Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Visibility and response across your entire Microsoft security ecosystem.
XDR with Machine Learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert threat hunting, original research, and proactive threat intelligence.
TRU is foundational to our MDR service. No add-ons or additional costs required.
Flexible MDR packages that enhance your cyber resilience and security operations.
Stop ransomware attacks before they disrupt your business.
Detect and respond to zero-day exploits.
Protect against third-party and supply chain risk.
Adopt a risk-based approach to cybersecurity.
Protect your most sensitive data.
Meet cybersecurity regulatory compliance mandates.
Eliminate misconfigurations and policy violations.
Prevent business disruption by outsourcing MDR.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and mediating threats to prevent lateral spread.
Enhance investigation and threat detection across multi-cloud or hybrid environments.
Remediate critical misconfigurations, security vulnerabilities and policy violations across cloud and containerized environments.
Detect malicious insider and identity-based behavior leveraging machine learning models.
THE THREAT On August 21st, 2023, Ivanti disclosed a new vulnerability impacting Ivanti Sentry (formerly MobileIron Sentry). Ivanti has confirmed limited exploitation occurred prior to the disclosure… READ NOW
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company's mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Waterloo, ON–September 6, 2023 – eSentire, Inc., the Authority in Managed Detection and Response (MDR), and Kterio, the leading provider of smart building operating systems, today announced that they… READ NOW
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
We believe a multi-signal approach is paramount to protecting your complete attack surface. See why eSentire MDR means multi-signal telemetry and complete response.
See how our 24/7 SOC Cyber Analysts and Elite Threat Hunters stop even the most advanced cyberattacks before they disrupt your business.
Choose the right mix of Managed Detection and Response, Exposure Management, and Incident Response services to strengthen your cyber resilience.
Try our interactive tools including the MITRE ATT&CK Tool, the SOC Pricing Calculator, the Cybersecurity Maturity Assessment, and our MDR ROI Calculator.
Read the latest security advisories, blogs, reports, industry publications and webinars published by eSentire's Threat Response Unit (TRU).
See why 2000+ organizations count on eSentire to build resilience and prevent business disruption.
Cybersecurity is not an IT problem to solve—it's a business risk to manage. In the Managing Cyber Risk podcast series, Mark Sangster, Vice President and Industry Security Strategist at eSentire, and Cybercrime Magazine’s Hillarie McClure lead conversations with cybersecurity experts, using the dollars-and-cents language of the C-suite to expose the issues, challenges and pitfalls which are often obscured by ones and zeroes.
Want to listen to the full episode instead? Click here.
“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”
It’s unlikely that Sun Tzu was writing about cybersecurity, but he might as well havße been.
Today’s adversaries are well-organized, well-funded, and well-equipped, and they operate as structured enterprises—leading Mark Sangster, VP Industry Security Strategy at eSentire, to describe them as the “Misfortune 500.”
Knowing your adversary is an essential element of cyber warfare, which is why Mark and Cybercrime Magazine’s Hillarie McClure spoke to Col. (Ret.) Timothy Evans, SVP, Co-Founder and Chief of Strategy at Adlumin.
During the conversation, they touched on a wide range of topics, such as common misconceptions about cyberattacks, today’s adversaries and their goals, how cyberattacks are conducted, and spotting them before it’s too late.
Early in the conversation, Mark and Tim touch on three dangerous, and stubbornly persistent, misconceptions:
“We’re not a target”: No matter how big, how small, how ‘boring’ or how well-defended your organization is, cybercriminals can and will target you.
“Most cyberattacks are obvious, only a fool would fall for them”: We’re all accustomed to receiving obvious spam emails, and that can trick us into a state of overconfidence. But cyberattacks against corporations are very different. Phishing emails are often personalized, and they increasingly make use of public and private information to look legitimate. Assuming that cyber threats are obvious only increases the odds that an attack against your company will be successful.
“Well, I guess there’s nothing we can do if a sophisticated cybercriminalattacker targets us”: This one is closely related to the after-the-fact outcry of “there were no signs”. But the truth is that cyberattacks aren’t instantaneous and there are always signs. Your cybersecurity team just needs to know what to look for and more importantly, they need to have the security operations capabilities to do so.
Businesses are finally understanding that today’s cyber threat actors aren’t rogue individuals, but run highly sophisticated operations with many of the same functions (e.g., recruitment, R&D, operations, and business development) as modern enterprises. What’s more, they operate in a mature ecosystem complete with specialty services, marketplaces, channel, and affiliate programs, and so on.
