Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Visibility and response across your entire Microsoft security ecosystem.
XDR with Machine Learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert threat hunting, original research, and proactive threat intelligence.
TRU is foundational to our MDR service. No add-ons or additional costs required.
Flexible MDR packages that enhance your cyber resilience and security operations.
Stop ransomware attacks before they disrupt your business.
Detect and respond to zero-day exploits.
Protect against third-party and supply chain risk.
Adopt a risk-based approach to cybersecurity.
Protect your most sensitive data.
Meet cybersecurity regulatory compliance mandates.
Eliminate misconfigurations and policy violations.
Prevent business disruption by outsourcing MDR.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and mediating threats to prevent lateral spread.
Enhance investigation and threat detection across multi-cloud or hybrid environments.
Remediate critical misconfigurations, security vulnerabilities and policy violations across cloud and containerized environments.
Detect malicious insider and identity-based behavior leveraging machine learning models.
THE THREAT Google has released new information related to an actively exploited zero-day vulnerability, including widening the scope and criticality of the exploitation impact. The issue, tracked as… READ NOW
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company's mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Waterloo, ON–September 6, 2023 – eSentire, Inc., the Authority in Managed Detection and Response (MDR), and Kterio, the leading provider of smart building operating systems, today announced that they… READ NOW
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
We believe a multi-signal approach is paramount to protecting your complete attack surface. See why eSentire MDR means multi-signal telemetry and complete response.
See how our 24/7 SOC Cyber Analysts and Elite Threat Hunters stop even the most advanced cyberattacks before they disrupt your business.
Choose the right mix of Managed Detection and Response, Exposure Management, and Incident Response services to strengthen your cyber resilience.
Try our interactive tools including the MITRE ATT&CK Tool, the SOC Pricing Calculator, the Cybersecurity Maturity Assessment, and our MDR ROI Calculator.
Read the latest security advisories, blogs, reports, industry publications and webinars published by eSentire's Threat Response Unit (TRU).
See why 2000+ organizations count on eSentire to build resilience and prevent business disruption.
RSA Conference 2021, one of the most significant events on the cybersecurity calendar, has come and gone. We know that keeping up with all the news and announcements surrounding RSA can be quite a challenge, so in case you missed it live, we wanted to provide a quick recap of Hooked by Phisherman: Quarterbacking Breach Response with Law Enforcement.
Moderated by our own Mark Sangster, this one-hour session tapped into the experience of a distinguished panel of experts who discussed the important factors that contribute to a resilient breach response.
To be clear, no short blog post can capture the detail and nuance of the session, so we encourage you to set aside some time to watch it (and be ready to take notes!) or to download and read this accompanying resource. To (very) briefly summarize, here are three major topics the experts examined and five ways you can get started to better position yourself to respond to a cybersecurity incident.
When a breach is detected (or, say, when you realize you’ve fallen prey to a Funds Transfer Fraud), everyone is immediately under enormous pressure to make high-impact decisions, quickly and correctly. Plus, while it’s often overlooked, the emotional strain cannot be underestimated and is a major contributor to detrimental delays. The only way you can you use the critical early hours effectively is to have an Incident Response (IR) plan in place ahead of time, capturing likely attack scenarios, defining team roles and responsibilities, prescribing timelines and describing in detail which third parties need to be contacted, how to contact them and when.
The consensus of the panelists is that attackers like to detonate ransomware on weekends, for maximum impact, which can create chaos if it’s difficult to get hold of key personnel. And for those who lack an IR plan, critical time is wasted simply building a team—which is a necessary precursor to actually working the problem (e.g., assessing technical impact, engaging with law enforcement, attempting to recover, etc.).
When you’re looking at how to prepare, be sure to consider how law enforcement (LE) agencies can assist. In many cases, they can help recover stolen funds or even paid crypto ransoms. While many people think of LE as reactive, in reality they are very proactive and agencies can assist with IR planning, conducting tabletop exercises, training, securing executive buy-in and so on. Plus, establishing these relationships ahead of time means you know exactly who to call in the event of an incident.
Another misconception is that LE assistance is limited to Fortune 500s, but that’s not at all the case—LE agencies work extensively with industry associations and chambers of commerce to reach the small and medium business (SMB) community.
Additionally, make sure you have cyber insurance, but also make you understand your cyber insurance coverage and recognize that it’s a tool but not a panacea. The right type of coverage depends upon the specific risks facing your business (tabletops can be a great way to expose these risks!). Cyber insurance is a complex domain in and of itself, so be sure to consult with experts and to update your IR plan with appropriate contact details, policy information, etc.
Finally, take care to understand your regulatory and contractual obligations as they relate to security incidents; at the same time, make sure you understand your vendors’ and suppliers’ obligations (and consider writing notification requirements into your contracts with them).
All the preparation in the world won’t prevent an incident—but it will put you in the best position to respond. One of the first responses should be engaging with law enforcement, ideally within 24 hours and certainly within 72 hours (especially if you want to have any hope of recovering lost funds).
Many LE agencies deal with cybercrime, including the FBI, DHS, and Secret Service—the key is to contact someone and to be prepared with information (i.e., don’t just sent an email that says, “We’ve got ransomware!”). Your IR plan should specify which agency/agencies to contact; ideally, you already worked with them to prepare your plan.
Unfortunately, many victims are hesitant to contact law enforcement out of fear that doing so will have unintended negative consequences. But these fears are misplaced: LE’s interest is in solving the problem, not publicizing the incident. In many cases, they will be able to provide valuable—perhaps vital—technical assistance, and in some ransomware instances they may even have decryptor mechanisms at the ready. LE agencies can also act on your behalf to coordinate with financial institutions to trace and recover funds.
Plus, engaging with LE might be required by your insurance policy and doing so can have a substantial mitigating effect on your own liability.
To underscore the main point, preparation is paramount. And part of preparation means having leaders who are sufficiently versed in cybersecurity concepts in general and who understand their specific responsibilities in the event of an incident.
All too often, part of the response team is speaking in technical and cyber terms, and part is speaking in dollars and cents. A crisis is no time to write a dictionary! When everyone understands the relationship between cyber incidents and business impact ahead of time, it allows the whole team to focus on coordinating and executing an effective response.
As noted above, proactively engaging with law enforcement is an effective way to secure support throughout the organization, but especially within the C-suite.
Additionally, tabletop exercises provide a safe space in which to learn, make mistakes, uncover surprises, assess risk, etc. These can go a long way to changing a perception from “I’m sure we’ll be fine…” to “We need an IR plan!”
Managing a data breach or ransomware attack demands that legal counsel, law enforcement, insurance and data forensics all bring their perspective to the coordinated effort to recover. Unfortunately, most companies are unprepared to deal with a cyber incident and rob themselves of valuable resources available from law enforcement because of perceived risks of public exposure, potential liability or a knock on their door by regulators.
We implore you not to repeat the mistakes already made by so many organizations. Instead, take the time to prepare a detailed incident response plan (we can help!), and proactively engage with law enforcement as well as your insurance carrier. Doing so will go a long way toward mitigating damages and positioning you to return to operations in a fraction of the time of going it alone.
Here’s how you can get started:
At eSentire we believe every business should have an incident response plan and incident response retainer. As the panel discussed, cybersecurity incidents can disrupt operations, and lead to the loss of services, data and assets. How quickly an incident can be contained and remediated is paramount. To learn more about eSentire’s Digital Forensics and Incident Response services, connect with an eSentire Security Specialist.
eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization’s cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world’s most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit: www.esentire.com and follow @eSentire.