Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Visibility and response across your entire Microsoft security ecosystem.
XDR with Machine Learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert threat hunting, original research, and proactive threat intelligence.
TRU is foundational to our MDR service. No add-ons or additional costs required.
Flexible MDR packages that enhance your cyber resilience and security operations.
Stop ransomware attacks before they disrupt your business.
Detect and respond to zero-day exploits.
Protect against third-party and supply chain risk.
Adopt a risk-based approach to cybersecurity.
Protect your most sensitive data.
Meet cybersecurity regulatory compliance mandates.
Eliminate misconfigurations and policy violations.
Prevent business disruption by outsourcing MDR.
Meet insurability requirements with MDR.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and mediating threats to prevent lateral spread.
Enhance investigation and threat detection across multi-cloud or hybrid environments.
Remediate critical misconfigurations, security vulnerabilities and policy violations across cloud and containerized environments.
Detect malicious insider and identity-based behavior leveraging machine learning models.
THE THREAT eSentire is aware of widespread exploitation attempts targeting the recently disclosed ownCloud vulnerability CVE-2023-49103. CVE-2023-49103 (CVSS: 10) is tracked as a disclosure of… READ NOW
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company's mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Waterloo, ON and GITEX GLOBAL 2023, Dubai, UAE – October 18, 2023 – eSentire, Inc., the Authority in Managed Detection and Response (MDR), today announced that Inspira Enterprise Inc, (Inspira), a… READ NOW
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
We believe a multi-signal approach is paramount to protecting your complete attack surface. See why eSentire MDR means multi-signal telemetry and complete response.
See how our 24/7 SOC Cyber Analysts and Elite Threat Hunters stop even the most advanced cyberattacks before they disrupt your business.
Choose the right mix of Managed Detection and Response, Exposure Management, and Incident Response services to strengthen your cyber resilience.
Try our interactive tools including the MITRE ATT&CK Tool, the SOC Pricing Calculator, the Cybersecurity Maturity Assessment, and our MDR ROI Calculator.
Read the latest security advisories, blogs, reports, industry publications and webinars published by eSentire's Threat Response Unit (TRU).
See why 2000+ organizations count on eSentire to build resilience and prevent business disruption.
About one year ago, I spoke with some application developers about a recent penetration test. They told me they had received an internal memo with a list of vulnerabilities - just the names - categorized by severity. If you've never seen a penetration report yourself, you should know the report contains so much more than just a list of problems. The report provides evidence, context, descriptions, notes from the tester, and recommended solutions. Without those pieces, you just have a confusing list of words. These developers didn't understand the problems. Worse yet, those in charge didn't understand either, so no one was given time to actually resolve the issues. It may be more accurate to say, no one was given or had the time to research the vulnerabilities and then try to learn how to fix them.
I spoke with more developers to learn if this was their experience, and unfortunately it was. This inspired a talk I presented at CodeMash recently. CodeMash is a large, development-centric conference in Sandusky, OH, that discusses the basics of penetration testing and some of the tools available. The complete presentation can be viewed below:
In the security field we often refer to “Red Team” (offense) and “Blue Team” (defense). Penetration tests are one form of “red-teaming.” At their best, penetration tests are attack simulations. The test may be limited by what the tester is explicitly allowed to do, but the tester will always do their best to work within those constraints to simulate what an attacker would do.
eSentire’s Red Team follows the same methodology used by most testers. The test begins with a 'Discovery' phase. This is like host hide-and-seek. The tester typically receives a list of IP addresses and URLs and then has to figure out what is alive at those addresses and which ports and services are open. Armed with that information, they move on to the 'Enumeration' phase. The ports and services are closely reviewed to determine what they are, the version numbers, and anything else that can be learned.
At this point, the testing becomes more active as the test enters the 'Scanning' phase. Tools like Burp, ZAP, Nessus, and others are used to scan and test the applications for known weaknesses. They will circle back to the beginning and pick a new path until everything they can think of to do has been exhausted.
A penetration test is like QA testing. However, it’s QA testing taken to an extreme. While a QA tester’s directive may be to make sure the application works as expected for a business use case, a penetration tester comes to the application not knowing what it is or what is meant to do. Their goal is to do things you may have never expected a reasonable person to try to see if they can get the application to do something it was never intended to do.
To carry out this testing, testers have a wide range of tools available to them. A sort of toolbox starter kit comes in the form of Kali Linux. Kali is a version of Debian that is maintained by Offensive Security and comes with many of the popular testing tools pre-installed. If you want to try some of the tools discussed here and in the presentation video, Kali can help you get started. Offensive Security even provides ready-to-import VirtualBox and VMware machines.
There are also web-based tools, like Shodan.io and Google. Penetration tests frequently start with OSINT (Open Source INTelligence gathering). OSINT is a big reason why we cannot rely on obscurity for security. No matter how small or hidden a service or application might be, it can be found. Shodan and Google make it possible for penetration testers to perform reconnaissance on a network before attacking, but they also allow others to stumble upon opportunities for mischief.
Shodan is a self-described search engine for the internet of things. It’s like Google, but it returns services rather than webpages and files. It can be used to answer questions about specific companies or services. For example, Shodan tells us there are over 35,000 Mongo databases accessible without authentication.
Sometimes this leads to trouble.
Google can also be used in this way. Using Google’s keywords, like inurl and filetype, testers, and others, it can look for sensitive information. In this example, I found a router password by searching for intext:“password” filetype:xls.
If a tester finds a web application or website, they’ll use tools like Burp or OWASP ZAP to look for problems that can be exploited. These are web proxies that enable the tester to view GET requests and information that is often thought to be hidden. Burp and ZAP are both free to get started. For developers out there, these proxies are like Fiddler, but with a twist.
ZAP is a great tool for penetration testers, but also good for developers interested in getting started with application security. It’s maintained by OWASP as an open source project and designed to be easy for anyone to use. You can provide a URL and click the “Attack” button to get started finding low-hanging fruit.
You don’t have to wait for your next penetration test to see what tools like Shodan, Google, Burp, and ZAP can find. Try them for yourself to see what you can find about your organization. You will be finding problems proactively and reducing the workload on the organization’s development and security teams. Fixing problems a little at a time is much easier than trying to find time and resources to fix one big list once a year. Plus, it introduces more of the organization to security and helps promote more secure practices. It’s like the Boy Scout’s mantra about the woods, but with computers. Always leave your network better than how you found it. You don’t need to fix everything all at once, but do this consistently and the quality and security improves naturally.
eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization’s cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world’s most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit: www.esentire.com and follow @eSentire.