Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert hunting, research and content.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and remediating threats to prevent lateral spread.
Investigation and enhanced threat detection across multi-cloud or hybrid environments.
Configuration escalations, policy and posture management.
Detects malicious insider behavior leveraging Machine Learning models.
Customer testimonials and case studies.
Stories on cyberattacks, customers, employees, and more.
Cyber incident, analyst, and thought leadership reports.
Demonstrations, seminars and presentations on cybersecurity topics.
Information and solution briefs for our services.
MITRE ATT&CK Framework, Cybersecurity Assessment, SOC Calculator & more
eSentire is presenting at this event.
eSentire will be hosting a roundtable at the HFM Private Equity…
eSentire is a sponsor at this event.
This blog was originally published on CyFIR.com and has been reposted as-is here following eSentire’s acquisition of CyFIR Inc. in June 2021. As of the date of the acquisition, no changes have been made to the content below.
CASE STUDY IN PARTNERSHIP WITH
A global manufacturer was hit with a ransomware attack that locked up its critical business systems. Despite losing $1 million per day from an inability to operate, the company wasn’t inclined to pay the ransom— even though its very survival was at stake. The company simply had no assurance the attacker would grant system access upon payment. Moreover, failure to address the underlying causes would leave the company vulnerable to similar attacks in the future, perhaps from the same threat actor.
The company’s security team worked around the clock to determine the point of attack, identify the attacker and remove the threat from their system. But after two days of unsuccessfully attempting to resolve the issue internally, the CEO contacted WWT for help. The CEO had successfully worked with WWT on various cybersecurity issues in the past. Based on those experiences and his confidence in their ability, they were the first call he made when confronted with a significant security threat to his business.
Once WWT’s Security team assessed the severity of the attack, they determined that CyFIR’s powerful investigation and incident response tool was needed to remediate the breach. They immediately contacted CyFIR’s team of computer forensic practitioners to partner with them to remediate the attack and improve our customer's security posture in the process.
Upon receiving the call from WWT on a Sunday afternoon, CyFIR jumped to action and contacted the manufacturer directly to better understand the situation. CyFIR’s team immediately began working with the customer’s security team to remotely deploy CyFIR’s forensic investigation tools across all the endpoints on the network. This enabled them to begin analysis of what was attacking the system.
WWT has a strong partnership with CyFIR thanks to past joint efforts to solve complex security issues for customers and our CyFIR Forensic Instant Response Lab in our Advanced Technology Center (ATC). This interactive CyFIR Lab provides a safe environment for organizations to evaluate the functionality of the CyFIR Enterprise suite on various Windows and Linux endpoints. It's a great starting point for anyone wanting to understand how CyFIR’s Forensic Analysis and Instant Response solution can bring cyber resiliency to an organization.
With the forensic analysis underway, the CyFIR team traveled to meet with the company’s security team on Monday morning. By the time they met, CyFIR had determined the attack came from a laptop running in the manufacturing department that hadn’t been used in some time but was still active. Unfortunately, because of the time delay in reporting the incident to WWT and CyFIR, the company’s critical files had been encrypted by the attacker and the encryption keys could not be unlocked without paying the ransom.
Backing up and encrypting your critical files offline is one of the best ways to avoid the impact of ransomware attacks.
CyFIR worked with the company to recover most of the files that had been successfully backed up offline by Wednesday. Backing up and encrypting your critical files offline is one of the best ways to avoid the impact of ransomware attacks. This allowed the company to successfully return to normal operations. In addition, the WWT and CyFIR team completed a comprehensive threat assessment across the company’s network, identifying and removing various threats and assuring the attacker was eliminated from the network.
Upon completing the threat assessment, the company engaged CyFIR to install a continuous monitoring function across all endpoints in their network.
Working closely with CyFIR, WWT helped a valued customer get their manufacturing operations back online, which eliminated an ongoing daily loss of $1 million. In addition to remediating the ransomware threat and restoring backed up data, they helped identify and eliminate other latent threats from the customer’s network. The manufacturer has since adopted CyFIR’s continuous monitoring technology to significantly reduce the risk of loss from future cyberattacks.
To proactively prevent similar attacks from occurring and maintain a healthy security hygiene, organizations should continuously assess their levels of risk, establish metrics, make sure store encrypted backups of critical data offline, and conduct awareness training and incident response table top exercises on routine basis.
As IT becomes an increasingly important business enabler, it's imperative to apply the notion of risk management to all organizations. A risk-based approach to management can lead to greater accountability and a better change management environment.
Business impact and risk analysis are important lenses for understanding your company’s operational vulnerabilities as well as the various platforms from which to explore risk mitigation and contingency-planning activities.
Through close partnerships with leading security vendors like CyFIR, WWT can help you evaluate your existing security tools against industry standards to ensure you have pervasive, real-time visibility, improved operational efficiency and a mature cybersecurity program.
Get notified of the latest news, intel and helpful tools & assets. You can unsubscribe anytime.
eSentire is the Authority in Managed Detection and Response, protecting the critical data and applications of 1200+ organizations in 75+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk, and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts & Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services. For more information, visit www.esentire.com and follow @eSentire.