What We Do
How we do it
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
View Threat Intelligence Resources →
Jun 01, 2023
Critical Vulnerability in MOVEit Transfer
THE THREAT eSentire is aware of reports relating to the active exploitation of a currently unnamed vulnerability impacting Progress Software’s managed file transfer software MOVEit Transfer.…
Read More
View all Advisories →
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
Mar 20, 2023
Exertis and eSentire Partner to Deliver 24/7 Multi-Signal MDR, Digital Forensics & IR Services and Exposure Management to Organisations Across the UK, Ireland, and Europe
Basingstoke, UK– 20 March, 2023. Leading technology distributor, Exertis, announced today that it has bolstered its cybersecurity services, adding eSentire, the Authority in Managed Detection and Response (MDR), to its Enterprise portfolio of offerings. eSentire’s award-winning, 24/7 multi-signal MDR, Digital Forensics & Incident Response (IR), and Exposure Management services will be available…
Read More
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Blog — Mar 20, 2020

Pandemic Cybersecurity

4 minutes read
Speak With A Security Expert Now

One of the more disturbing things about a pandemic is the sense of helplessness it creates. Even when we ourselves are not getting sick, isolation and social distancing leave us unable to escape the seriousness of the situation. We find ourselves sitting and worrying when normally we would be out and about, and all we hear are further stories about how this situation is overtaking society - steadily climbing numbers of infected, with more and more extreme measures being taken to try and contain the disease. We know that by isolating we are contributing to making things better in the long run, but actively doing nothing doesn’t feel like we are actively doing anything to help the situation.

As a cybersecurity professional, I am fortunate enough to be working in an industry where it is at least possible to do much of my work remotely. In light of the situation, I wanted to reflect on the meaning of that work, and do something to share what the pandemic looks like from our vantage point. My hope is that this work may help you better understand how cybersecurity can manifest effects and impacts in the real world and the role it can play in protection of your business and clients.

At eSentire, we offer Managed Detection and Response (MDR). Essentially, we monitor for threats that get through automated defenses and then step in to neutralize and contain them. Many of the clients we protect are organizations on the front lines of the battle against COVID-19 today, or delivering critical infrastructure to them. In the background somewhere, our work is helping keep hospitals and medical research labs online, protecting them and critical services they need from cybersecurity attacks that could disrupt or shut them down.

To illustrate visually, the data studio display below shows some of the security incidents we’ve seen from critical service sectors that eSentire MDR has protected over the last year. The various interactive toggles allow drilling down and exploring meta data on real security incidents that have occurred over the period of the pandemic. Keep in mind, to keep these clients anonymized we’ve changed a few things [1]. Using this dashboard, you can drill down and interact with examples of real security incidents that have targeted healthcare services, medical research and critical infrastructure during this pandemic and see what we step in to prevent.

Click image to view

Exploit Attempts

By far, the most frequent type of attack we’ve observed is also the least significant - exploits coming through perimeter security and touching briefly on internal systems. Mostly, this is just background noise of the internet being let through a hole in the perimeter (often one intentionally made in the interests of availability), but we’re working to identify the known bad and act as a second line of active defense where clients have left gaps in their firewalls for whatever reason.

Suspicious Activity

The next most frequent type of incident we’ve seen is Suspicious Activity, which is when our Security Operations Center (SOC) investigations picked up something out of the ordinary that needed to be raised for additional investigation. These are usually benign, but a fair number of potentially serious problems are caught here and some preventable disasters averted.

Dangerous Incidents

Our continual investigations also regularly hit upon smaller numbers of other real, serious attacks in progress: events where someone is trying to brute force their way into sensitive systems, scam people into giving up their passwords, or deploying malicious code like ransomware or other payloads onto hospital systems. Our objective here is to contain and disrupt such incursions as we see them before the attacker can expand their toehold into a position where they can threaten to take an entire hospital or infrastructure system offline, and keep the cleanup to a manageable level for on-site IT.

In cybersecurity, these sorts of situations going undetected until it’s too late are the things we worry about constantly - imagine an already overloaded hospital in the middle of a pandemic suddenly losing computer powered diagnostic machines, test results, patient records, access to research - or even just the software helping with the logistics of organizing doctors to best effect. Today, that nightmare is an ever present possibility and we are all too often finding ourselves as the last line of defense in preventing it. After all, for some attackers, events today are being seen just as an opportunity - who wouldn’t pay up on a ransom if it keeps a hospital’s doors open during a pandemic?

Feel free to use this dashboard to look out on the fight against covid from our vantage point as events develop and get a sense for how we are working to help keep hospitals and infrastructure open and online during this emergency. If you drag over the pandemic timeline at the top, you can restrict the view to just a specific timeline (this will also resize and/or limit the dots shown based on activity), or you can drill down and explore on other properties by interacting with the map, pie charts, and tables.

At the end of the day, cybersecurity is helping to play its part in supporting reliable access to healthcare technologies. And when I consider that doctors and hospitals need those tools as they steer us through this pandemic, the knowledge that what we do helps allow them to focus on what matters makes me feel less helpless in this isolation.


[1] We’ve aggregated and altered things here slightly to avoid disclosing anything that could be used to identify our clients or help attackers: the actual locations attacked are moved and fuzzed to geolocations hundreds of miles away, the data is a cross section rather than a complete set, and we’re not disclosing any specifics about any of the incidents beyond a loose classification of what happened (and only after we've fully handled it)

View Most Recent Blogs

eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization’s cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world’s most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit: www.esentire.com and follow @eSentire.