What We Do
How we do it
Resources
Company
ABOUT ESENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1500+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
Sep 20, 2022
eSentire Recognized as Top Global MDR Provider by MSSP Alert, CrowdStrike and G2
Waterloo, ON - September 21, 2022 – eSentire, Inc., the Authority in Managed Detection and Response (MDR), celebrated multiple industry recognitions as the leading global MDR provider, over the last week: Named #9, and the top pure play MDR provider on MSSP Alert’s Top 250 MSSPs global rankingRecognized as the CrowdStrike 2022 Global MSSP Partner of the Year Earned G2’s industry-renowned status…
Read More
Partners
PARTNER PROGRAM
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
ECOSYSTEM PARTNER RESOURCES
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
Resources
Blog — Mar 20, 2020

Pandemic Cybersecurity

4 minutes read
Speak With A Security Expert Now

One of the more disturbing things about a pandemic is the sense of helplessness it creates. Even when we ourselves are not getting sick, isolation and social distancing leave us unable to escape the seriousness of the situation. We find ourselves sitting and worrying when normally we would be out and about, and all we hear are further stories about how this situation is overtaking society - steadily climbing numbers of infected, with more and more extreme measures being taken to try and contain the disease. We know that by isolating we are contributing to making things better in the long run, but actively doing nothing doesn’t feel like we are actively doing anything to help the situation.

As a cybersecurity professional, I am fortunate enough to be working in an industry where it is at least possible to do much of my work remotely. In light of the situation, I wanted to reflect on the meaning of that work, and do something to share what the pandemic looks like from our vantage point. My hope is that this work may help you better understand how cybersecurity can manifest effects and impacts in the real world and the role it can play in protection of your business and clients.

At eSentire, we offer Managed Detection and Response (MDR). Essentially, we monitor for threats that get through automated defenses and then step in to neutralize and contain them. Many of the clients we protect are organizations on the front lines of the battle against COVID-19 today, or delivering critical infrastructure to them. In the background somewhere, our work is helping keep hospitals and medical research labs online, protecting them and critical services they need from cybersecurity attacks that could disrupt or shut them down.

To illustrate visually, the data studio display below shows some of the security incidents we’ve seen from critical service sectors that eSentire MDR has protected over the last year. The various interactive toggles allow drilling down and exploring meta data on real security incidents that have occurred over the period of the pandemic. Keep in mind, to keep these clients anonymized we’ve changed a few things [1]. Using this dashboard, you can drill down and interact with examples of real security incidents that have targeted healthcare services, medical research and critical infrastructure during this pandemic and see what we step in to prevent.

Click image to view

Exploit Attempts

By far, the most frequent type of attack we’ve observed is also the least significant - exploits coming through perimeter security and touching briefly on internal systems. Mostly, this is just background noise of the internet being let through a hole in the perimeter (often one intentionally made in the interests of availability), but we’re working to identify the known bad and act as a second line of active defense where clients have left gaps in their firewalls for whatever reason.

Suspicious Activity

The next most frequent type of incident we’ve seen is Suspicious Activity, which is when our Security Operations Center (SOC) investigations picked up something out of the ordinary that needed to be raised for additional investigation. These are usually benign, but a fair number of potentially serious problems are caught here and some preventable disasters averted.

Dangerous Incidents

Our continual investigations also regularly hit upon smaller numbers of other real, serious attacks in progress: events where someone is trying to brute force their way into sensitive systems, scam people into giving up their passwords, or deploying malicious code like ransomware or other payloads onto hospital systems. Our objective here is to contain and disrupt such incursions as we see them before the attacker can expand their toehold into a position where they can threaten to take an entire hospital or infrastructure system offline, and keep the cleanup to a manageable level for on-site IT.

In cybersecurity, these sorts of situations going undetected until it’s too late are the things we worry about constantly - imagine an already overloaded hospital in the middle of a pandemic suddenly losing computer powered diagnostic machines, test results, patient records, access to research - or even just the software helping with the logistics of organizing doctors to best effect. Today, that nightmare is an ever present possibility and we are all too often finding ourselves as the last line of defense in preventing it. After all, for some attackers, events today are being seen just as an opportunity - who wouldn’t pay up on a ransom if it keeps a hospital’s doors open during a pandemic?

Feel free to use this dashboard to look out on the fight against covid from our vantage point as events develop and get a sense for how we are working to help keep hospitals and infrastructure open and online during this emergency. If you drag over the pandemic timeline at the top, you can restrict the view to just a specific timeline (this will also resize and/or limit the dots shown based on activity), or you can drill down and explore on other properties by interacting with the map, pie charts, and tables.

At the end of the day, cybersecurity is helping to play its part in supporting reliable access to healthcare technologies. And when I consider that doctors and hospitals need those tools as they steer us through this pandemic, the knowledge that what we do helps allow them to focus on what matters makes me feel less helpless in this isolation.

References:

[1] We’ve aggregated and altered things here slightly to avoid disclosing anything that could be used to identify our clients or help attackers: the actual locations attacked are moved and fuzzed to geolocations hundreds of miles away, the data is a cross section rather than a complete set, and we’re not disclosing any specifics about any of the incidents beyond a loose classification of what happened (and only after we've fully handled it)

Join 100,000+ Security Leaders

Get notified of the latest news, intel and helpful tools & assets. You can unsubscribe anytime.

By clicking the button below I confirm that I have read and agree to the eSentire privacy policy.

View Most Recent Blogs
eSentire
eSentire

eSentire is the Authority in Managed Detection and Response, protecting the critical data and applications of 1500+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk, and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts & Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services. For more information, visit www.esentire.com and follow @eSentire.