What We Do
How we do it
Oct 19, 2021
Hackers Infect Employees of Law Firms, Manufacturing Companies, and Financial Services Orgs. with Increasingly Pervasive Infostealer, SolarMarker
SolarMarker Infects 5X More Corporate Victims Using Over a Million Poisoned WordPress Pages Key Takeaways eSentire has observed a fivefold increase in SolarMarker infections. Prior to September, eSentire’s Threat Response Unit (TRU) detected and shut down one infection per week. Beginning in September, TRU averaged the detection and shutdown of five per week. SolarMarker is a…
Read More
View all Advisories →
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
Oct 12, 2021
eSentire Launches MDR with Microsoft Azure Sentinel Extending Response Capabilities Across Entire Microsoft Security Ecosystem
Waterloo, ON – Oct. 12, 2021 -- eSentire, recognized globally as the Authority in Managed Detection and Response (MDR), today announced the expansion of its award-winning MDR services with Microsoft Azure Sentinel, as part of its integration with the complete Microsoft 365 Defender and Azure Defender product suites supporting Microsoft SIEM, endpoint, identity, email and cloud security services.…
Read More
Our award-winning partner program offers financial rewards, sales and marketing tools and personalized training. Accelerate your business and grow your revenue by offering our world-class Managed Detection and Response (MDR) services.
Learn about our Partner Program
Apply today to partner with the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Blog — Oct 08, 2020

The Untold History of Managed Detection and Response Part III: Looking Ahead

Note: This post is the final part of The Untold History of MDR; if you haven’t done so yet, be sure to check out Part I: “Collaborative Threat Management” and “Embedded Incident Response” and Part II: Nerds at Work.

An accountant in a legal services organization opens an email from their manager outlining new security protocols which will be put in place while the team is working from home. The details are in an attached Microsoft Word document. Unbeknownst to the accountant, the email wasn’t from their manager—it was just cleverly disguised by hijacking an existing email thread. The instant the document is opened malicious macros go to work in the background, evading the enterprise-grade antivirus that’s in place. A piece of dropper malware executes. It connects to a command and control server. New malicious modules are downloaded and begin to use trusted operating system processes to scan the local network and scrape administrative credentials. So far, everything has been automatic, but now a human attacker gets involved—sitting at a keyboard a world away, manually guiding actions to remain below the radar. Suddenly, the attacker is disconnected. The beacons the malware installed stop reporting. Mere minutes after the malicious document was opened, the attack is contained.

What’s in a name?

As relayed in Part I, when we first started proactively intervening on behalf of our customers to stop attacks, we described our service as “Collaborative Threat Management” and “Embedded Incident Response.”

It wasn’t until 2016, when Gartner published their initial market guide (this past August, Gartner released the fifth version), that Managed Detection and Response (MDR) was elevated to a standard term. And in my view, MDR is a much better term than anything we came up with because it better captures the value and the mechanism:

And—as in the scenario at the top of this post—all of that happens before the customer is even aware that there’s an event unfolding.

From eSentire’s inception to today, almost 20 years later, the name of the services provided has changed but the mission has not: ensuring a customer’s network is never breached.

Relentless innovation

While our MDR services have been adopted by the mainstream today, they were forged in the fires of defending hedge funds, lawyers, critical infrastructure—and other high-value targets—against motivated, well-funded attackers.

Providing effective defense against such threats required constant, relentless innovation—in terms of foundational technology, operational scaffolding, and people-centric processes.

To a large extent, cybersecurity has always been a data problem. But today it is a big data problem: full-spectrum coverage (e.g., endpoints, network, cloud, logs) creates a constant stream of forensic data and telemetry from an expansive threat surface; in practice, a mid-market company can easily generate in excess of 10,000 alerts per day.

It takes a well-architected platform to ingest and process that data, from pulling in signals, taking automated actions where possible, enabling SOC analysts and manual responses, and constantly evolving the heuristics, baselines and machine-learning algorithms which help the whole system operate (our 2018 acquisition of cybersecurity AI leader Versive really gave us an edge in this regard).

