Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert hunting, research and content.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and remediating threats to prevent lateral spread.
Investigation and enhanced threat detection across multi-cloud or hybrid environments.
Configuration escalations, policy and posture management.
Detects malicious insider behavior leveraging Machine Learning models.
Customer testimonials and case studies.
Stories on cyberattacks, customers, employees, and more.
Cyber incident, analyst, and thought leadership reports.
Demonstrations, seminars and presentations on cybersecurity topics.
Information and solution briefs for our services.
MITRE ATT&CK Framework, Cybersecurity Assessment, SOC Calculator & more
2022 has been a particularly challenging year for security leaders and practitioners alike. Although cyber threats like ransomware and zero-day attacks have always been present, the ongoing conflict between Russia and Ukraine has shined a spotlight on the impact that nation state-sponsored attackers can have on our critical infrastructure.
No matter how small or large your organization is, nation state hackers pose a very real threat. What’s more, many of these groups understand that there is incredible value in targeting smaller, local organizations, especially those within critical infrastructure. As these highly targeted cyberattacks continue to happen, we, as an industry, must ask ourselves: “How prepared is my organization really?”
Recently, I had the unique experience of visiting the White House courtesy of eSentire’s CEO, Kerry Bailey. We were invited to discuss our commitment to fight this emerging wave of cybercrime with Amit Mital, the Special Assistant to the President & Senior Director of Cybersecurity. This opportunity was particularly special for me considering my own professional experience with the Canadian Federal government and the fact that Amit Mital was a Board Member for eSentire prior to his role at the White House.
The visit itself was nothing short of incredible, but more importantly, it allowed me to put some real thought to where the cybersecurity industry is heading, and what security leaders need to get right to protect their organizations.
As an industry, we must collaborate closely with the federal government to adequately deal with the cyber threats and risks posed by state-sponsored cybercriminals. Ransomware groups are continuing to target organizations in North America, and that means that organizations are going to need to make sizeable investments in dedicated cybersecurity teams and arming them with the right tools and threat detection capabilities, not just IT teams doing cybersecurity on the side.
We are more than capable of conducting the necessary blue teaming necessary to protect organizations (assuming budget availability) and articulate the business risk to demonstrate the potential financial impact to the organization.
CISOs who can demonstrate the financial consequences of a cyberattack and business downtime to their executive teams are more than likely going to get the budget required to prevent business disruption and protect their customers’ sensitive data.
Cyberattacks launched by state-sponsored actors pose a significant challenge for the government because these attacks can be viewed as acts of war. However, many business leaders, who are beholden to their shareholders, don’t share the same perspective. They will always prioritize business continuity over determining the who, what, why, and how of any cyberattacks. As a result, CISOs are caught in the middle because their priority is getting their network and systems online after eliminating the threat so that they can return to business operations as quickly as possible. The geostrategic consequences are not in the CISO’s purview.
The challenge here is determining ‘true attribution’ and the collection of Digital Forensics and Incident Response data to support attribution. In Threat Intelligence, we are often asked to provide an analysis of the threat actor(s) responsible for an attack. But this is challenging given the ability of one threat actor group to pose as another.
A great example is the 2018 Pyeongchang Olympics – initial assessments indicated that North Korean operators were responsible for the cyberattack that crippled the Olympics IT infrastructure. However, it was later determined that the likely culprit was ‘Sandworm Team’, a Russian Advanced Persistent Threat (APT).
There are three criterial we can use to gain true attribution for any cyberattack:
The highest form of attribution is generally understood as Adversary Admission, and we typically want at least two of the above criteria before being almost certain in our attribution (e.g., Intrusion Analysis + Leak OR Leak + Adversary Admission).
The information collected during a Digital Forensics engagement is what supports Intrusion Analysis, but unfortunately, security leaders who are only concerned about business continuity typically remain unconcerned with these additional details.
Unfortunately, nation-state adversaries have, and will continue to use our data against us, to manipulate our perceptions of reality, deny critical infrastructure, and steal our intellectual property so their organizations can prosper. Remember – the adversaries disrupting our society are no longer kids in their parents’ basement trying to figure out how to access servers and manipulate websites merely out of curiosity.
I think all organizations are going to be challenged over the next period as we continue to shore up our defenses from state sponsored threats. The most successful organizations will be those that have CISOs who are able to explain the financial risk associated with the potential damages of a cyberattack.
I do personally believe that the Canadian and U.S. federal governments are doing their part to create a more cyber resilient society. However, there should be more transparency and collaboration from the respective Federal governments with respect to attribution and the implications of these cyberattacks against our society.
To learn how eSentire can help put your business ahead of disruption and build a robust security operation, book a meeting with one of our cybersecurity specialists now.
Get notified of the latest news, intel and helpful tools & assets. You can unsubscribe anytime.
As Sr. Manager, Threat Intelligence, Ryan is responsible for demystifying the Threat Landscape for eSentire's Threat Response Unit. His goal is to detect, and respond to threats before they become risks to eSentire's client base.
Prior to eSentire, Ryan spent three years in Big 4 Consulting, helping build, develop, and establish a Threat Intelligence & Analytics team. Prior to Big 4 Consulting, Ryan was a member of Canada's Federal Public Service for over 5 years, employed by Public Safety Canada in Policy, and in the Canadian Armed Forces working in a variety of roles including Influence Activities and Civil Military Cooperation.
Ryan holds a BA in Political Science & History from Wilfrid Laurier University, a MSc in Counter-Terrorism from the University of Central Lancashire, a Master's degree from the University of Waterloo, and is a GIAC Certified Cyber Threat Intelligence Analyst.