What We Do
How we do it
Nov 22, 2021
Microsoft Exchange Vulnerability - CVE-2021-42321
THE THREAT eSentire has identified publicly available Proof-of-Concept (PoC) exploit code, for the critical Microsoft Exchange vulnerability CVE-2021-42321. CVE-2021-42321 was announced as part of Microsoft’s November Patch Tuesday release. Exploitation would allow a remote threat actor, with previous authentication, to execute code on vulnerable servers. Prior to the patch release, Microsoft…
Read More
View all Advisories →
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
Oct 28, 2021
Telarus and eSentire Expand Partnership to Safeguard Enterprises Globally Against Business Disrupting Ransomware and Zero-Day Attacks
London, UK and Sydney, Australia– Oct. 28, 2021 - eSentire, recognized globally as the Authority in Managed Detection and Response (MDR), today announces the expansion of its partnership with Telarus, the largest privately-held distributor of business cloud infrastructure and contact centre services. Building on their mutual success across North America, Telarus will bring eSentire’s Managed…
Read More
Our award-winning partner program offers financial rewards, sales and marketing tools and personalized training. Accelerate your business and grow your revenue by offering our world-class Managed Detection and Response (MDR) services.
Learn about our Partner Program
Apply today to partner with the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Blog — Mar 17, 2020

Quantifying Risk: Making the Case for Greater Endpoint Protection

Speak With A Security Expert Now

As the coronavirus (COVID-19) continues to spread, the virulent disease has impacted our lives with restricted global travel, cancelled public and sporting events, and it compels employees to work remotely from home. We’ve seen a rise of fake coronavirus resources and websites as criminal elements take advantage of this situation. They know remote workers are not always as well-protected as ones behind the defenses of the mothership. In times like these, it becomes even more important to protect the laptops, tablets and other mobile devices used by your distributed workforce.

Quantifying Risk: Making the Case for Greater Endpoint Protection

In late 2018, the Ponemon Institute’s State of Endpoint Security Risk report stated that 34 percent of survey respondents indicated their endpoints had no protection. Unfortunately, this figure represents an increase compared to the 2017 report’s 28 percent. Perhaps unsurprisingly, the majority—64 percent—of survey respondents indicated that their organizations were compromised by one or more successful endpoint attacks in 2018. Again, this number reflects an increase over the previous year (54 percent).

From Cyber Risk to Financial Risk

While the cyber risk associated with endpoints is well-established, the financial risk—the minimum incurred yearly financial risk—is often considered in broad terms without sufficiently considering an organization’s characteristics.

To accurately determine the minimum incurred yearly risk of endpoints requires knowing multiple variables:

Probability of an Incident

Studies often site widely inaccurate claims around breach probabilities and their consequences. Lumping small and medium businesses (SMBs), enterprises and a broad range of industries into calculations results in inaccurate estimations that lack real-world context.

At eSentire, we created a risk propensity model based upon real-world observations (as opposed to survey results) of what we see bypass our clients’ existing security controls. The figure below shows, for a 12-month period and based upon an organizations’ number of sites, the probability of at least one incident that involves a bypass of existing endpoint security controls.

For illustrative purposes, we’ve shown three industries: finance, legal and healthcare.

The more sites an organization has, the higher the risk. This conclusion follows logically: the more sites, the larger the threat surface (endpoints in this case) and the more opportunities for attackers. To keep our model conservative, we assumed that each location is both independent and segregated from the others. That is, a breach at one site doesn’t make a breach at another any more likely, and a breach at one site does not spread laterally to another.

Conversion to Data Disclosure

While probability of an incident is important, conversion to data disclosure is critical for calculating risk. To continue with our illustrative purposes, finance, legal and healthcare organizations have observed incident conversion to data disclosure at rates of 22 percent, 23 percent and 65 percent. Notice the disparity between healthcare and the finance and legal industries. This is due in part to the nature of the data protected and the level of cybersecurity investment, especially around detection, response and recovery.

Calculating the probability of an incident and it resulting in data disclosure requires multiplying our two variables (probability of an incident X conversion to data disclosure rate). For our finance, legal and healthcare illustrations we will use the values for organizations with three locations. The resultant probability of an incident converting to data disclosure is:

Impact and Incurred Yearly Risk

Determining incurred yearly risk requires subjectivity from the organization at risk. To illustrate, the latest Ponemon Cost of a Data Breach Study reported that every record lost in a data breach results in the following cost:

No study can accurately project how many records an organization will lose if a data breach occurs. Leadership must determine, based on risk tolerance models, the projected number of records expected to lose in the case that a data breach occurs. For example, the below represents sample financial impact based on number of records lost:

Records Lost
























While these values are representative of when data disclosure does occur, it lacks application of risk of an incident and conversion to data disclosure over a 12-month period. To ultimately arrive at minimum incurred yearly risk (with at least one incident occurring), we must combine impact with probability of incident to data disclosure. The resultant minimum incurred yearly risk is:

Records Lost
























These values represent the minimum financial outlay organizations should expect over a 12-month period based on contextual risk.

Mismanagement of Risk

Despite an abundance of evidence that it’s just good business to invest in security solutions, many organizations wait until it’s too late. Rather than prudently managing financial risk by protecting endpoints, they respond only after incurring costs due to successful attacks.

This “wait and hope” approach manifests in inadequate security budgets. Gartner reports that the average organization spends $1,178 per employee on security, with only $124 of that figure dedicated to endpoint protection.

And, again despite ample evidence suggesting a different approach is needed, traditional antivirus remains the primary protection for endpoints—even though the Ponemon study shows that 57 percent of organizations recognize that traditional antivirus “does not provide adequate protection against today’s attacks.”

In fact, only 19 percent of respondents in the Ponemon report believe their compromise came from an “existing or known” attack, which might be caught by the traditional antivirus solutions receiving the bulk of endpoint security investments.

In contrast, 76 percent of respondents attribute their compromise to a “new or unknown zero-day attack”—exactly the type of attack that can be detected and mitigated by advanced endpoint protection capabilities.

Endpoint Protection: Beyond Traditional Antivirus

While endpoint protection platforms (EPPs) and endpoint detection and response (EDR) solution adoption continues to increase, effectively operationalizing, monitoring and hunting threats has proven problematic across resource-constrained organizations. As a result, endpoint breaches have been on the rise and will continue their trajectory due to increases in remote workers, mobile endpoints and cloud adoption.

As security leaders and practitioners have come to realize, making the case for additional security investment proactively is a challenge. Broad endpoint studies that lump enterprises and SMBs together cite overinflated costs and lose credibility.

As security personnel attempt to make the case for additional investment, and leaders are weighing decisions, we encourage careful consideration of:

If you find your organization is at substantial risk of an endpoint attack, or if you’d simply like assistance understanding and quantifying the risk, then we would be happy to help. Our esENDPOINT service, powered by CrowdStrike® and VMware Carbon Black delivers next-generation prevention with EDR capabilities powered by an elite team of cyberthreat hunters.

If you want to better understand incurred yearly endpoint risk that your organization uniquely faces, download our Making the Case for Advanced Endpoint Protection white paper.

View Most Recent Blogs
Wes Hutcherson
Wes Hutcherson Director of Product Marketing

As eSentire's Director of Product Marketing, Wes oversees market intelligence, competitive research and go-to-market strategies. His mult-faceted, technology experience spans over a decade with market leaders such as Hewlett-Packard and Dell SecureWorks.