What We Do
How we do it
Resources
SECURITY ADVISORIES
May 11, 2022
CVE-2022-26923 - Active Directory Domain Services Elevation of Privilege Vulnerability
THE THREAT Microsoft has disclosed a new vulnerability impacting Active Directory Certificate Services (ADCS) tracked as CVE-2022-26923 (Active Directory Domain Services Elevation of Privilege Vulnerability). If exploited successfully, an authenticated attacker can escalate privileges in environments where ADCS is running on the domain. eSentire is aware of technical details and tooling [2] for…
Read More
View all Advisories →
Company
ABOUT ESENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1200+ organizations in 75+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
May 10, 2022
Cybersecurity Leader eSentire Introduces e3 Partner Ecosystem Transforming How Value Is Delivered to Business Leaders
Waterloo, ON, May 10, 2022— eSentire, the Authority in Managed Detection and Response (MDR), today announced the launch of its e3 partner ecosystem, representing experience, expertise, eSentire. The e3 ecosystem focuses on mapping partner engagement, productivity and overall experience to how business leaders are choosing to consume best-in-class cybersecurity services. Believing that we all have…
Read More
Partners
PARTNER PROGRAM
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
ECOSYSTEM PARTNER RESOURCES
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
Resources
Blog — Aug 21, 2015

Navigating the regulatory maze

Speak With A Security Expert Now

Last year's SEC 28-point security Risk Alert triggered a wave of regulatory compliance reports and requirements that have transformed the way the industry thinks about cybersecurity. The big breach stories of 2014 made the topic unavoidable in the boardroom and a top priority on the legislative slate.

Initial findings released after the SEC’s first wave of cybersecurity examinations revealed staggering facts: of the 106 firms inspected, 88% of broker-dealers and 74% of advisers examined experienced a cyber attack either directly or through one of their vendors.

As a result of these initial examinations, the SEC and FINRA last February released a series of recommendations. These recommendations are intended as interim guidance while the SEC and FINRA continue to build out a formal compliance framework.

Without a doubt, these recommendations are essential (and fundamental) cybersecurity considerations, however many firms have found it difficult to navigate the maze and determine which points are applicable to the unique requirements based on their firm’s size.

Recognizing that the recommendations aren’t a one-size-fits-all guide, eSentire recently published a pragmatic document categorizing considerations for varying sizes of firms, building on three specific measures highlighted in the SEC findings. While they don’t necessarily form an explicit list of what firms should do to fulfill their duties when it comes to information security, it’s important to be able to identify which of the recommended facets apply to your firm and its unique size. The three measures focus on:

  1. Periodic Cybersecurity Assessment
  2. Detecting and Responding to Cybersecurity Threats
  3. Documented Cybersecurity Policies and Procedures

The SEC Matrix from eSentire takes these three measures into account, divvying them for firms with AUM under $1B, between $1-5B and firms with over $5B in AUM. While each class has very unique considerations, it’s important to regard the lists as additive; as firms move higher on the scale they shouldn’t just consider the list prescribed for larger funds. It’s important that larger funds review and consider recommendations for smaller funds too, as those measures are critical for funds of all sizes.

The document is a pragmatic security to-do list that helps ensure that as you’re continually augmenting your cybersecurity defences you’ve got peripheral compliance considerations covered too. To view the complete lists and pragmatic checklist download your copy of the SEC Matrix today.

View Most Recent Blogs
Eldon Sprickerhoff
Eldon Sprickerhoff Founder and Chief Innovation Officer
In founding eSentire, Eldon Sprickerhoff responded to the incipient yet rapidly growing demand for a more proactive approach to preventing and investigating information security breaches. Now with over twenty years of tactical experience, he is acknowledged as a subject matter expert in information security analysis.