What We Do
How we do it
Resources
SECURITY ADVISORIES
Nov 22, 2021
Microsoft Exchange Vulnerability - CVE-2021-42321
THE THREAT eSentire has identified publicly available Proof-of-Concept (PoC) exploit code, for the critical Microsoft Exchange vulnerability CVE-2021-42321. CVE-2021-42321 was announced as part of Microsoft’s November Patch Tuesday release. Exploitation would allow a remote threat actor, with previous authentication, to execute code on vulnerable servers. Prior to the patch release, Microsoft…
Read More
View all Advisories →
Company
ABOUT ESENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
Oct 28, 2021
Telarus and eSentire Expand Partnership to Safeguard Enterprises Globally Against Business Disrupting Ransomware and Zero-Day Attacks
London, UK and Sydney, Australia– Oct. 28, 2021 - eSentire, recognized globally as the Authority in Managed Detection and Response (MDR), today announces the expansion of its partnership with Telarus, the largest privately-held distributor of business cloud infrastructure and contact centre services. Building on their mutual success across North America, Telarus will bring eSentire’s Managed…
Read More
Partners
PARTNER PROGRAM
Partners
Our award-winning partner program offers financial rewards, sales and marketing tools and personalized training. Accelerate your business and grow your revenue by offering our world-class Managed Detection and Response (MDR) services.
Learn about our Partner Program
PARTNER RESOURCES
Apply today to partner with the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
Resources
Blog — Aug 21, 2015

Navigating the regulatory maze

Speak With A Security Expert Now

Last year's SEC 28-point security Risk Alert triggered a wave of regulatory compliance reports and requirements that have transformed the way the industry thinks about cybersecurity. The big breach stories of 2014 made the topic unavoidable in the boardroom and a top priority on the legislative slate.

Initial findings released after the SEC’s first wave of cybersecurity examinations revealed staggering facts: of the 106 firms inspected, 88% of broker-dealers and 74% of advisers examined experienced a cyber attack either directly or through one of their vendors.

As a result of these initial examinations, the SEC and FINRA last February released a series of recommendations. These recommendations are intended as interim guidance while the SEC and FINRA continue to build out a formal compliance framework.

Without a doubt, these recommendations are essential (and fundamental) cybersecurity considerations, however many firms have found it difficult to navigate the maze and determine which points are applicable to the unique requirements based on their firm’s size.

Recognizing that the recommendations aren’t a one-size-fits-all guide, eSentire recently published a pragmatic document categorizing considerations for varying sizes of firms, building on three specific measures highlighted in the SEC findings. While they don’t necessarily form an explicit list of what firms should do to fulfill their duties when it comes to information security, it’s important to be able to identify which of the recommended facets apply to your firm and its unique size. The three measures focus on:

  1. Periodic Cybersecurity Assessment
  2. Detecting and Responding to Cybersecurity Threats
  3. Documented Cybersecurity Policies and Procedures

The SEC Matrix from eSentire takes these three measures into account, divvying them for firms with AUM under $1B, between $1-5B and firms with over $5B in AUM. While each class has very unique considerations, it’s important to regard the lists as additive; as firms move higher on the scale they shouldn’t just consider the list prescribed for larger funds. It’s important that larger funds review and consider recommendations for smaller funds too, as those measures are critical for funds of all sizes.

The document is a pragmatic security to-do list that helps ensure that as you’re continually augmenting your cybersecurity defences you’ve got peripheral compliance considerations covered too. To view the complete lists and pragmatic checklist download your copy of the SEC Matrix today.

View Most Recent Blogs
Eldon Sprickerhoff
Eldon Sprickerhoff Founder and Chief Innovation Officer

In founding eSentire, Eldon Sprickerhoff responded to the incipient yet rapidly growing demand for a more proactive approach to preventing and investigating information security breaches. Now with over twenty years of tactical experience, he is acknowledged as a subject matter expert in information security analysis.