Combine AI-driven security operations, multi-signal attack surface coverage and 24/7 Elite Threat Hunters to help you take your security program to the next level.
Get unlimited Incident Response with threat suppression guarantee - anytime, anywhere.
CTEM and advisory programs that identify security gaps and build proactive strategies to address them.
Multi-agent Generative AI system embedded across eSentire’s Security Operations platform to scale human expertise.
Extended Detection andOpen XDR with Agentic AI & machine learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Customer PortalSee what our SOC sees, review investigations, and see how we are protecting your business.
Platform IntegrationsSeamless integrations and threat investigation across your existing tech stack.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
Threat Response Unit (TRU)Proactive threat intelligence, original threat research and a world-class team of seasoned industry veterans.
Cyber Resilience TeamExtend your team capabilities and prevent business disruption with expertise from eSentire.
Response and RemediationWe balance automated blocks with rapid human-led investigations to manage threats.
Flexible MDR pricing and packages that fit your unique security requirements.
Entry level foundational MDR coverage
Comprehensive Next Level eSentire MDR
Next Level eSentire MDR with Cyber Risk Advisors to continuously advance your security program
Stop ransomware before it spreads.
Identity ResponseStop identity-based cyberattacks.
Zero Day AttacksDetect and respond to zero-day exploits.
Cybersecurity ComplianceMeet regulatory compliance mandates.
Third-Party RiskDefend third-party and supply chain risk.
Cloud MisconfigurationEnd misconfigurations and policy violations.
Cyber RiskAdopt a risk-based security approach.
Mid-Market SecurityMid-market security essentials to prioritize.
Sensitive Data SecurityProtect your most sensitive data.
Cyber InsuranceMeet insurability requirements with MDR.
Cyber Threat IntelligenceOperationalize cyber threat intelligence.
Security LeadershipBuild a proven security program.
THE THREATOn September 25th, 2025, watchTowr Labs revealed that a recently disclosed vulnerability in Fortra's GoAnywhere Managed File Transfer (MFT), identified as CVE-2025-10035 (CVSS:…
THE THREATOn September 25th, 2025, Cisco disclosed two zero-day vulnerabilities, CVE-2025-20333 (CVSS: 9.9) and CVE-2025-20362 (CVSS: 6.5), in Cisco Secure Firewall Adaptive Security…
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
About Us Leadership CareersWe provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Search our site
Multi-Signal MDR with 300+ technology integrations to support your existing investments.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
We offer three flexible MDR pricing packages that can be customized to your unique needs.
The latest security advisories, blogs, reports, industry publications and webinars published by TRU.
Compare eSentire to other Managed Detection and Response vendors to see how we stack up against the competition.
See why 2000+ organizations globally have chosen eSentire for their MDR Solution.
The last two years have brought significant upheaval in the cybersecurity insurance market, and the vast majority of the blame can be laid at the feet of successful ransomware attacks.
The earliest simple ransomware attacks typically involved a single machine, immediate encryption, and a relatively low ransom (e.g., $500 USD worth of BTC). This simple attack pattern has evolved to employ tactics previously used by Advanced Persistent Threat (APT) actors.
When a single machine obtains a toehold through an exploit, instead of immediately starting the encryption/lockdown process, the attacker immediately reaches out to as many systems in parallel and establishes a firmer beachhead by enlisting as many systems as possible with the same exploit.
By this means, persistent access may be maintained unless all systems are cleaned. When many systems have been exploited, the attacker quietly waits for the appropriate time to encrypt systems en masse. This is usually initiated on the first evening of a long holiday weekend – while support staff may be unable to respond with the same speed as expected during the work week.
Whereas a single exploited machine that’s quickly encrypted may be easily restored with minimal data loss so long as some backup rigor is in evidence, the effort to restore many (conceivably thousands of) systems while an external attacker maintains access and control is difficult.
Even if excellent backup systems exist, it may be difficult to confirm the integrity of the restored data as the attacker lay in hiding during the successive backup cycles. If your Domain Controllers and/or your Backup systems have been exploited, the path is even more difficult. As a result, many times the exploited enterprise ultimately chooses to pay (often after a cycle of negotiation) the ransom. These ransoms could easily sit in the seven-figure zone.
As well, the original authors of the ransomware software itself chose to open marketplaces where they could sell ransomware as a business. No longer did an attacker need to understand how to develop malicious code or find vulnerabilities within operating systems. All that is needed is access to the marketplace.
In the early days of cybersecurity insurance, insurance companies discovered that it was a very profitable product. Before the spectre of ransomware, the financial damage from cyberattacks was generally small. Indeed, there were attacks, sometimes involving the loss of personally identifiable information (PII) but actuaries could build risk models to provide policy guidance that could be successfully underwritten.
Companies in the mid-market concerned about their exposure could easily purchase millions of dollars worth of coverage for as little as fifteen to twenty thousand dollars per year. The insurance company, confident in their models, could be practically guaranteed to make a healthy profit with few payouts and it was this way for well over a decade.
When ransomware evolved from individual systems to higher-profile attacks, that model was upended. Along with the higher ransom payouts, the Advanced Persistent Threat (APT) flavor of ransomware required the enlistment of Incident Response teams, further increasing the price to restore the company to its regular state.
Secondly, insurance companies tend to build models based on geographic and vertical diversity. For example, fires do not occur everywhere simultaneously. Actuarial data can be analyzed to determine the frequency and the severity of occurrence, underlying factors that may increase or decrease probability, and the true cost of recovery.
The new version of APT-styled ransomware forced insurance companies to abandon their old models. It is not possible to hedge cybersecurity insurance based on geographic diversity; on the Internet, we are all neighbors. With the spate of new cybersecurity insurance claims, insurance companies were (as per contract) obliged to pay claims in a manner they had never needed to before. Their profit margin decreased abruptly and significantly. They were forced to review their practices and began to deny claims.
There are three main points that I generally need to point out regarding cybersecurity insurance:
In addition, insurance companies started to perform deeper investigations into the cybersecurity stance of potential policyholders. Due diligence that was previously cursory at best was now considerably more onerous. Insurance companies began to rely more heavily on sources of “external threat intelligence” that had scanned the vulnerabilities of external-facing Internet infrastructure, map it to specific companies and provide a scorecard.
Companies that had previously enjoyed relatively inexpensive cybersecurity insurance discovered that they did not qualify because they fell below a specific “score threshold” as stated by a third-party snapshot.
Some insurance companies have chosen to entirely leave the cybersecurity space.
So, in 2023, given this rather difficult situation, what is a company (i.e., the policyholder) to do? I have several specific recommendations to improve the chances that your organization will be able to obtain improved cost-effective cybersecurity insurance:
When you can document and demonstrate that you are taking reasonable and defensible steps to defend your organization, it should be considerably easier to obtain cybersecurity in this new age.
If you want to receive a more valuable and cost-effective policy, along with strengthening the technical stance of your environment, you will need to enter a deeper relationship with your insurance provider. It will be worth it and in 2023, it is necessary for your mutual benefit.
To learn how your organization can build cyber resilience and prevent business disruption with eSentire’s Next Level MDR, connect with an eSentire Security Specialist now.
GET STARTEDEldon Sprickerhoff is the original pioneer and inventor of what is now referred to as Managed Detection and Response (MDR). In founding eSentire, he responded to the incipient yet rapidly growing demand for a more proactive approach to preventing and investigating information security breaches. Now with over 20 years of tactical experience, Eldon is acknowledged as a subject matter expert in information security analysis. Eldon holds a Bachelor of Mathematics, Computer Science degree from the University of Waterloo.