacker knew how to bypass all the usual prevention and detection mechanisms. Again, all too common.
In this case, the attacker knew that spawning the malware via a Command line in Microsoft Word would have triggered an alert by most endpoint defense products, so the malware was designed to inject itself into a legitimate Windows process to avoid detection. Total time from the victim’s click on the malicious hyperlink to the end of the initial infection activity was twelve minutes.
Approximately three hours after the initial infection, a flurry of follow-up activity was recorded by esENDPOINT. The attacker connected through the backdoor opened by the malware and was attempting to escalate network privileges through the compromised machine. Despite the attacker’s best attempt to cover their tracks, as soon as they used a PowerShell command in their attempt to gain admin privileges, eSentire’s proprietary and patented BlueSteel machine learning tool picked up on the suspicious activity and the SOC generated an alert via esENDPOINT.
While the eSentire SOC was investigating the initial attack, the attacker began lateral movement and compromised a second host on the network. Over the next two hours, the attacker continued lateral movement - infecting a third, fourth and fifth host. At that point, continued investigation by eSentire uncovered evidence of the lateral movement.
Using esENDPOINT, the SOC began isolating the compromised hosts. At the same time, the attacker continued spreading through the network and the chase was on. The SOC analysts caught up to the attacker at the seventh compromised host, isolating the host and terminating the attacker’s access to the network.
The attacker’s total dwell time on the network was approximately 7.5 hours, with lateral movement beyond the first infected device occurring five hours after initial compromise. Utilizing machine learning from BlueSteel that detected the malicious PowerShell command via esENDPOINT, eSentire was able to isolate the compromised hosts and stop the attacker in their tracks, before they achieved their objective. Read the full report.
Like my comparison of gray zone adversaries to the Cold War, Jacob Helberg made a similar comparison. He talked about employing the strategy of “deterrence by denial.” It’s a Cold War theory that stresses the criticality of using tactics to deter the enemy without escalating the threat, in order to avoid an all out war. He further stressed the need to understand how global events can affect your business, identify those that target you, understand their objectives, and build a strategy to prevent them from succeeding at your expense. They can be stopped. But it takes hands on keyboards to defend against their gray zone, sophisticated attacks.
In this gray war, you must be prepared to deter gray actors by denying them access to your assets and critical operations. Like NATO, you must be prepared to quickly respond to enemy state intrusions, and intercept and disrupt them before they cripple your business. We do this everyday to keep our customers safe from gray threats. We stand on guard for thee. So, ask yourself, David, are you prepared to deter a gray zone Goliath?
eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization’s cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world’s most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit: www.esentire.com and follow @eSentire.