Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Visibility and response across your entire Microsoft security ecosystem.
XDR with Machine Learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert threat hunting, original research, and proactive threat intelligence.
TRU is foundational to our MDR service. No add-ons or additional costs required.
Stop ransomware attacks before they disrupt your business.
Detect and respond to zero-day exploits.
Protect against third-party and supply chain risk.
Adopt a risk-based approach to cybersecurity.
Protect your most sensitive data.
Meet cybersecurity regulatory compliance mandates.
Eliminate misconfigurations and policy violations.
Prevent business disruption by outsourcing MDR.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and mediating threats to prevent lateral spread.
Enhance investigation and threat detection across multi-cloud or hybrid environments.
Remediate critical misconfigurations, security vulnerabilities and policy violations across cloud and containerized environments.
Detect malicious insider and identity-based behavior leveraging machine learning models.
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company's mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
We believe a multi-signal approach is paramount to protecting your complete attack surface. See why eSentire MDR means multi-signal telemetry and complete response.
See how our 24/7 SOC Cyber Analysts and Elite Threat Hunters stop even the most advanced cyberattacks before they disrupt your business.
Choose the right mix of Managed Detection and Response, Exposure Management, and Incident Response services to strengthen your cyber resilience.
Try our interactive tools including the MITRE ATT&CK Tool, the SOC Pricing Calculator, the Cybersecurity Maturity Assessment, and our MDR ROI Calculator.
Read the latest security advisories, blogs, reports, industry publications and webinars published by eSentire's Threat Response Unit (TRU).
See why 2000+ organizations count on eSentire to build resilience and prevent business disruption.
This blog was originally published on CyFIR.com and has been reposted as-is here following eSentire’s acquisition of CyFIR Inc. in June 2021. As of the date of the acquisition, no changes have been made to the content below.
Hollywood crime dramas make hacking appear effortless and instantaneous. Typically, a hacker—dressed in all black—drops from the ceiling with laptop in hand, whispers “I’m in” to their compatriots in a windowless security van, and within seconds makes off with crucial files to make the operation a success.
However, this is yet another movie myth—data breaches are often complex events that unfold over time as layered defense mechanisms are bypassed. Organizations can significantly contain the impact of a data breach by shortening the window of time an intruder can operate undetected. According to a 2019 IBM study, cyberattacks take an average of 279 days before they’re discovered and contained. When contained within 200 days, however, their total cost reduces by $1.2, down from their average of $3.9 million.
A Hollywood-style perception of cybersecurity implies that simply making sure bad actors don’t get in will be enough. In today’s threat environment where threats are rapidly evolving and data breaches are increasingly common, this approach exposes companies to significant risk. Instead, organizations need to shift their approach to cyber defense to focus on cyber resilience—an approach that not only aims to prevent cyberattacks, but also react intelligently to minimize or eliminate the potential damage from a successful network intrusion.
Cyber resilience begins with the premise that not all breaches can be prevented. After all, cyberattacks are increasingly common and sophisticated—globally, a little under 30 percent of organizations will fall victim to a breach within two years. This reality has prompted organizations all over the world, from the Department of Homeland Security, to the European Central Bank, to lobby for greater adoption of cyber resilience practices. Instead, cyber resilient organizations deploy security tools, processes, and personnel with the assumption that a breach has already occurred or will occur. Network monitoring with tools such as the CyFIR Enterprise Platform provide continuous analysis capabilities to identify if any processes running in a network environment are malicious or suspicious, while threat hunting assessments such as CyFIR’s Fast Forensic Digital Investigations go deeper to identify vulnerabilities that can be missed by automated tools. Regular examinations of a network environment are crucial to maintaining good cyber hygiene and identifying potential threats before they have chance to spread throughout a network.
For a real-life example of how damaging cyberattacks become when unaddressed, look no further than 2015 Office of Personnel Management (OPM) cyber-attack—one of the largest public sector cyberattacks in history.
An OPM contractor first discovered the entry responsible for the incident on April, 15, 2015. Two suspicious files were found on two servers, which were broadcasting data outside the network. They’d been undiscovered for more than a year, disguised as files from a popular antivirus software—one the contractor knew the office didn’t use.
What’s more, one of the two files were found on a particularly sensitive server, one that gave hackers access to a trove of highly-sensitive files: millions of background search forms the agency conducts to screen federal employees and contractors.
All told, this exposed extremely personal information of more than 21 million federal employees and contractors. Estimates vary, but the breach’s total cost to the federal government may be as high as $1 billion.
In the ensuing federal investigation, OPM leadership was largely blamed for not taking enough preventative security measures. This investigation tasked federal agencies with taking additional steps to protect sensitive data and “improve the resilience of federal networks.”
Hindsight is, of course, 20/20, but it’s easy to see that the OPM’s breach could have been prevented with a cyber resilience approach to network security. With visibility into the network endpoints—like the infected server—staff would have likely discovered the malware well before the agency’s valuable data was compromised.
In fact, shortly after the breach was discovered, and well before OPM went public, CyFIR CEO Ben Cotton was invited to the agency to demo the CyFIR Enterprise Platform —without knowledge of the recently-discovered breach. Since the CyFIR Enterprise Platform offers real-time endpoint monitoring, the disguised files were found in 12 minutes.
As for why CyFIR’s services were requested without informing Cotton of the incident, Ms. Donna Seymour, the former CIO of the OMB, said the following in a congressional hearing:
“It is my understanding that we gave them some information to demonstrate whether their tool would find information on our network, and that—in doing so, they did indeed find those indicators on our network.”
After the meeting, OPM utilized the CyFIR Enterprise Platform through June 2015.
eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization’s cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world’s most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit: www.esentire.com and follow @eSentire.