Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert hunting, research and content.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and remediating threats to prevent lateral spread.
Investigation and enhanced threat detection across multi-cloud or hybrid environments.
Configuration escalations, policy and posture management.
Detects malicious insider behavior leveraging Machine Learning models.
Customer testimonials and case studies.
Stories on cyberattacks, customers, employees, and more.
Cyber incident, analyst, and thought leadership reports.
Demonstrations, seminars and presentations on cybersecurity topics.
Information and solution briefs for our services.
MITRE ATT&CK Framework, Cybersecurity Assessment, SOC Calculator & more
eSentire will be hosting a virtual webinar.
Join us for a live webinar with Keegan Keplinger, Research and Reporting…
eSentire will be hosting this event.
This blog was originally published on CyFIR.com and has been reposted as-is here following eSentire’s acquisition of CyFIR Inc. in June 2021. As of the date of the acquisition, no changes have been made to the content below.
Hollywood crime dramas make hacking appear effortless and instantaneous. Typically, a hacker—dressed in all black—drops from the ceiling with laptop in hand, whispers “I’m in” to their compatriots in a windowless security van, and within seconds makes off with crucial files to make the operation a success.
However, this is yet another movie myth—data breaches are often complex events that unfold over time as layered defense mechanisms are bypassed. Organizations can significantly contain the impact of a data breach by shortening the window of time an intruder can operate undetected. According to a 2019 IBM study, cyberattacks take an average of 279 days before they’re discovered and contained. When contained within 200 days, however, their total cost reduces by $1.2, down from their average of $3.9 million.
A Hollywood-style perception of cybersecurity implies that simply making sure bad actors don’t get in will be enough. In today’s threat environment where threats are rapidly evolving and data breaches are increasingly common, this approach exposes companies to significant risk. Instead, organizations need to shift their approach to cyber defense to focus on cyber resilience—an approach that not only aims to prevent cyberattacks, but also react intelligently to minimize or eliminate the potential damage from a successful network intrusion.
Cyber resilience begins with the premise that not all breaches can be prevented. After all, cyberattacks are increasingly common and sophisticated—globally, a little under 30 percent of organizations will fall victim to a breach within two years. This reality has prompted organizations all over the world, from the Department of Homeland Security, to the European Central Bank, to lobby for greater adoption of cyber resilience practices. Instead, cyber resilient organizations deploy security tools, processes, and personnel with the assumption that a breach has already occurred or will occur. Network monitoring with tools such as the CyFIR Enterprise Platform provide continuous analysis capabilities to identify if any processes running in a network environment are malicious or suspicious, while threat hunting assessments such as CyFIR’s Fast Forensic Digital Investigations go deeper to identify vulnerabilities that can be missed by automated tools. Regular examinations of a network environment are crucial to maintaining good cyber hygiene and identifying potential threats before they have chance to spread throughout a network.
For a real-life example of how damaging cyberattacks become when unaddressed, look no further than 2015 Office of Personnel Management (OPM) cyber-attack—one of the largest public sector cyberattacks in history.
An OPM contractor first discovered the entry responsible for the incident on April, 15, 2015. Two suspicious files were found on two servers, which were broadcasting data outside the network. They’d been undiscovered for more than a year, disguised as files from a popular antivirus software—one the contractor knew the office didn’t use.
What’s more, one of the two files were found on a particularly sensitive server, one that gave hackers access to a trove of highly-sensitive files: millions of background search forms the agency conducts to screen federal employees and contractors.
All told, this exposed extremely personal information of more than 21 million federal employees and contractors. Estimates vary, but the breach’s total cost to the federal government may be as high as $1 billion.
In the ensuing federal investigation, OPM leadership was largely blamed for not taking enough preventative security measures. This investigation tasked federal agencies with taking additional steps to protect sensitive data and “improve the resilience of federal networks.”
Hindsight is, of course, 20/20, but it’s easy to see that the OPM’s breach could have been prevented with a cyber resilience approach to network security. With visibility into the network endpoints—like the infected server—staff would have likely discovered the malware well before the agency’s valuable data was compromised.
In fact, shortly after the breach was discovered, and well before OPM went public, CyFIR CEO Ben Cotton was invited to the agency to demo the CyFIR Enterprise Platform —without knowledge of the recently-discovered breach. Since the CyFIR Enterprise Platform offers real-time endpoint monitoring, the disguised files were found in 12 minutes.
As for why CyFIR’s services were requested without informing Cotton of the incident, Ms. Donna Seymour, the former CIO of the OMB, said the following in a congressional hearing:
“It is my understanding that we gave them some information to demonstrate whether their tool would find information on our network, and that—in doing so, they did indeed find those indicators on our network.”
After the meeting, OPM utilized the CyFIR Enterprise Platform through June 2015.
eSentire is the Authority in Managed Detection and Response, protecting the critical data and applications of 1500+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk, and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts & Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services. For more information, visit www.esentire.com and follow @eSentire.