What We Do
How we do it
Oct 18, 2021
Grief Ransomware Gang Claims 41 New Victims, Targeting Manufacturers; Municipalities; & Service Companies in U.K. & Europe
Grief Operators Earned an Estimated 8.5 Million British Pounds in Four Months Key Findings: The Grief Ransomware Gang (a rebrand of the DoppelPaymer Ransomware Group) claims to have infected 41 new victims between May 27, 2021—Oct. 1, 2021 with their ransomware.Over half the companies listed on Grief’s underground leak site are based in the U.K. and Europe. The Grief Ransomware Gang appears to…
Read More
View all Advisories →
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
Oct 12, 2021
eSentire Launches MDR with Microsoft Azure Sentinel Extending Response Capabilities Across Entire Microsoft Security Ecosystem
Waterloo, ON – Oct. 12, 2021 -- eSentire, recognized globally as the Authority in Managed Detection and Response (MDR), today announced the expansion of its award-winning MDR services with Microsoft Azure Sentinel, as part of its integration with the complete Microsoft 365 Defender and Azure Defender product suites supporting Microsoft SIEM, endpoint, identity, email and cloud security services.…
Read More
Our award-winning partner program offers financial rewards, sales and marketing tools and personalized training. Accelerate your business and grow your revenue by offering our world-class Managed Detection and Response (MDR) services.
Learn about our Partner Program
Apply today to partner with the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Blog — Jun 25, 2020

Back to the Office #B2TO

Practically every organization (that’s not wholly shut down) has been forced by COVID-19 into a rapid “digital transformation mode” by working from home, and to one degree or another they’re managing to keep operating.

Many of these organizations didn’t have formal business continuity plans to deal with this sudden change. Even those who had formal, well thought-out and executed plans had not been prepared for the logistics of suddenly having their entire workforce working remotely, simultaneously, and for an extended period of time. This means there’s a significant portion of their workforce suddenly trying to work from home, making do with substandard facilities (e.g. computers, internet capability, remote access software, information security measures, separate office space, information disposal facilities, etc.)

Many organizations either had no sufficient licenses for their remote access and/or endpoint security software or are quickly trying to spin up something inexpensive and/or easy to use. These organizations are likely less prepared to defend against attacks, and indeed this makes it easier for attackers.

The COVID-19 “forcing function” that necessitated work-from-home has widened the aperture for attackers who suddenly have a richer field of attack to millions of poorly secured, widely dispersed endpoints. Attackers continued to deploy their arsenal to gain access to systems for their own purposes (generally, financial gain), whether it be through business email compromise, ransomware, banking information or other fraud. Data from our Security Operation Centers (SOCs) showed there was no decrease in attacks through phishing, malicious document attachments, watering holes and social engineering.

Despite this, organizations continue to operate (some more effectively than others) in this new mode. On the near horizon, there are questions of when can offices re-open, and it’s important given our current footing to think about what that will look like. What security issues are your end-users bringing back to the office (B2TO), and how can you prepare?

I’d suggest several bullet points, which require a blend of process, procedure and technical measures:

1) Perform a manual anti-virus check. Ensure that process is running properly and the signature file is up-to-date. It should be a red flag if either of these is not the case; often attackers disable either the application or the update signature capability once they gain access.

2) Ensure that all patching is up-to-date. Patching has historically been a painful process, and within a work-from-home context it is not made any easier. Microsoft generally releases a large patch bundle on “Patch Tuesday.” It’s important that all patches released are well-tested and implemented as part of a B2TO process.

3) Audit local applications. What new applications were installed on corporate hardware while working from home? Ensure that only corporate-authorized software is installed.

4) Audit user additions. Have unauthorized users (family, friends, attackers) created accounts on the hardware?

5) Schedule and perform a vulnerability scan. A broad vulnerability scan can help to highlight gaps in security posture exacerbated by long-term remote connectivity.

6) Ensure that your endpoint software is up-to-date. While working remotely, capable corporate-grade endpoint security software is your final bulwark against attackers. Confirm that it’s operating effectively.

7) Watch for unmanaged devices. Have new (unauthorized) devices been added, which might give attackers access or leak personal data? This could include fitness trackers or other plug-and-play devices.

8) Watch for “Shadow IT.” While people have been working remotely, it’s possible that they’ve taken advantage of personal-grade third party service offerings instead of corporate-grade services. This could include VPN capabilities, remote backup and other cloud offerings that might contravene your contracts, or compliance measures.

9) Finally, keep an eye out for unusual behavior. Behavior such as unusual spikes in network or CPU usage and unauthorized remote access detected may be an indicator that there are unwanted entities in your environment.

In short, what has changed since working from home (generally, a more permissive environment)?

As we prepare to move back to a more disconnected office environment, it is important that we seriously think about resilient processes and infrastructure. Consider every part of the business that previously was tooled requiring physical proximity will need to be reviewed and updated (including authentication, authorization, on/off-boarding, and incident response planning) and what this should look like as people return. An unplanned and haphazard move back to the office may cause considerable pain, but there’s still time to prepare.

Eldon Sprickerhoff
Eldon Sprickerhoff Founder and Chief Innovation Officer

In founding eSentire, Eldon Sprickerhoff responded to the incipient yet rapidly growing demand for a more proactive approach to preventing and investigating information security breaches. Now with over twenty years of tactical experience, he is acknowledged as a subject matter expert in information security analysis.