Prosecution for ransomware gangs remain relatively rare, often due to the cross-border nature of the cybercrime. In fact, Tim also noted that he’s seen evidence of ransomware operators installing and maintaining backdoors for possible use in a wartime scenario.
Learning how today’s adversaries operate and their psyche can significantly help your team understand the best way to protect your organization and mitigate your cyber risk.
Cybercriminals are after money—the rewards of a successful cyberattack are high, especially when threat actors introduce multiple revenue streams by combining ransomware attacks with stealing and selling valuable information.
Although adversaries are motivated by stealing a company’s intellectual property or proprietary data, disabling systems and services and making crucial information unavailable continues to generate impressive returns for ransomware operators. The average ransom across all industries reached $570,000 in the first half of 2021, an 83% increase over 2020.
Additionally, cybercriminals routinely use double- and triple-extortion tactics to compel the victim to pay to recover access to systems, prevent the publication of protected health information (PHI) and personally identifiable information (PII), and avoid the potential regulatory fines.
The fact remains, whether the victim pays the ransom or not, ransomware groups may still sell stolen data in cybercrime marketplaces given the specific benefits associated with different types of data:
Financial information is used to compromise bank accounts and commit wire transfer frauds
Employee information can be used for identity theft, to commit fraud, and to engage in longer, more complex operations like business email compromise (BEC) and highly targeted phishing scams
Patient information can be used to blackmail individuals—PHI, in particular, is regarded as being much more valuable than credit card information, with each record worth anywhere from $10 to $1,000
The broad stages of a cyberattack are standardized—initial access is gained, intrusion actions are performed, and then malware is detonated—but the specifics of execution differ.
While staying up to date with the latest tactics, techniques and procedures (TTPs) can be challenging since they’re always evolving, Mark suggests that the corrective action plans (CAPs) prepared by the Office for Civil Rights (OCR) in response to HIPAA violations are a good source. Although they don’t spell out the details, it’s usually straightforward to determine how an organization succumbed to a cyberattack.
Sophisticated threat actors will target your company sooner or later and they’re very adept at gaining access into your environment. But cyberattacks—particularly ransomware attacks—don’t happen instantaneously.
Once inside an environment, cybercriminals engage in ‘intrusion actions’ like domain reconnaissance, creating new accounts, finding backups, exfiltrating data, harvesting credentials, creating backdoors, and identifying the systems and services that should be targeted to inflict maximum pressure on the victim.
These activities take time, and they create Indicators of Compromise (IoCs) that are detectable with the right tools.
“You have to know every time an account is created, and you have to be able to verify that we created that account…which is really hard for large organizations,” Tim stressed.
To underscore the point, Mark shared an example of a recent breach of a healthcare delivery organization (HDO) in which an IT technician noticed some strange account creation and reached out to HR, who subsequently escalated the matter to the IT manager. Unfortunately, it was a long weekend, the IT manager was busy and decided to look at things on Monday—by which point ransomware had shut down the organization.
Similarly, user behavior analytics can recognize strange file transfers, lateral movements and other unusual activities, like a user suddenly running PowerShell for the first time.
Fortunately, organizations don’t have to wait until they’re under attack to recognize and address their own vulnerabilities. At a minimum, Tim recommends looking for compromised accounts on the dark web and using tools like Shodan to understand what cybercriminals see when they look at your network.
You can also adopt a more proactive, risk-based approach to cybersecurity that leverages a comprehensive vulnerability management program, Phishing and Security Awareness Training (PSAT), engaging an Managed Detection and Response (MDR) provider, to identify and contain cyber threats that bypassed existing defenses, and Incident Response (IR).
Doing the basics—strong passwords, multi-factor authentication, controlled and encrypted access, least privilege, and network segmentation—is essential and while these countermeasures might not stop cybercriminals outright, they can slow down adversaries and give you the opportunity to detect their presence.
In fact, Tim reiterates the importance of monitoring for the telltale signs of intrusion: “There are certain things that you absolutely need to monitor. If you’re an organization of CISOs, you have to put this at the top of your agenda. You need to know what you need to be monitoring.”
Listen to the full Learning from the Adversary episode of the Managing Cyber Risk podcast series as Mark Sangster and Hillarie McClure interview Col. (Ret.) Timothy Evans what we can learn from the adversary, the evolution of ransomware, and more.
eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization’s cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world’s most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit: www.esentire.com and follow @eSentire.