What We Do
How we do it
Resources
SECURITY ADVISORIES
Oct 18, 2021
Grief Ransomware Gang Claims 41 New Victims, Targeting Manufacturers; Municipalities; & Service Companies in U.K. & Europe
Grief Operators Earned an Estimated 8.5 Million British Pounds in Four Months Key Findings: The Grief Ransomware Gang (a rebrand of the DoppelPaymer Ransomware Group) claims to have infected 41 new victims between May 27, 2021—Oct. 1, 2021 with their ransomware.Over half the companies listed on Grief’s underground leak site are based in the U.K. and Europe. The Grief Ransomware Gang appears to…
Read More
View all Advisories →
Company
ABOUT eSENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
Oct 12, 2021
eSentire Launches MDR with Microsoft Azure Sentinel Extending Response Capabilities Across Entire Microsoft Security Ecosystem
Waterloo, ON – Oct. 12, 2021 -- eSentire, recognized globally as the Authority in Managed Detection and Response (MDR), today announced the expansion of its award-winning MDR services with Microsoft Azure Sentinel, as part of its integration with the complete Microsoft 365 Defender and Azure Defender product suites supporting Microsoft SIEM, endpoint, identity, email and cloud security services.…
Read More
Partners
PARTNER PROGRAM
Partners
Our award-winning partner program offers financial rewards, sales and marketing tools and personalized training. Accelerate your business and grow your revenue by offering our world-class Managed Detection and Response (MDR) services.
Learn about our Partner Program
PARTNER RESOURCES
Apply today to partner with the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
Resources
Blog — Dec 04, 2015

Just another day at the office: protecting clients from complex threat networks

On Dec. 1, a large US-based cybersecurity firm received extensive international media coverage for a reported cybersecurity incident. The incident focused on a threat actor classified as “FIN4”. Reports describe an active targeted phishing campaign with a focus specifically targeted at “the emails of C-level executives, legal counsel, regulatory risk, and compliance personnel, and other individuals who would regularly discuss confidential, market-moving information”.

The technique uses spear-phishing emails to gather credentials from users and return them back to the “FIN4” Command and Control servers (CnC) where the login credentials are then used to log into the users webmail remotely through TOR to escalate the attack. Again the level of angst was escalated further.

While this news article may be the first mention of “FIN4”, eSentire has been tracking and mitigating this very activity for more than a year. Late in 2013, eSentire issued a service advisory to its client base giving visibility to a .docm file circulating through the hedge fund atmosphere. At the time, eSentire’s Security Operations Center flagged what is now known as “FIN4” activity at its earliest inception. Then, the intent of the attack was the same: to drive a spear-phishing campaign with the explicit intent of accessing sensitive financial data in the hedge fund market through credential harvest.

The story surrounding “FIN4” is an important one, however, a story like this reminds us of the complexity and challenges faced by the Information Security industry. Complicated threats like these don’t pop up overnight. Dedicated forensics is critical in identifying and managing threats of this nature. eSentire clients have not been affected by “FIN4” attacks thanks to our Security Operations Center’s ongoing forensics and layered Active Threat Protection services.

What is it about the eSentire approach to Active Threat Protection that’s so unique? We’re able to see and mitigate threats of this nature through continuous monitoring. eSentire analysts continually monitor ALL our client’s network traffic, looking for signs of atypical behavior by utilizing ‘operationalized forensics’ - a technique pioneered by eSentire - which is the continuous analysis of all traffic flowing into and out of client networks.

As with the attack initially detected by eSentire in 2013, when a compromised word document containing the macro executes and connects to an external server and transfers data - in this case user credentials to an unfamiliar IP destination - we notice those unusual behavioral signals and immediately scrutinize it.

With our DVR-like capabilities, our skilled threat analysts rewind and replay the traffic and critically analyze it. If the traffic looks malicious, we block that specific connection on that customer’s network. Next, the block is propagated to all other eSentire subscriber networks through our Asset Manager Protect service, ensuring all clients are protected from the threat in question. At eSentire, this is standard operating procedure, 24/7/365, whether during business hours on Wednesday or at 2AM on Sunday.

If your first visibility into a major attack network like that publicized this week comes from a best-in-class forensic firm, the horse is likely already out of the barn. At this stage of breach you are also calling lawyers, regulators and law enforcement. Even worse, you have spent at least three to five full years of what Active Threat Protection services from eSentire would have cost. Let’s not rule out impact to reputation and brand which can trigger in a New York minute.

With Active Threat Protection from eSentire, clients benefit from immediate threat isolation, mitigation and real-time reports. Quite literally we are talking about an ounce of prevention versus a pound of cure.

There’s a reason why eSentire is the trusted, award-winning security services provider to more than 450 financial services firms, legal, extractive and healthcare organizations. We can comfortably lay claim to pioneering Continuous Advanced Threat Protection, which leading analyst firm Gartner Research began covering in June 2014 as a best practices framework for defending against cybersecurity attacks.

In our world, managing and mitigating a threat like “FIN4” is simply another day at the office.

J. Paul Haynes
J. Paul Haynes President & Chief Operating Officer

J.Paul Haynes is a professional engineer with a 25-year entrepreneurial track record of success. J.Paul has led eSentire to 10x its size since he joined the company in late 2010.