What We Do
How we do it
Resources
TRU INTELLIGENCE CENTER
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
View Threat Intelligence Resources →
SECURITY ADVISORIES
Mar 15, 2023
CVE-2023-23397 - Microsoft Outlook Elevation of Privilege Zero-Day Vulnerability
THE THREAT On March 14th, as part of Microsoft’s monthly Patch Tuesday release, the company disclosed a critical, actively exploited vulnerability impacting Microsoft Office and Outlook. The…
Read More
View all Advisories →
Company
ABOUT ESENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
Mar 20, 2023
Exertis and eSentire Partner to Deliver 24/7 Multi-Signal MDR, Digital Forensics & IR Services and Exposure Management to Organisations Across the UK, Ireland, and Europe
Basingstoke, UK– 20 March, 2023. Leading technology distributor, Exertis, announced today that it has bolstered its cybersecurity services, adding eSentire, the Authority in Managed Detection and Response (MDR), to its Enterprise portfolio of offerings. eSentire’s award-winning, 24/7 multi-signal MDR, Digital Forensics & Incident Response (IR), and Exposure Management services will be available…
Read More
Partners
PARTNER PROGRAM
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
ECOSYSTEM PARTNER RESOURCES
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
Resources
Blog — Jun 17, 2021

How cyber resilience addresses the greatest myth in cybersecurity.

4 minutes read
Speak With A Security Expert Now
This blog was originally published on CyFIR.com and has been reposted as-is here following eSentire’s acquisition of CyFIR Inc. in June 2021. As of the date of the acquisition, no changes have been made to the content below.

Hollywood crime dramas make hacking appear effortless and instantaneous. Typically, a hacker—dressed in all black—drops from the ceiling with laptop in hand, whispers “I’m in” to their compatriots in a windowless security van, and within seconds makes off with crucial files to make the operation a success.

However, this is yet another movie myth—data breaches are often complex events that unfold over time as layered defense mechanisms are bypassed. Organizations can significantly contain the impact of a data breach by shortening the window of time an intruder can operate undetected. According to a 2019 IBM study, cyberattacks take an average of 279 days before they’re discovered and contained. When contained within 200 days, however, their total cost reduces by $1.2, down from their average of $3.9 million.

A Hollywood-style perception of cybersecurity implies that simply making sure bad actors don’t get in will be enough. In today’s threat environment where threats are rapidly evolving and data breaches are increasingly common, this approach exposes companies to significant risk. Instead, organizations need to shift their approach to cyber defense to focus on cyber resilience—an approach that not only aims to prevent cyberattacks, but also react intelligently to minimize or eliminate the potential damage from a successful network intrusion.

Cyber resilient organizations minimize damage in the event of data breach.

Cyber resilience begins with the premise that not all breaches can be prevented. After all, cyberattacks are increasingly common and sophisticated—globally, a little under 30 percent of organizations will fall victim to a breach within two years. This reality has prompted organizations all over the world, from the Department of Homeland Security, to the European Central Bank, to lobby for greater adoption of cyber resilience practices. Instead, cyber resilient organizations deploy security tools, processes, and personnel with the assumption that a breach has already occurred or will occur. Network monitoring with tools such as the CyFIR Enterprise Platform provide continuous analysis capabilities to identify if any processes running in a network environment are malicious or suspicious, while threat hunting assessments such as CyFIR’s Fast Forensic Digital Investigations go deeper to identify vulnerabilities that can be missed by automated tools. Regular examinations of a network environment are crucial to maintaining good cyber hygiene and identifying potential threats before they have chance to spread throughout a network.

Case study: How the 2015 Office of Personnel Management breach illustrates the necessity of cyber resilience.

For a real-life example of how damaging cyberattacks become when unaddressed, look no further than 2015 Office of Personnel Management (OPM) cyber-attack—one of the largest public sector cyberattacks in history.

An OPM contractor first discovered the entry responsible for the incident on April, 15, 2015. Two suspicious files were found on two servers, which were broadcasting data outside the network. They’d been undiscovered for more than a year, disguised as files from a popular antivirus software—one the contractor knew the office didn’t use.

What’s more, one of the two files were found on a particularly sensitive server, one that gave hackers access to a trove of highly-sensitive files: millions of background search forms the agency conducts to screen federal employees and contractors.

All told, this exposed extremely personal information of more than 21 million federal employees and contractors. Estimates vary, but the breach’s total cost to the federal government may be as high as $1 billion.

In the ensuing federal investigation, OPM leadership was largely blamed for not taking enough preventative security measures. This investigation tasked federal agencies with taking additional steps to protect sensitive data and “improve the resilience of federal networks.”

Cyber resilience could have prevented the now-infamous OPM breach.

Hindsight is, of course, 20/20, but it’s easy to see that the OPM’s breach could have been prevented with a cyber resilience approach to network security. With visibility into the network endpoints—like the infected server—staff would have likely discovered the malware well before the agency’s valuable data was compromised.

In fact, shortly after the breach was discovered, and well before OPM went public, CyFIR CEO Ben Cotton was invited to the agency to demo the CyFIR Enterprise Platform —without knowledge of the recently-discovered breach. Since the CyFIR Enterprise Platform offers real-time endpoint monitoring, the disguised files were found in 12 minutes.

As for why CyFIR’s services were requested without informing Cotton of the incident, Ms. Donna Seymour, the former CIO of the OMB, said the following in a congressional hearing:

“It is my understanding that we gave them some information to demonstrate whether their tool would find information on our network, and that—in doing so, they did indeed find those indicators on our network.”

After the meeting, OPM utilized the CyFIR Enterprise Platform through June 2015.

View Most Recent Blogs
eSentire
eSentire

eSentire is the Authority in Managed Detection and Response, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk, and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts & Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services. For more information, visit www.esentire.com and follow @eSentire.