Even more recently, the cloud has become critical to what we do. Building a cloud-native platform takes time, expertise and investment—it requires completely rearchitecting systems and overhauling software development methodologies. This level of commitment means there’s no quick catch-up option for providers who’ve been left behind with legacy architectures.

But there’s no doubt that the investment is worthwhile, so we started the long and challenging shift to cloud native in early 2019—and our clients are already enjoying the benefits of Atlas, our cloud-native platform. To be clear, this wasn’t a lift-and-shift of our existing technologies; rather, it was a complete re-architecting and rebuilding.

Leveraging patented AI technologies, Atlas learns across our global customer base and immediately extends protection to every customer with each specific detection. This ability to rapidly learn and work at cloud scale, combined with expert human actions (there’s that people plus technology theme again!), stops breaches and reduces customer risk in ways unattainable by legacy security products, traditional MSSPs and other MDR providers.

And it turned out that our timing was prescient. When the pandemic struck and we shifted to a remote SOC model (we operate SOCs in Canada and Ireland), it coincided with the introduction of Atlas—and the cloud model made the transition from physical SOCs to a distributed SOC completely seamless.

So in a short time we’ve seen tremendous innovation in a range of areas: from the richness of the telemetry gathered by agents and sensors, to the ability to process volumes of data that even a decade ago seemed far-fetched, to advances in machine learning and other AI technologies that are key to finding well-hidden needles in ever-larger haystacks, to cloud-native architectures that enable necessary efficiency and scale.

The future of MDR

I often get asked what will come next for MDR, in terms of technological evolution and in general.

While it’s impossible to say for certain, on the technology side I think we’ll see increasing levels or more powerful versions of automation in the coming years. While automatic actions have been a part of cybersecurity for as long as “if…then” statements have been employed—which is to say, forever—we’re on the cusp of a new age of automation. Termed hyperautomation, this approach applies advanced technologies like robotic process automation (RPA) and artificial intelligence to extend well beyond what traditional automation technologies can achieve. Hyperautomation is already a key enabler of our Atlas platform, but I think we’re only scratching the surface of what this technology can do.

What about MDR in general? I think we can get a glimpse into the future by looking at some of the challenges in the latest Gartner market guide. Gartner lists a few challenges near the top of the guide, including the need to establish trust between providers and clients before direct responses can be implemented, and the potential for confusion in the marketplace because so many security providers purport to do MDR (related: 5 Essential Questions to Ask Your Security Provider). But one issue that was deeper in the guide is that customers will increasingly want protection that is customized to their environment.

Delivering custom protection introduces a whole new level of complexity for the MDR provider. If you’re taking a one-size-fits-all approach to detection and response, then that lets you benefit from highly efficient economies of scale. However, when detection and response is tailored to the specifics of a customer’s environment, that’s an extra layer of nuance that must be accounted for in your baselines, your AI algorithms, your automated responses, and your manual interventions.

Most MDR providers are struggling to cover the cloud, let alone to introduce cloud-native architectures, and those two items are probably the top priorities for those vendors. They’re a long way away from offering truly customized protection.

But for those few vendors who are truly pioneering the MDR space, customization is a great way to earn client trust and stand out in a crowded and noisy marketplace.

From then to now

It’s been almost 20 years since we set up the beginnings of eSentire in a spare bedroom in Waterloo, Ontario. So much has changed in that time—the threat landscape, the technology on both sides of the fight, the terminology—and when I sit back and take it all in, I’m amazed how far we’ve come.

But whether we call what we do Collaborative Threat Management, Embedded Incident Response or MDR, one thing has never changed: our guiding value that a customer’s network can never be compromised.

Eldon Sprickerhoff
Eldon Sprickerhoff Founder and Chief Innovation Officer

In founding eSentire, Eldon Sprickerhoff responded to the incipient yet rapidly growing demand for a more proactive approach to preventing and investigating information security breaches. Now with over twenty years of tactical experience, he is acknowledged as a subject matter expert in information security analysis.