Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Visibility and response across your entire Microsoft security ecosystem.
XDR with Machine Learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert threat hunting, original research, and proactive threat intelligence.
TRU is foundational to our MDR service. No add-ons or additional costs required.
Flexible MDR packages that enhance your cyber resilience and security operations.
Stop ransomware attacks before they disrupt your business.
Detect and respond to zero-day exploits.
Protect against third-party and supply chain risk.
Adopt a risk-based approach to cybersecurity.
Protect your most sensitive data.
Meet cybersecurity regulatory compliance mandates.
Eliminate misconfigurations and policy violations.
Prevent business disruption by outsourcing MDR.
Meet insurability requirements with MDR.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and mediating threats to prevent lateral spread.
Enhance investigation and threat detection across multi-cloud or hybrid environments.
Remediate critical misconfigurations, security vulnerabilities and policy violations across cloud and containerized environments.
Detect malicious insider and identity-based behavior leveraging machine learning models.
THE THREAT eSentire is aware of widespread exploitation attempts targeting the recently disclosed ownCloud vulnerability CVE-2023-49103. CVE-2023-49103 (CVSS: 10) is tracked as a disclosure of… READ NOW
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company's mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Waterloo, ON and GITEX GLOBAL 2023, Dubai, UAE – October 18, 2023 – eSentire, Inc., the Authority in Managed Detection and Response (MDR), today announced that Inspira Enterprise Inc, (Inspira), a… READ NOW
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
We believe a multi-signal approach is paramount to protecting your complete attack surface. See why eSentire MDR means multi-signal telemetry and complete response.
See how our 24/7 SOC Cyber Analysts and Elite Threat Hunters stop even the most advanced cyberattacks before they disrupt your business.
Choose the right mix of Managed Detection and Response, Exposure Management, and Incident Response services to strengthen your cyber resilience.
Try our interactive tools including the MITRE ATT&CK Tool, the SOC Pricing Calculator, the Cybersecurity Maturity Assessment, and our MDR ROI Calculator.
Read the latest security advisories, blogs, reports, industry publications and webinars published by eSentire's Threat Response Unit (TRU).
See why 2000+ organizations count on eSentire to build resilience and prevent business disruption.
Originally posted in Corporate Compliance Insights November 12, 2019
With the California Consumer Privacy Act (CCPA) going into effect shortly, eSentire’s Mark Sangster deliberates on evolving data privacy laws and how companies can ensure stronger data privacy for customers.
The 2018 Cambridge Analytica scandal was a watershed moment for citizen privacy and the protection of our information rights. Consumers gained a greater understanding of the fact that when a product or service is “free,” it means their own information is the actual product. This is perhaps the greatest industrial revolution: the consumer is the product. Not only did it create an uproar, but it also resulted in significant financial penalties. The Federal Trade Commission (FTC) fined Facebook a record $5 billion for giving Cambridge Analytica improper access to its users.
The settlement is important, because it demonstrates that the FTC is taking consumers’ data privacy seriously. The scandal has also caused many consumers to reconsider what information they post – and whether they post at all – on social media and how many companies hold their personal information. In the case of Facebook – and, by extension, all other organizations with an online presence – when no privacy guarantees were ever proffered fully by the company, it represented a violation of implied trust.
In the European Union, the General Data Protection Regulation (GDPR) was established before the Facebook scandal became known. It was implemented in response to many other violations of trust and data collection – both intentional and accidental – as more and more companies collect citizens’ digitized personal information. The GDPR lays out stringent guidelines for what types of data organizations can collect and what they are allowed to do with it, complete with hefty fines for noncompliance. U.S. companies conducting business in the EU or holding data on EU citizens are subject to GDPR, but attempts to pass anything like GDPR in the U.S. have so far failed to gain significant traction.
The Origins of the California Consumer Privacy Act
The California Consumer Protection Act (CCPA) is perhaps the “Plymouth Rock” of privacy. The U.S. constitution contains no express right to privacy. It’s typically left up to the civil court system to decide on such matters as governed by state law or precedent. There’s no explicit equivalent of, say, Canada’s PIPEDA or Japan’s AAPI online privacy legislation. However, when data privacy legislation called the California Consumer Protection Act (CCPA) was introduced last year, it was passed within weeks of its introduction.
Clearly, there was an appetite, at least in tech-heavy California, for GDPR-style protections. The CCPA’s quick passage was also widely seen as a compromise with online companies that were eager to prevent a tougher citizen proposal from going onto the ballot. The legislation grants consumers new rights with respect to the collection of their personal information and goes into effect on January 1, 2020.
How Will the CCPA Affect Companies?
First and foremost, the CCPA is about privacy. It requires full disclosure from companies regarding the collection of personal information – everything from what details they are keeping to what sources that information is coming from and why they are collecting it.
It also includes the right for citizens to opt-out of having their information/data sold. Users and customers will have to be notified from the get-go about their information; they will have to acknowledge that their information is being collected, but they can choose not to allow those companies to sell their information to other companies. CCPA goes one step beyond GDPR to not only define privacy rights, but also expose the economic value of consumer data.
Similarly to GDPR’s right to be forgotten, CCPA includes the “right to be deleted.”
Companies won’t be allowed to retaliate against those customers who opt out of allowing their information to be sold by charging them higher fees or rates. A company like Google, for instance, wouldn’t be able to respond to a user opting out of having their information sold by then charging them (more) or restricting access to certain services.
How Companies Can Understand the Risks and Prepare
One of the major aspects of CCPA is that companies will have to declare the value of the data they are collecting – so if a company planned to sell that data, they would need to declare its resale value.
Organizations will need to find a way to ensure that every department understands what the requirements are under CCPA. Companies that fall within CCPA’s jurisdiction will need to map all of the information they collect. For many, they’ll find that certain departments have no understanding of the implications that arise from the information they regularly gather.
For instance, the marketing department may store sales information about customers and prospects in a customer relationship management (CRM) tool to create stronger buying personas. However, marketers are likely unaware that CCPA will require documentation of where that data came from and why it is being used. And in a situation like this, pleading ignorance is no longer a viable defense.
Companies will need to be able to fully map where the information goes, including across their supply chain, with a justified purpose. They will have to work to ensure they’re conducting due diligence and analyzing the benefits versus the risks to justify their actions to regulators if they come calling. This will help prevent “shiny object syndrome,” or a hoarder’s mentality in which companies collect all the data they can in the hopes that it will someday be useful.
In addition, companies must be able to secure this data. This will change how vendors are chosen. Organizations will need to analyze the risks associated with that vendor by conducting due diligence, then establish controls. They will have to put monitoring in place to ensure their vendors are in compliance with those data controls.
Stronger Security Ahead
The CCPA represents the first legislation of its kind to pass in the U.S., but it’s certainly not the last. This year, more than 20 states have considered data privacy legislation, though only Maine, Illinois and Nevada actually passed laws. California will be an acid test to watch as of January 1 of next year, when the legislation takes effect. It’s particularly interesting to watch, given how many of the biggest names in tech are also based in the Golden State.
But privacy legislation of this kind shouldn’t and doesn’t need to be seen as crippling to business. It can actually be a business advantage by forcing companies to really evaluate their supply chain and partners to understand how and why data is being stored and collected. This can ultimately protect not just consumers’ privacy, but companies from damaging breaches or other security incidents in the long term as they get a better handle on their data.
eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization’s cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world’s most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit: www.esentire.com and follow @eSentire.