What We Do
How we do it
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
View Threat Intelligence Resources →
Mar 15, 2023
CVE-2023-23397 - Microsoft Outlook Elevation of Privilege Zero-Day Vulnerability
THE THREAT On March 14th, as part of Microsoft’s monthly Patch Tuesday release, the company disclosed a critical, actively exploited vulnerability impacting Microsoft Office and Outlook. The…
Read More
View all Advisories →
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
Mar 20, 2023
Exertis and eSentire Partner to Deliver 24/7 Multi-Signal MDR, Digital Forensics & IR Services and Exposure Management to Organisations Across the UK, Ireland, and Europe
Basingstoke, UK– 20 March, 2023. Leading technology distributor, Exertis, announced today that it has bolstered its cybersecurity services, adding eSentire, the Authority in Managed Detection and Response (MDR), to its Enterprise portfolio of offerings. eSentire’s award-winning, 24/7 multi-signal MDR, Digital Forensics & Incident Response (IR), and Exposure Management services will be available…
Read More
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Blog — Nov 18, 2021

Microsoft Grows Big In Security With Partners

4 minutes read
Speak With A Security Expert Now

The cybersecurity game was never going to be the same once Microsoft made a serious play for the space, and this year the company has lived up to that promise: with $10 billion in security business revenues last year and its August pledge to invest $20 billion more over the next five years, Microsoft’s partner-focused strategy is paying off big time for managed detection and response (MDR) partners.

Those partners have been a key consideration in the expanding security ecosystem of Microsoft, which has provided an extensive array of APIs to improve integration with its cloud-based security services.

The company has also been expanding its certifications and specializations to ensure partners can meet the increasingly sophisticated needs of enterprise customers struggling to secure their digitally transformed environments.

Partners increased their security business revenues by up to 130 percent year-on-year by buying into Microsoft’s security ecosystem, a Microsoft-commissioned Forrester Consulting survey found, while the company’s recent announcement of a 400 percent increase in partner program funding — including expansion of its Microsoft Intelligent Security Association (MISA), new skilling resources, and a new advanced specialization for security — suggests there are even bigger things to come.

Cybercrime Radio: Microsoft continues to lead

eSentire secures the ecosystem, stops the bad guys

For MDR provider eSentire, Microsoft’s API-driven strategy has been the key to delivering a core market differentiator — a guaranteed 4-hour response time, which was introduced earlier this year after the company’s acquisition of digital forensics company CyFIR.

“Direct API integration for being able to take a response action is how we get to those response times that are a differentiator for us,” Kurtis Armour, director of product management – endpoint and Microsoft security with eSentire, recently told Cybercrime Magazine.

Microsoft’s success in building a community of interconnected partners has positioned the company to become the dominant force in a security industry that has exploded over the past year, with Cybersecurity Ventures projecting that the market will grow 15 percent year-on-year to represent $1.75 trillion in spending from 2021 to 2025.

The Redmond giant’s recent commitment to invest $20 billion in its security ecosystem is designed to tap that growth — and Armour is confident that Microsoft’s steady innovation in areas like cloud-based next-generation SIEMs and zero-trust security will keep it a force to be reckoned with.

“We’re going to see Microsoft continue to be a leader in each of their categories,” he said. “With the interconnectivity of all the Microsoft products, aligned with delivering best-in-class security, we expect it to take over the cloud SIEM market and displace the likes of the Splunks, QRadars, and LogRhythms out there.”

Intelligence-powered response

Integration is particularly important for eSentire, which relies on API integrations to enable the continuous collection and analysis of threat-intelligence data to support its detection and response capabilities.

These capabilities are supported by eSentire’s Threat Response Unit (TRU), which maintains three core operations that work in concert to stay ahead of emerging threats.

The Tactical Threat Response Unit, for example, “is specifically for creating novel detections that are missed within the native products that we work with,” Armour explained.

Its Threat Intelligence operation “is an important part of being able to do retroactive analysis on threats that we’ve seen, as well as taking data that we get from industry and being able to pump that for indicators of compromise, indicators of attack, and looking for attack patterns within our customer base.”

The third arm of TRU, the Advanced Threat Analytics team, refines machine-learning models and “complex detections that you just can’t do in a query,” he said. “These are unique, high-fidelity detections that are sent through the SOC, where they do investigation and response.”

By integrating these capabilities with Microsoft’s broader identity-based security services, eSentire is expanding the reach of its solutions with a looming cloud application security broker (CASB) offering that will increase the company’s visibility and control of SaaS applications.

“There are a lot of cool things that we’re going to get to do with Microsoft,” Armour said, noting that the company recently achieved Gold Security partner status with Microsoft and is in the process of getting an Advanced Specialization in Identity and Access Management.

The company’s investment in understanding Microsoft’s evolving security services is seen as a key enabler of a business model that eSentire uses to differentiate itself against competitors by using API-based automation to proactively respond to incidents that others, Armour noted, might simply drop in the customer’s lap.

“We not only stop the bad guy and prevent business-interrupting events, but we also go in and kick out the bad guy,” he explained, noting that “when we think about Microsoft and the actions that we’re able to take tied to email, endpoint and identity, those are the main things for us to be able to take care of a specific threat within a customer’s environment.”

“If you can control visibility, detection and response across all those points, you’re able to deal with any threat that comes up.”

“We will make sure whatever access that [cybercriminal] had to execute their initial attack lifecycle, they no longer have that anymore — and the customer is in a healthy and clean state to be able to release that from isolation and go back to their normal business.”

David Braue is an award-winning technology writer based in Melbourne, Australia.

Go here to read all of David’s Cybercrime Magazine articles.

Originally posted on cybersecurityventures.com

View Most Recent Blogs

eSentire is the Authority in Managed Detection and Response, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk, and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts & Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services. For more information, visit www.esentire.com and follow @eSentire.