Combine cutting-edge XDR technology, multi-signal threat intelligence and 24/7 Elite Threat Hunters to help you build a world-class security operation.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Cyber risk and advisory programs that identify security gaps and build security strategies to address them.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
XDR with machine learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Seamless integration and threat investigation across your existing tech stack.
Defend brute force attacks, active intrusions and unauthorized scans.
Guard endpoints by isolating and remediating threats to prevent lateral spread.
Investigation and threat detection across multi-cloud or hybrid environments.
Remediate misconfigurations, vulnerabilities and policy violations.
Investigate and respond to compromised identities and insider threats.
Stop ransomware before it spreads.
Meet regulatory compliance mandates.
Detect and respond to zero-day exploits.
End misconfigurations and policy violations.
Defend third-party and supply chain risk.
Prevent disruption by outsourcing MDR.
Adopt a risk-based security approach.
Meet insurability requirements with MDR.
Protect your most sensitive data.
Build a proven security program.
Operationalize timely, accurate, and actionable cyber threat intelligence.
THE THREAT Beginning in early September 2024, eSentire observed an increase in the number of incidents involving Lumma Stealer malware; this activity has remained common leading into…
Oct 02, 2024THE THREATA recently disclosed vulnerability impacting Zimbra mail servers is being actively exploited by attacker(s). On September 27th, Zimbra publicly disclosed CVE-2024-45519, a…
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Multi-Signal MDR with 300+ technology integrations to support your existing investments.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
Three MDR package tiers are available based on per-user pricing and level of risk tolerance.
The latest security advisories, blogs, reports, industry publications and webinars published by TRU.
Compare eSentire to other Managed Detection and Response vendors to see how we stack up against the competition.
See why 2000+ organizations globally have chosen eSentire for their MDR Solution.
Many of the clients we work with find themselves concerned that the newest device they’ve read about could pose an existential threat to their business. Although they may see advantages to bringing a new technology into their environment, they are also uncertain as to how it might—or may already be—affecting the cybersecurity of their business. In truth, lots of business environments already have connected technology in their environment that may pose a risk to their network’s security.
For the purposes of this blog, think of an IOT device as anything that plugs into your network. If you look around your office, you’ll quickly notice that printers, telephones and/or cell phones are all connected to the wireless network. And this list is growing rapidly. Consider your thermostat, security cameras, televisions and lights—these are among hundreds of new devices that ask for some type of network access.
In smaller workplace environments, these types of devices often get added to the network without much thought. The simplicity of putting everything on one network makes things easier, and we get that. Unfortunately, there is risk involved with this practice. If you’ve ever installed a computer software patch, you know that they come about quite frequently. In fact, in the first 9 months of 2017, we saw over 11,000 new vulnerabilities documented.
When we first meet with our clients, we establish their appetite for risk and how they price it into their operations. This is an important first step, as understanding risk as a governance model helps set the stage for how we can address whatever challenge they want to take on.
So ask yourself: when was the last time you updated the firmware on your printer? There were over 200 printer related security vulnerabilities discovered this year alone. If your printer is running the firmware it had when you first installed it, do you know how many of these vulnerabilities are present on your network?
Of course, the point of this isn’t to make you run around the office and unplug all your printers, but rather to understand that every network-connected device in your business brings with it some inherent risk. Our goal is to quantify and remediate that risk wherever it is pragmatic to do so.
First of all, make a list of what needs to be connected to your network. Is this list different from what is currently connected? Know who is on your network and what their business purpose is. In our printer example, we have a multifunction device that could have the following characteristics:
Your network device list should list everything. (Did you include your servers and workstations?) The level of specificity you develop here should both support the business and limit your risk.
Our next goal is to segregate these different types of devices into corresponding networks. You should be able to create a network segment specifically for devices, like printers, that have a less secure posture to help isolate them from your more protected assets.
So, which networks should be on your short list for this type of segregation?
At a minimum, we would always recommend printers, VoIP phones / teleconference hardware, clients, servers, internal wireless and guest wireless should be on your short list. If your IOT devices are wireless, you may also want to create a separate IOT wireless to keep them away from guests and your internal network.
While the presence of Next Generation Firewalls complicates things somewhat because of their enhanced functionality, the biggest single source of misconfiguration we see for an external firewall is that it often does not use a default egress posture. In fact, most firewalls have default settings that don’t let anything in but do let everything out. It’s not all that uncommon to even see web proxies put into place, and next to them, a firewall that lets the same traffic out, un-proxied.
As you begin to look at next generation firewalls and intrusion detection systems, there are more sophisticated detection and prevention technologies that can further remediate the risks for rules that you create, but more often than not, you can simply remove the risk by not allowing unnecessary traffic.
Setting new rules in place should be a slow and careful process. To do it right, you are going to get good at reading log files and making sure that a failure within your environment isn’t the cause of an overly aggressive firewall rule.
At this point, you’ll want to start getting a sense of the standard noise that the network sees versus what might be desired but unauthorized traffic. A great example of this is broadcast. In many cases, you will see clients trying to broadcast traffic on their network segment that the firewall won’t pass. It can show up on your firewall log, but can be safely ignored if you understand why it’s there. On the other hand, if something is broken, looking at the logs to see if there is any unauthorized traffic because a device uses an undocumented port can be quite common.
Learn to look at your logs, even if only for troubleshooting purposes. Developing a sense for how to distinguish the signal from the noise can be key in identifying security issues within your environment.
eSentire’s Managed Detection and Response capabilities are very useful, especially when you’re connecting to the internet. The traffic you end up passing along that can threaten your business isn’t always easy to find and disrupt. Our esNETWORK works with the next generation functions of your internet firewall to detect and disrupt many of the kinds of threats that would otherwise go unnoticed. If you’d like to learn more about your organizational IoT risk, we want to help. Contact our Advisory Services team today for more information.
eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization’s cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world’s most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit: www.esentire.com and follow @eSentire.