Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Visibility and response across your entire Microsoft security ecosystem.
XDR with Machine Learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert threat hunting, original research, and proactive threat intelligence.
TRU is foundational to our MDR service. No add-ons or additional costs required.
Flexible MDR packages that enhance your cyber resilience and security operations.
Stop ransomware attacks before they disrupt your business.
Detect and respond to zero-day exploits.
Protect against third-party and supply chain risk.
Adopt a risk-based approach to cybersecurity.
Protect your most sensitive data.
Meet cybersecurity regulatory compliance mandates.
Eliminate misconfigurations and policy violations.
Prevent business disruption by outsourcing MDR.
Meet insurability requirements with MDR.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and mediating threats to prevent lateral spread.
Enhance investigation and threat detection across multi-cloud or hybrid environments.
Remediate critical misconfigurations, security vulnerabilities and policy violations across cloud and containerized environments.
Detect malicious insider and identity-based behavior leveraging machine learning models.
THE THREAT eSentire is aware of widespread exploitation attempts targeting the recently disclosed ownCloud vulnerability CVE-2023-49103. CVE-2023-49103 (CVSS: 10) is tracked as a disclosure of… READ NOW
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company's mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Waterloo, ON and GITEX GLOBAL 2023, Dubai, UAE – October 18, 2023 – eSentire, Inc., the Authority in Managed Detection and Response (MDR), today announced that Inspira Enterprise Inc, (Inspira), a… READ NOW
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
We believe a multi-signal approach is paramount to protecting your complete attack surface. See why eSentire MDR means multi-signal telemetry and complete response.
See how our 24/7 SOC Cyber Analysts and Elite Threat Hunters stop even the most advanced cyberattacks before they disrupt your business.
Choose the right mix of Managed Detection and Response, Exposure Management, and Incident Response services to strengthen your cyber resilience.
Try our interactive tools including the MITRE ATT&CK Tool, the SOC Pricing Calculator, the Cybersecurity Maturity Assessment, and our MDR ROI Calculator.
Read the latest security advisories, blogs, reports, industry publications and webinars published by eSentire's Threat Response Unit (TRU).
See why 2000+ organizations count on eSentire to build resilience and prevent business disruption.
2022 has been a particularly challenging year for security leaders and practitioners alike. Although cyber threats like ransomware and zero-day attacks have always been present, the ongoing conflict between Russia and Ukraine has shined a spotlight on the impact that nation state-sponsored attackers can have on our critical infrastructure.
No matter how small or large your organization is, nation state hackers pose a very real threat. What’s more, many of these groups understand that there is incredible value in targeting smaller, local organizations, especially those within critical infrastructure. As these highly targeted cyberattacks continue to happen, we, as an industry, must ask ourselves: “How prepared is my organization really?”
Recently, I had the unique experience of visiting the White House courtesy of eSentire’s CEO, Kerry Bailey. We were invited to discuss our commitment to fight this emerging wave of cybercrime with Amit Mital, the Special Assistant to the President & Senior Director of Cybersecurity. This opportunity was particularly special for me considering my own professional experience with the Canadian Federal government and the fact that Amit Mital was a Board Member for eSentire prior to his role at the White House.
The visit itself was nothing short of incredible, but more importantly, it allowed me to put some real thought to where the cybersecurity industry is heading, and what security leaders need to get right to protect their organizations.
As an industry, we must collaborate closely with the federal government to adequately deal with the cyber threats and risks posed by state-sponsored cybercriminals. Ransomware groups are continuing to target organizations in North America, and that means that organizations are going to need to make sizeable investments in dedicated cybersecurity teams and arming them with the right tools and threat detection capabilities, not just IT teams doing cybersecurity on the side.
We are more than capable of conducting the necessary blue teaming necessary to protect organizations (assuming budget availability) and articulate the business risk to demonstrate the potential financial impact to the organization.
CISOs who can demonstrate the financial consequences of a cyberattack and business downtime to their executive teams are more than likely going to get the budget required to prevent business disruption and protect their customers’ sensitive data.
Cyberattacks launched by state-sponsored actors pose a significant challenge for the government because these attacks can be viewed as acts of war. However, many business leaders, who are beholden to their shareholders, don’t share the same perspective. They will always prioritize business continuity over determining the who, what, why, and how of any cyberattacks. As a result, CISOs are caught in the middle because their priority is getting their network and systems online after eliminating the threat so that they can return to business operations as quickly as possible. The geostrategic consequences are not in the CISO’s purview.
The challenge here is determining ‘true attribution’ and the collection of Digital Forensics and Incident Response data to support attribution. In Threat Intelligence, we are often asked to provide an analysis of the threat actor(s) responsible for an attack. But this is challenging given the ability of one threat actor group to pose as another.
A great example is the 2018 Pyeongchang Olympics – initial assessments indicated that North Korean operators were responsible for the cyberattack that crippled the Olympics IT infrastructure. However, it was later determined that the likely culprit was ‘Sandworm Team’, a Russian Advanced Persistent Threat (APT).
There are three criterial we can use to gain true attribution for any cyberattack:
The highest form of attribution is generally understood as Adversary Admission, and we typically want at least two of the above criteria before being almost certain in our attribution (e.g., Intrusion Analysis + Leak OR Leak + Adversary Admission).
The information collected during a Digital Forensics engagement is what supports Intrusion Analysis, but unfortunately, security leaders who are only concerned about business continuity typically remain unconcerned with these additional details.
Unfortunately, nation-state adversaries have, and will continue to use our data against us, to manipulate our perceptions of reality, deny critical infrastructure, and steal our intellectual property so their organizations can prosper. Remember – the adversaries disrupting our society are no longer kids in their parents’ basement trying to figure out how to access servers and manipulate websites merely out of curiosity.
I think all organizations are going to be challenged over the next period as we continue to shore up our defenses from state sponsored threats. The most successful organizations will be those that have CISOs who are able to explain the financial risk associated with the potential damages of a cyberattack.
I do personally believe that the Canadian and U.S. federal governments are doing their part to create a more cyber resilient society. However, there should be more transparency and collaboration from the respective Federal governments with respect to attribution and the implications of these cyberattacks against our society.
To learn how eSentire can help put your business ahead of disruption and build a robust security operation, book a meeting with one of our cybersecurity specialists now.
As Sr. Manager, Threat Intelligence, Ryan is responsible for demystifying the Threat Landscape for eSentire's Threat Response Unit. His goal is to detect, and respond to threats before they become risks to eSentire's client base.
Prior to eSentire, Ryan spent three years in Big 4 Consulting, helping build, develop, and establish a Threat Intelligence & Analytics team. Prior to Big 4 Consulting, Ryan was a member of Canada's Federal Public Service for over 5 years, employed by Public Safety Canada in Policy, and in the Canadian Armed Forces working in a variety of roles including Influence Activities and Civil Military Cooperation.
Ryan holds a BA in Political Science & History from Wilfrid Laurier University, a MSc in Counter-Terrorism from the University of Central Lancashire, a Master's degree from the University of Waterloo, and is a GIAC Certified Cyber Threat Intelligence Analyst.