What We Do
How we do it
Resources
SECURITY ADVISORIES
May 11, 2022
CVE-2022-26923 - Active Directory Domain Services Elevation of Privilege Vulnerability
THE THREAT Microsoft has disclosed a new vulnerability impacting Active Directory Certificate Services (ADCS) tracked as CVE-2022-26923 (Active Directory Domain Services Elevation of Privilege Vulnerability). If exploited successfully, an authenticated attacker can escalate privileges in environments where ADCS is running on the domain. eSentire is aware of technical details and tooling [2] for…
Read More
View all Advisories →
Company
ABOUT ESENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1200+ organizations in 75+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
May 17, 2022
Cybersecurity Leader eSentire Continues Its Commitment to Rigorous Security Standards Earning PCI DSS Certification
Waterloo, ON, May 17, 2022 — eSentire, the Authority in Managed Detection and Response (MDR), maintains one of the most secure and robust IT environments of any MDR provider in the industry. To that end, eSentire today announced that it has received the Payment Card Industry Data Security Standard (PCI DSS) certification, considered one of the most stringent and comprehensive payment card…
Read More
Partners
PARTNER PROGRAM
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
ECOSYSTEM PARTNER RESOURCES
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
Resources
Blog — Jul 07, 2020

Mitigating Risk in a World of Gray Zone Threat Actors

Speak With A Security Expert Now

I had the pleasure of speaking at a virtual conference hosted by the National Association of Manufacturers to bring leaders together to examine the latest threats facing manufacturing. Shortages in off-shored medical equipment over the last few months under the thumb of a pandemic demonstrated the strategic value and critical role that manufacturing plays in the economy and security of the country.

The conference kicked off with guest speaker Jacob Helberg, who is a senior advisor at the Stanford University Cyber Policy Center. It was refreshing to hear his perspective from a high altitude above the cybersecurity field. He reiterated that while many threat actors are financially motivated, state-sponsored or nation state actors are driven by political motivation. He spoke of “gray zones” or countries seeking to challenge the United States below the threshold of war. It’s a murky world between war and peace. As I describe in my book, No Safe Harbor, the delineation between combatant and non-combatant has evaporated. There is no such thing as collateral damage anymore. It’s simply damage.

Security operations have seen nation states targeting mid-market firms (read more) and these attacks seem to follow major global events. As a result, organizations feel the aftershocks of the tectonic political events like, much like missile exchanges in the Middle East or trade wars with Asia.

And these attacks lead to a four-times increase in annualized cyber insurance claims. Catherine Lyle, Head of Claims with Coalition, walked us through two specific claims to explore the challenges and best practices to offset risk through insurance, managing cyber incidents, and making claims.

Her presentation was packed with eye opening metrics:

These are staggering numbers in some respects. Many business leaders thought ransomware was diminishing, which is the opposite of reality. Ransomware payments are increasing as criminals invest in hands-on-keyboard attacks. While ransomware as a single-point (say one laptop) is dying, invested attacks are leveraging your own tools against you to matestize, planting ransomware across your environment and back-up systems to create massive outages and disruptions, as seen with Travelex at the beginning of 2020.

And Lyle warned not to make payment without consulting with your general counsel and insurer. In many cases, she described the insurer’s agents negotiated with the criminals, reducing ransoms, and in 97.2 percent of the cases, were able to recover funds lost to fraud.

Cybersecurity is not an IT problem to solve. It’s a business risk to manage. Understanding that global events do affect you, and identifying those that target you and why, is critical to building a strategy of “deterrence by denial” (denying the enemy their objective) as Jacob Helberg called it. It’s an old Cold War theory that stresses the criticality of using tactics to deter the enemy without escalating the threat, to avoid all out war. And managing that risk, including understanding offset strategies such as insurance, are critical to preparing for the worst. Or in a world of gray zone power players who see everyone as fair game, the inevitable.

View Most Recent Blogs
eSentire
eSentire

eSentire is the Authority in Managed Detection and Response, protecting the critical data and applications of 1200+ organizations in 75+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk, and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts & Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services. For more information, visit www.esentire.com and follow @eSentire.