Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Visibility and response across your entire Microsoft security ecosystem.
XDR with Machine Learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert threat hunting, original research, and proactive threat intelligence.
TRU is foundational to our MDR service. No add-ons or additional costs required.
Flexible MDR packages that enhance your cyber resilience and security operations.
Stop ransomware attacks before they disrupt your business.
Detect and respond to zero-day exploits.
Protect against third-party and supply chain risk.
Adopt a risk-based approach to cybersecurity.
Protect your most sensitive data.
Meet cybersecurity regulatory compliance mandates.
Eliminate misconfigurations and policy violations.
Prevent business disruption by outsourcing MDR.
Meet insurability requirements with MDR.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and mediating threats to prevent lateral spread.
Enhance investigation and threat detection across multi-cloud or hybrid environments.
Remediate critical misconfigurations, security vulnerabilities and policy violations across cloud and containerized environments.
Detect malicious insider and identity-based behavior leveraging machine learning models.
THE THREAT eSentire is aware of widespread exploitation attempts targeting the recently disclosed ownCloud vulnerability CVE-2023-49103. CVE-2023-49103 (CVSS: 10) is tracked as a disclosure of… READ NOW
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company's mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Waterloo, ON and GITEX GLOBAL 2023, Dubai, UAE – October 18, 2023 – eSentire, Inc., the Authority in Managed Detection and Response (MDR), today announced that Inspira Enterprise Inc, (Inspira), a… READ NOW
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
We believe a multi-signal approach is paramount to protecting your complete attack surface. See why eSentire MDR means multi-signal telemetry and complete response.
See how our 24/7 SOC Cyber Analysts and Elite Threat Hunters stop even the most advanced cyberattacks before they disrupt your business.
Choose the right mix of Managed Detection and Response, Exposure Management, and Incident Response services to strengthen your cyber resilience.
Try our interactive tools including the MITRE ATT&CK Tool, the SOC Pricing Calculator, the Cybersecurity Maturity Assessment, and our MDR ROI Calculator.
Read the latest security advisories, blogs, reports, industry publications and webinars published by eSentire's Threat Response Unit (TRU).
See why 2000+ organizations count on eSentire to build resilience and prevent business disruption.
The last two years have brought significant upheaval in the cybersecurity insurance market, and the vast majority of the blame can be laid at the feet of successful ransomware attacks.
The earliest simple ransomware attacks typically involved a single machine, immediate encryption, and a relatively low ransom (e.g., $500 USD worth of BTC). This simple attack pattern has evolved to employ tactics previously used by Advanced Persistent Threat (APT) actors.
When a single machine obtains a toehold through an exploit, instead of immediately starting the encryption/lockdown process, the attacker immediately reaches out to as many systems in parallel and establishes a firmer beachhead by enlisting as many systems as possible with the same exploit.
By this means, persistent access may be maintained unless all systems are cleaned. When many systems have been exploited, the attacker quietly waits for the appropriate time to encrypt systems en masse. This is usually initiated on the first evening of a long holiday weekend – while support staff may be unable to respond with the same speed as expected during the work week.
Whereas a single exploited machine that’s quickly encrypted may be easily restored with minimal data loss so long as some backup rigor is in evidence, the effort to restore many (conceivably thousands of) systems while an external attacker maintains access and control is difficult.
Even if excellent backup systems exist, it may be difficult to confirm the integrity of the restored data as the attacker lay in hiding during the successive backup cycles. If your Domain Controllers and/or your Backup systems have been exploited, the path is even more difficult. As a result, many times the exploited enterprise ultimately chooses to pay (often after a cycle of negotiation) the ransom. These ransoms could easily sit in the seven-figure zone.
As well, the original authors of the ransomware software itself chose to open marketplaces where they could sell ransomware as a business. No longer did an attacker need to understand how to develop malicious code or find vulnerabilities within operating systems. All that is needed is access to the marketplace.
In the early days of cybersecurity insurance, insurance companies discovered that it was a very profitable product. Before the spectre of ransomware, the financial damage from cyberattacks was generally small. Indeed, there were attacks, sometimes involving the loss of personally identifiable information (PII) but actuaries could build risk models to provide policy guidance that could be successfully underwritten.
Companies in the mid-market concerned about their exposure could easily purchase millions of dollars worth of coverage for as little as fifteen to twenty thousand dollars per year. The insurance company, confident in their models, could be practically guaranteed to make a healthy profit with few payouts and it was this way for well over a decade.
When ransomware evolved from individual systems to higher-profile attacks, that model was upended. Along with the higher ransom payouts, the Advanced Persistent Threat (APT) flavor of ransomware required the enlistment of Incident Response teams, further increasing the price to restore the company to its regular state.
Secondly, insurance companies tend to build models based on geographic and vertical diversity. For example, fires do not occur everywhere simultaneously. Actuarial data can be analyzed to determine the frequency and the severity of occurrence, underlying factors that may increase or decrease probability, and the true cost of recovery.
The new version of APT-styled ransomware forced insurance companies to abandon their old models. It is not possible to hedge cybersecurity insurance based on geographic diversity; on the Internet, we are all neighbors. With the spate of new cybersecurity insurance claims, insurance companies were (as per contract) obliged to pay claims in a manner they had never needed to before. Their profit margin decreased abruptly and significantly. They were forced to review their practices and began to deny claims.
There are three main points that I generally need to point out regarding cybersecurity insurance:
In addition, insurance companies started to perform deeper investigations into the cybersecurity stance of potential policyholders. Due diligence that was previously cursory at best was now considerably more onerous. Insurance companies began to rely more heavily on sources of “external threat intelligence” that had scanned the vulnerabilities of external-facing Internet infrastructure, map it to specific companies and provide a scorecard.
Companies that had previously enjoyed relatively inexpensive cybersecurity insurance discovered that they did not qualify because they fell below a specific “score threshold” as stated by a third-party snapshot.
Some insurance companies have chosen to entirely leave the cybersecurity space.
So, in 2023, given this rather difficult situation, what is a company (i.e., the policyholder) to do? I have several specific recommendations to improve the chances that your organization will be able to obtain improved cost-effective cybersecurity insurance:
When you can document and demonstrate that you are taking reasonable and defensible steps to defend your organization, it should be considerably easier to obtain cybersecurity in this new age.
If you want to receive a more valuable and cost-effective policy, along with strengthening the technical stance of your environment, you will need to enter a deeper relationship with your insurance provider. It will be worth it and in 2023, it is necessary for your mutual benefit.
Eldon Sprickerhoff is the original pioneer and inventor of what is now referred to as Managed Detection and Response (MDR). In founding eSentire, he responded to the incipient yet rapidly growing demand for a more proactive approach to preventing and investigating information security breaches. Now with over 20 years of tactical experience, Eldon is acknowledged as a subject matter expert in information security analysis. Eldon holds a Bachelor of Mathematics, Computer Science degree from the University of Waterloo.