Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Visibility and response across your entire Microsoft security ecosystem.
XDR with Machine Learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert threat hunting, original research, and proactive threat intelligence.
TRU is foundational to our MDR service. No add-ons or additional costs required.
Flexible MDR packages that enhance your cyber resilience and security operations.
Stop ransomware attacks before they disrupt your business.
Detect and respond to zero-day exploits.
Protect against third-party and supply chain risk.
Adopt a risk-based approach to cybersecurity.
Protect your most sensitive data.
Meet cybersecurity regulatory compliance mandates.
Eliminate misconfigurations and policy violations.
Prevent business disruption by outsourcing MDR.
Meet insurability requirements with MDR.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and mediating threats to prevent lateral spread.
Enhance investigation and threat detection across multi-cloud or hybrid environments.
Remediate critical misconfigurations, security vulnerabilities and policy violations across cloud and containerized environments.
Detect malicious insider and identity-based behavior leveraging machine learning models.
THE THREAT eSentire is aware of widespread exploitation attempts targeting the recently disclosed ownCloud vulnerability CVE-2023-49103. CVE-2023-49103 (CVSS: 10) is tracked as a disclosure of… READ NOW
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company's mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Waterloo, ON and GITEX GLOBAL 2023, Dubai, UAE – October 18, 2023 – eSentire, Inc., the Authority in Managed Detection and Response (MDR), today announced that Inspira Enterprise Inc, (Inspira), a… READ NOW
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
We believe a multi-signal approach is paramount to protecting your complete attack surface. See why eSentire MDR means multi-signal telemetry and complete response.
See how our 24/7 SOC Cyber Analysts and Elite Threat Hunters stop even the most advanced cyberattacks before they disrupt your business.
Choose the right mix of Managed Detection and Response, Exposure Management, and Incident Response services to strengthen your cyber resilience.
Try our interactive tools including the MITRE ATT&CK Tool, the SOC Pricing Calculator, the Cybersecurity Maturity Assessment, and our MDR ROI Calculator.
Read the latest security advisories, blogs, reports, industry publications and webinars published by eSentire's Threat Response Unit (TRU).
See why 2000+ organizations count on eSentire to build resilience and prevent business disruption.
For a 15-pound brisket, it generally takes over 14 hours of smoking at 225 degrees F to push through the “stall” … after which it requires another couple of hours to “rest.” This process is referred to as “low-and-slow” because it takes time and patience to proceed through each of the smoke phases.
Cyberattackers are just as patient when it comes to following their plan and achieving their goals.
In information security, we often describe attackers in terms of their tools, tactics, and process (TTP). One that we don’t often discuss is TIMING. One recent development in the use of ransomware involves choosing the most appropriate time to initiate the actual encryption. By appropriate, I mean the most inopportune time to strike a target in an effort to hamper recovery.
Let’s first take a step back though. When ransomware first burst broadly into the public view a few years ago, it was very simple: someone opens malicious content which downloads an encryption key and immediately begins to encrypt that single computer’s files (and all others to which they have access, including network shares). The next generation of ransomware started attacking databases directly, encrypting their contents.
A further evolution of a separate ransomware family focused on exploiting the software that manages workstation images (e.g. Kaseya), thereby unwittingly enlisting it to spread unwanted code. This tactic is not necessarily specific to ransomware but also was used for undesired rogue cryptocurrency mining.
The current, most popular methodology within ransomware deployment couples the popular “low-and-slow” tactics of yesteryear (very much like smoking a delicious brisket). Also known as advanced persistent threat (APT) methodology, the attacker initially gains a toehold into an environment, then quietly spreads laterally from this “beachhead” to establish multiple points of presence within the organization. Once many systems are infected, the attacker is free to take their time to embed themselves and begin a more rigorous campaign to examine all accessible files (including email), gather information, pivot to other connected systems, gain administrator access (if possible) and exfiltrate interesting or sensitive data to resell or hold hostage.
The newest ransomware tactic couples the low-and-slow APT method, but once the interesting data is taken, the attacker at the right time initiates the encryption on all infected systems. The extra spin? Timing. This type of attack offers the attacker the best chance for payoff when initiated at a particularly inopportune time, when the victim isn’t expecting it and is less likely to be able to respond quickly. As such, the first night of a weekend (especially a long weekend!) provides an ideal point for a devastating malicious campaign to be launched.
It is critical to continue to watch for the early indicators. It takes time for the attacker to distribute the malicious code throughout the environment and wait for the most inopportune time to start the encryption phase. This permits the defender a wider window of opportunity to prematurely short-circuit and evict the attacker.
No doubt tactics will continue to evolve. Attackers will continue to hone and improve their methods; likely by better automating the “spread malware internally phase” and with better obfuscation to reduce the chances of detection. Given the significant recent changes due to COVID-19 with more people working from home, it is possible that depending on remote access implementation, it may be more difficult for attackers to move laterally, from endpoint to endpoint. However, this possible mitigation aspect is likely overridden by more atomic endpoints running outside the safety of a corporate firewall and other corporate security infrastructure.
With this in mind, we highly recommend that you continue to watch for unusual indicators of inappropriate access, especially when they make themselves manifest early on a weekend. Ensure that your incident response playbooks are updated, with contacts updated. Perform tabletop exercises with this updated scenario to prepare for this.
While you might be looking at the start of a long weekend as a welcome break from work (or a chance to demonstrate your BBQ skills), attackers might just be thinking about getting started.
Eldon Sprickerhoff is the original pioneer and inventor of what is now referred to as Managed Detection and Response (MDR). In founding eSentire, he responded to the incipient yet rapidly growing demand for a more proactive approach to preventing and investigating information security breaches. Now with over 20 years of tactical experience, Eldon is acknowledged as a subject matter expert in information security analysis. Eldon holds a Bachelor of Mathematics, Computer Science degree from the University of Waterloo.