Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Visibility and response across your entire Microsoft security ecosystem.
XDR with Machine Learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert threat hunting, original research, and proactive threat intelligence.
TRU is foundational to our MDR service. No add-ons or additional costs required.
Stop ransomware attacks before they disrupt your business.
Detect and respond to zero-day exploits.
Protect against third-party and supply chain risk.
Adopt a risk-based approach to cybersecurity.
Protect your most sensitive data.
Meet cybersecurity regulatory compliance mandates.
Eliminate misconfigurations and policy violations.
Prevent business disruption by outsourcing MDR.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and mediating threats to prevent lateral spread.
Enhance investigation and threat detection across multi-cloud or hybrid environments.
Remediate critical misconfigurations, security vulnerabilities and policy violations across cloud and containerized environments.
Detect malicious insider and identity-based behavior leveraging machine learning models.
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company's mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
We believe a multi-signal approach is paramount to protecting your complete attack surface. See why eSentire MDR means multi-signal telemetry and complete response.
See how our 24/7 SOC Cyber Analysts and Elite Threat Hunters stop even the most advanced cyberattacks before they disrupt your business.
Choose the right mix of Managed Detection and Response, Exposure Management, and Incident Response services to strengthen your cyber resilience.
Try our interactive tools including the MITRE ATT&CK Tool, the SOC Pricing Calculator, the Cybersecurity Maturity Assessment, and our MDR ROI Calculator.
Read the latest security advisories, blogs, reports, industry publications and webinars published by eSentire's Threat Response Unit (TRU).
See why 2000+ organizations count on eSentire to build resilience and prevent business disruption.
This blog was originally published on CyFIR.com and has been reposted as-is here following eSentire’s acquisition of CyFIR Inc. in June 2021. As of the date of the acquisition, no changes have been made to the content below.
CASE STUDY IN PARTNERSHIP WITH
A global manufacturer was hit with a ransomware attack that locked up its critical business systems. Despite losing $1 million per day from an inability to operate, the company wasn’t inclined to pay the ransom— even though its very survival was at stake. The company simply had no assurance the attacker would grant system access upon payment. Moreover, failure to address the underlying causes would leave the company vulnerable to similar attacks in the future, perhaps from the same threat actor.
The company’s security team worked around the clock to determine the point of attack, identify the attacker and remove the threat from their system. But after two days of unsuccessfully attempting to resolve the issue internally, the CEO contacted WWT for help. The CEO had successfully worked with WWT on various cybersecurity issues in the past. Based on those experiences and his confidence in their ability, they were the first call he made when confronted with a significant security threat to his business.
Once WWT’s Security team assessed the severity of the attack, they determined that CyFIR’s powerful investigation and incident response tool was needed to remediate the breach. They immediately contacted CyFIR’s team of computer forensic practitioners to partner with them to remediate the attack and improve our customer's security posture in the process.
Upon receiving the call from WWT on a Sunday afternoon, CyFIR jumped to action and contacted the manufacturer directly to better understand the situation. CyFIR’s team immediately began working with the customer’s security team to remotely deploy CyFIR’s forensic investigation tools across all the endpoints on the network. This enabled them to begin analysis of what was attacking the system.
WWT has a strong partnership with CyFIR thanks to past joint efforts to solve complex security issues for customers and our CyFIR Forensic Instant Response Lab in our Advanced Technology Center (ATC). This interactive CyFIR Lab provides a safe environment for organizations to evaluate the functionality of the CyFIR Enterprise suite on various Windows and Linux endpoints. It's a great starting point for anyone wanting to understand how CyFIR’s Forensic Analysis and Instant Response solution can bring cyber resiliency to an organization.
With the forensic analysis underway, the CyFIR team traveled to meet with the company’s security team on Monday morning. By the time they met, CyFIR had determined the attack came from a laptop running in the manufacturing department that hadn’t been used in some time but was still active. Unfortunately, because of the time delay in reporting the incident to WWT and CyFIR, the company’s critical files had been encrypted by the attacker and the encryption keys could not be unlocked without paying the ransom.
Backing up and encrypting your critical files offline is one of the best ways to avoid the impact of ransomware attacks.
CyFIR worked with the company to recover most of the files that had been successfully backed up offline by Wednesday. Backing up and encrypting your critical files offline is one of the best ways to avoid the impact of ransomware attacks. This allowed the company to successfully return to normal operations. In addition, the WWT and CyFIR team completed a comprehensive threat assessment across the company’s network, identifying and removing various threats and assuring the attacker was eliminated from the network.
Upon completing the threat assessment, the company engaged CyFIR to install a continuous monitoring function across all endpoints in their network.
Working closely with CyFIR, WWT helped a valued customer get their manufacturing operations back online, which eliminated an ongoing daily loss of $1 million. In addition to remediating the ransomware threat and restoring backed up data, they helped identify and eliminate other latent threats from the customer’s network. The manufacturer has since adopted CyFIR’s continuous monitoring technology to significantly reduce the risk of loss from future cyberattacks.
To proactively prevent similar attacks from occurring and maintain a healthy security hygiene, organizations should continuously assess their levels of risk, establish metrics, make sure store encrypted backups of critical data offline, and conduct awareness training and incident response table top exercises on routine basis.
As IT becomes an increasingly important business enabler, it's imperative to apply the notion of risk management to all organizations. A risk-based approach to management can lead to greater accountability and a better change management environment.
Business impact and risk analysis are important lenses for understanding your company’s operational vulnerabilities as well as the various platforms from which to explore risk mitigation and contingency-planning activities.
Through close partnerships with leading security vendors like CyFIR, WWT can help you evaluate your existing security tools against industry standards to ensure you have pervasive, real-time visibility, improved operational efficiency and a mature cybersecurity program.
eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization’s cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world’s most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit: www.esentire.com and follow @eSentire.