What We Do
How we do it
Resources
Company
ABOUT ESENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
Mar 20, 2023
Exertis and eSentire Partner to Deliver 24/7 Multi-Signal MDR, Digital Forensics & IR Services and Exposure Management to Organisations Across the UK, Ireland, and Europe
Basingstoke, UK– 20 March, 2023. Leading technology distributor, Exertis, announced today that it has bolstered its cybersecurity services, adding eSentire, the Authority in Managed Detection and Response (MDR), to its Enterprise portfolio of offerings. eSentire’s award-winning, 24/7 multi-signal MDR, Digital Forensics & Incident Response (IR), and Exposure Management services will be available…
Read More
Partners
PARTNER PROGRAM
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
ECOSYSTEM PARTNER RESOURCES
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
Resources
Blog — Dec 04, 2015

Just another day at the office: protecting clients from complex threat networks

3 minutes read
Speak With A Security Expert Now

On Dec. 1, a large US-based cybersecurity firm received extensive international media coverage for a reported cybersecurity incident. The incident focused on a threat actor classified as “FIN4”. Reports describe an active targeted phishing campaign with a focus specifically targeted at “the emails of C-level executives, legal counsel, regulatory risk, and compliance personnel, and other individuals who would regularly discuss confidential, market-moving information”.

The technique uses spear-phishing emails to gather credentials from users and return them back to the “FIN4” Command and Control servers (CnC) where the login credentials are then used to log into the users webmail remotely through TOR to escalate the attack. Again the level of angst was escalated further.

While this news article may be the first mention of “FIN4”, eSentire has been tracking and mitigating this very activity for more than a year. Late in 2013, eSentire issued a service advisory to its client base giving visibility to a .docm file circulating through the hedge fund atmosphere. At the time, eSentire’s Security Operations Center flagged what is now known as “FIN4” activity at its earliest inception. Then, the intent of the attack was the same: to drive a spear-phishing campaign with the explicit intent of accessing sensitive financial data in the hedge fund market through credential harvest.

The story surrounding “FIN4” is an important one, however, a story like this reminds us of the complexity and challenges faced by the Information Security industry. Complicated threats like these don’t pop up overnight. Dedicated forensics is critical in identifying and managing threats of this nature. eSentire clients have not been affected by “FIN4” attacks thanks to our Security Operations Center’s ongoing forensics and layered Active Threat Protection services.

What is it about the eSentire approach to Active Threat Protection that’s so unique? We’re able to see and mitigate threats of this nature through continuous monitoring. eSentire analysts continually monitor ALL our client’s network traffic, looking for signs of atypical behavior by utilizing ‘operationalized forensics’ - a technique pioneered by eSentire - which is the continuous analysis of all traffic flowing into and out of client networks.

As with the attack initially detected by eSentire in 2013, when a compromised word document containing the macro executes and connects to an external server and transfers data - in this case user credentials to an unfamiliar IP destination - we notice those unusual behavioral signals and immediately scrutinize it.

With our DVR-like capabilities, our skilled threat analysts rewind and replay the traffic and critically analyze it. If the traffic looks malicious, we block that specific connection on that customer’s network. Next, the block is propagated to all other eSentire subscriber networks through our Asset Manager Protect service, ensuring all clients are protected from the threat in question. At eSentire, this is standard operating procedure, 24/7/365, whether during business hours on Wednesday or at 2AM on Sunday.

If your first visibility into a major attack network like that publicized this week comes from a best-in-class forensic firm, the horse is likely already out of the barn. At this stage of breach you are also calling lawyers, regulators and law enforcement. Even worse, you have spent at least three to five full years of what Active Threat Protection services from eSentire would have cost. Let’s not rule out impact to reputation and brand which can trigger in a New York minute.

With Active Threat Protection from eSentire, clients benefit from immediate threat isolation, mitigation and real-time reports. Quite literally we are talking about an ounce of prevention versus a pound of cure.

There’s a reason why eSentire is the trusted, award-winning security services provider to more than 450 financial services firms, legal, extractive and healthcare organizations. We can comfortably lay claim to pioneering Continuous Advanced Threat Protection, which leading analyst firm Gartner Research began covering in June 2014 as a best practices framework for defending against cybersecurity attacks.

In our world, managing and mitigating a threat like “FIN4” is simply another day at the office.

View Most Recent Blogs
J. Paul Haynes
J. Paul Haynes President & Chief Operating Officer
J.Paul Haynes is a professional engineer with a 25-year entrepreneurial track record of success. J.Paul has led eSentire to 10x its size since he joined the company in late 2010.