Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Visibility and response across your entire Microsoft security ecosystem.
XDR with Machine Learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert threat hunting, original research, and proactive threat intelligence.
TRU is foundational to our MDR service. No add-ons or additional costs required.
Stop ransomware attacks before they disrupt your business.
Detect and respond to zero-day exploits.
Protect against third-party and supply chain risk.
Adopt a risk-based approach to cybersecurity.
Protect your most sensitive data.
Meet cybersecurity regulatory compliance mandates.
Eliminate misconfigurations and policy violations.
Prevent business disruption by outsourcing MDR.
Meet insurability requirements with MDR.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and mediating threats to prevent lateral spread.
Enhance investigation and threat detection across multi-cloud or hybrid environments.
Remediate critical misconfigurations, security vulnerabilities and policy violations across cloud and containerized environments.
Detect malicious insider and identity-based behavior leveraging machine learning models.
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company's mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
We believe a multi-signal approach is paramount to protecting your complete attack surface. See why eSentire MDR means multi-signal telemetry and complete response.
See how our 24/7 SOC Cyber Analysts and Elite Threat Hunters stop even the most advanced cyberattacks before they disrupt your business.
Choose the right mix of Managed Detection and Response, Exposure Management, and Incident Response services to strengthen your cyber resilience.
Try our interactive tools including the MITRE ATT&CK Tool, the SOC Pricing Calculator, the Cybersecurity Maturity Assessment, and our MDR ROI Calculator.
Read the latest security advisories, blogs, reports, industry publications and webinars published by eSentire's Threat Response Unit (TRU).
See why 2000+ organizations count on eSentire to build resilience and prevent business disruption.
Many of the clients we work with find themselves concerned that the newest device they’ve read about could pose an existential threat to their business. Although they may see advantages to bringing a new technology into their environment, they are also uncertain as to how it might—or may already be—affecting the cybersecurity of their business. In truth, lots of business environments already have connected technology in their environment that may pose a risk to their network’s security.
For the purposes of this blog, think of an IOT device as anything that plugs into your network. If you look around your office, you’ll quickly notice that printers, telephones and/or cell phones are all connected to the wireless network. And this list is growing rapidly. Consider your thermostat, security cameras, televisions and lights—these are among hundreds of new devices that ask for some type of network access.
In smaller workplace environments, these types of devices often get added to the network without much thought. The simplicity of putting everything on one network makes things easier, and we get that. Unfortunately, there is risk involved with this practice. If you’ve ever installed a computer software patch, you know that they come about quite frequently. In fact, in the first 9 months of 2017, we saw over 11,000 new vulnerabilities documented.
When we first meet with our clients, we establish their appetite for risk and how they price it into their operations. This is an important first step, as understanding risk as a governance model helps set the stage for how we can address whatever challenge they want to take on.
So ask yourself: when was the last time you updated the firmware on your printer? There were over 200 printer related security vulnerabilities discovered this year alone. If your printer is running the firmware it had when you first installed it, do you know how many of these vulnerabilities are present on your network?
Of course, the point of this isn’t to make you run around the office and unplug all your printers, but rather to understand that every network-connected device in your business brings with it some inherent risk. Our goal is to quantify and remediate that risk wherever it is pragmatic to do so.
First of all, make a list of what needs to be connected to your network. Is this list different from what is currently connected? Know who is on your network and what their business purpose is. In our printer example, we have a multifunction device that could have the following characteristics:
Your network device list should list everything. (Did you include your servers and workstations?) The level of specificity you develop here should both support the business and limit your risk.
Our next goal is to segregate these different types of devices into corresponding networks. You should be able to create a network segment specifically for devices, like printers, that have a less secure posture to help isolate them from your more protected assets.
So, which networks should be on your short list for this type of segregation?
At a minimum, we would always recommend printers, VoIP phones / teleconference hardware, clients, servers, internal wireless and guest wireless should be on your short list. If your IOT devices are wireless, you may also want to create a separate IOT wireless to keep them away from guests and your internal network.
While the presence of Next Generation Firewalls complicates things somewhat because of their enhanced functionality, the biggest single source of misconfiguration we see for an external firewall is that it often does not use a default egress posture. In fact, most firewalls have default settings that don’t let anything in but do let everything out. It’s not all that uncommon to even see web proxies put into place, and next to them, a firewall that lets the same traffic out, un-proxied.
As you begin to look at next generation firewalls and intrusion detection systems, there are more sophisticated detection and prevention technologies that can further remediate the risks for rules that you create, but more often than not, you can simply remove the risk by not allowing unnecessary traffic.
Setting new rules in place should be a slow and careful process. To do it right, you are going to get good at reading log files and making sure that a failure within your environment isn’t the cause of an overly aggressive firewall rule.
At this point, you’ll want to start getting a sense of the standard noise that the network sees versus what might be desired but unauthorized traffic. A great example of this is broadcast. In many cases, you will see clients trying to broadcast traffic on their network segment that the firewall won’t pass. It can show up on your firewall log, but can be safely ignored if you understand why it’s there. On the other hand, if something is broken, looking at the logs to see if there is any unauthorized traffic because a device uses an undocumented port can be quite common.
Learn to look at your logs, even if only for troubleshooting purposes. Developing a sense for how to distinguish the signal from the noise can be key in identifying security issues within your environment.
eSentire’s Managed Detection and Response capabilities are very useful, especially when you’re connecting to the internet. The traffic you end up passing along that can threaten your business isn’t always easy to find and disrupt. Our esNETWORK works with the next generation functions of your internet firewall to detect and disrupt many of the kinds of threats that would otherwise go unnoticed. If you’d like to learn more about your organizational IoT risk, we want to help. Contact our Advisory Services team today for more information.
eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization’s cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world’s most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit: www.esentire.com and follow @eSentire.