What We Do
How we do it
May 11, 2022
CVE-2022-26923 - Active Directory Domain Services Elevation of Privilege Vulnerability
THE THREAT Microsoft has disclosed a new vulnerability impacting Active Directory Certificate Services (ADCS) tracked as CVE-2022-26923 (Active Directory Domain Services Elevation of Privilege Vulnerability). If exploited successfully, an authenticated attacker can escalate privileges in environments where ADCS is running on the domain. eSentire is aware of technical details and tooling [2] for…
Read More
View all Advisories →
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1200+ organizations in 75+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
May 17, 2022
Cybersecurity Leader eSentire Continues Its Commitment to Rigorous Security Standards Earning PCI DSS Certification
Waterloo, ON, May 17, 2022 — eSentire, the Authority in Managed Detection and Response (MDR), maintains one of the most secure and robust IT environments of any MDR provider in the industry. To that end, eSentire today announced that it has received the Payment Card Industry Data Security Standard (PCI DSS) certification, considered one of the most stringent and comprehensive payment card…
Read More
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Blog — Jun 25, 2020

Back to the Office #B2TO

Speak With A Security Expert Now

Practically every organization (that’s not wholly shut down) has been forced by COVID-19 into a rapid “digital transformation mode” by working from home, and to one degree or another they’re managing to keep operating.

Many of these organizations didn’t have formal business continuity plans to deal with this sudden change. Even those who had formal, well thought-out and executed plans had not been prepared for the logistics of suddenly having their entire workforce working remotely, simultaneously, and for an extended period of time. This means there’s a significant portion of their workforce suddenly trying to work from home, making do with substandard facilities (e.g. computers, internet capability, remote access software, information security measures, separate office space, information disposal facilities, etc.)

Many organizations either had no sufficient licenses for their remote access and/or endpoint security software or are quickly trying to spin up something inexpensive and/or easy to use. These organizations are likely less prepared to defend against attacks, and indeed this makes it easier for attackers.

The COVID-19 “forcing function” that necessitated work-from-home has widened the aperture for attackers who suddenly have a richer field of attack to millions of poorly secured, widely dispersed endpoints. Attackers continued to deploy their arsenal to gain access to systems for their own purposes (generally, financial gain), whether it be through business email compromise, ransomware, banking information or other fraud. Data from our Security Operation Centers (SOCs) showed there was no decrease in attacks through phishing, malicious document attachments, watering holes and social engineering.

Despite this, organizations continue to operate (some more effectively than others) in this new mode. On the near horizon, there are questions of when can offices re-open, and it’s important given our current footing to think about what that will look like. What security issues are your end-users bringing back to the office (B2TO), and how can you prepare?

I’d suggest several bullet points, which require a blend of process, procedure and technical measures:

1) Perform a manual anti-virus check. Ensure that process is running properly and the signature file is up-to-date. It should be a red flag if either of these is not the case; often attackers disable either the application or the update signature capability once they gain access.

2) Ensure that all patching is up-to-date. Patching has historically been a painful process, and within a work-from-home context it is not made any easier. Microsoft generally releases a large patch bundle on “Patch Tuesday.” It’s important that all patches released are well-tested and implemented as part of a B2TO process.

3) Audit local applications. What new applications were installed on corporate hardware while working from home? Ensure that only corporate-authorized software is installed.

4) Audit user additions. Have unauthorized users (family, friends, attackers) created accounts on the hardware?

5) Schedule and perform a vulnerability scan. A broad vulnerability scan can help to highlight gaps in security posture exacerbated by long-term remote connectivity.

6) Ensure that your endpoint software is up-to-date. While working remotely, capable corporate-grade endpoint security software is your final bulwark against attackers. Confirm that it’s operating effectively.

7) Watch for unmanaged devices. Have new (unauthorized) devices been added, which might give attackers access or leak personal data? This could include fitness trackers or other plug-and-play devices.

8) Watch for “Shadow IT.” While people have been working remotely, it’s possible that they’ve taken advantage of personal-grade third party service offerings instead of corporate-grade services. This could include VPN capabilities, remote backup and other cloud offerings that might contravene your contracts, or compliance measures.

9) Finally, keep an eye out for unusual behavior. Behavior such as unusual spikes in network or CPU usage and unauthorized remote access detected may be an indicator that there are unwanted entities in your environment.

In short, what has changed since working from home (generally, a more permissive environment)?

As we prepare to move back to a more disconnected office environment, it is important that we seriously think about resilient processes and infrastructure. Consider every part of the business that previously was tooled requiring physical proximity will need to be reviewed and updated (including authentication, authorization, on/off-boarding, and incident response planning) and what this should look like as people return. An unplanned and haphazard move back to the office may cause considerable pain, but there’s still time to prepare.

View Most Recent Blogs
Eldon Sprickerhoff
Eldon Sprickerhoff Founder and Chief Innovation Officer
In founding eSentire, Eldon Sprickerhoff responded to the incipient yet rapidly growing demand for a more proactive approach to preventing and investigating information security breaches. Now with over twenty years of tactical experience, he is acknowledged as a subject matter expert in information security analysis.