What We Do
How we do it
Resources
SECURITY ADVISORIES
Jul 29, 2021
UPDATE: PetitPotam NTLM Relay Attack
THE THREAT PetitPotam is a variant of the NTLM Relay attack discovered by security researcher Gilles Lionel. It is tracked as an authentication bypass vulnerability in Active Directory (Certificate Services); currently no CVE identifier has been assigned to this vulnerability. Proof of Concept (PoC) code released last week [1] relies on the Encrypting File System Remote (EFSRPC) protocol to…
Read More
View all Advisories →
Company
ABOUT eSENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
Jul 12, 2021
Tecala and eSentire Partner to Protect Enterprises across APAC from Business-Disrupting Cyber Attacks
Sydney, 12 July, 2021 - Tecala, Australia’s award-winning technology services and IT consulting provider, today announced it has chosen eSentire, the global Authority in Managed Detection and Response (MDR) cybersecurity services, as their exclusive MDR solution provider in Australia and New Zealand. This partnership will enable Tecala to augment its cybersecurity practice and offer enterprises…
Read More
Partners
PARTNER PROGRAM
Partners
Our award-winning partner program offers financial rewards, sales and marketing tools and personalized training. Accelerate your business and grow your revenue by offering our world-class Managed Detection and Response (MDR) services.
Learn about our Partner Program
Resources
Blog — Aug 21, 2015

Navigating the regulatory maze

2 min read

Last year's SEC 28-point security Risk Alert triggered a wave of regulatory compliance reports and requirements that have transformed the way the industry thinks about cybersecurity. The big breach stories of 2014 made the topic unavoidable in the boardroom and a top priority on the legislative slate.

Initial findings released after the SEC’s first wave of cybersecurity examinations revealed staggering facts: of the 106 firms inspected, 88% of broker-dealers and 74% of advisers examined experienced a cyber attack either directly or through one of their vendors.

As a result of these initial examinations, the SEC and FINRA last February released a series of recommendations. These recommendations are intended as interim guidance while the SEC and FINRA continue to build out a formal compliance framework.

Without a doubt, these recommendations are essential (and fundamental) cybersecurity considerations, however many firms have found it difficult to navigate the maze and determine which points are applicable to the unique requirements based on their firm’s size.

Recognizing that the recommendations aren’t a one-size-fits-all guide, eSentire recently published a pragmatic document categorizing considerations for varying sizes of firms, building on three specific measures highlighted in the SEC findings. While they don’t necessarily form an explicit list of what firms should do to fulfill their duties when it comes to information security, it’s important to be able to identify which of the recommended facets apply to your firm and its unique size. The three measures focus on:

  1. Periodic Cybersecurity Assessment
  2. Detecting and Responding to Cybersecurity Threats
  3. Documented Cybersecurity Policies and Procedures

The SEC Matrix from eSentire takes these three measures into account, divvying them for firms with AUM under $1B, between $1-5B and firms with over $5B in AUM. While each class has very unique considerations, it’s important to regard the lists as additive; as firms move higher on the scale they shouldn’t just consider the list prescribed for larger funds. It’s important that larger funds review and consider recommendations for smaller funds too, as those measures are critical for funds of all sizes.

The document is a pragmatic security to-do list that helps ensure that as you’re continually augmenting your cybersecurity defences you’ve got peripheral compliance considerations covered too. To view the complete lists and pragmatic checklist download your copy of the SEC Matrix today.

Eldon Sprickerhoff
Eldon Sprickerhoff Founder and Chief Innovation Officer

In founding eSentire, Eldon Sprickerhoff responded to the incipient yet rapidly growing demand for a more proactive approach to preventing and investigating information security breaches. Now with over twenty years of tactical experience, he is acknowledged as a subject matter expert in information security analysis.