Combine cutting-edge XDR technology, multi-signal threat intelligence and 24/7 Elite Threat Hunters to help you build a world-class security operation.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Cyber risk and advisory programs that identify security gaps and build security strategies to address them.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
XDR with machine learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Seamless integration and threat investigation across your existing tech stack.
Defend brute force attacks, active intrusions and unauthorized scans.
Guard endpoints by isolating and remediating threats to prevent lateral spread.
Investigation and threat detection across multi-cloud or hybrid environments.
Remediate misconfigurations, vulnerabilities and policy violations.
Investigate and respond to compromised identities and insider threats.
Stop ransomware before it spreads.
Meet regulatory compliance mandates.
Detect and respond to zero-day exploits.
End misconfigurations and policy violations.
Defend third-party and supply chain risk.
Prevent disruption by outsourcing MDR.
Adopt a risk-based security approach.
Meet insurability requirements with MDR.
Protect your most sensitive data.
Build a proven security program.
Operationalize timely, accurate, and actionable cyber threat intelligence.
THE THREATA recently disclosed vulnerability impacting Zimbra mail servers is being actively exploited by attacker(s). On September 27th, Zimbra publicly disclosed CVE-2024-45519, a…
Sep 17, 2024THE THREAT Technical details and Proof-of-Concept (PoC) exploit code for the critical Ivanti Endpoint Manager (EPM) vulnerability CVE-2024-29847 are now publicly available.…
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Multi-Signal MDR with 300+ technology integrations to support your existing investments.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
Three MDR package tiers are available based on per-user pricing and level of risk tolerance.
The latest security advisories, blogs, reports, industry publications and webinars published by TRU.
Compare eSentire to other Managed Detection and Response vendors to see how we stack up against the competition.
See why 2000+ organizations globally have chosen eSentire for their MDR Solution.
Note: This post is the final part of The Untold History of MDR; if you haven’t done so yet, be sure to check out Part I: “Collaborative Threat Management” and “Embedded Incident Response” and Part II: Nerds at Work.
An accountant in a legal services organization opens an email from their manager outlining new security protocols which will be put in place while the team is working from home. The details are in an attached Microsoft Word document. Unbeknownst to the accountant, the email wasn’t from their manager—it was just cleverly disguised by hijacking an existing email thread. The instant the document is opened malicious macros go to work in the background, evading the enterprise-grade antivirus that’s in place. A piece of dropper malware executes. It connects to a command and control server. New malicious modules are downloaded and begin to use trusted operating system processes to scan the local network and scrape administrative credentials. So far, everything has been automatic, but now a human attacker gets involved—sitting at a keyboard a world away, manually guiding actions to remain below the radar. Suddenly, the attacker is disconnected. The beacons the malware installed stop reporting. Mere minutes after the malicious document was opened, the attack is contained.
As relayed in Part I, when we first started proactively intervening on behalf of our customers to stop attacks, we described our service as “Collaborative Threat Management” and “Embedded Incident Response.”
It wasn’t until 2016, when Gartner published their initial market guide (this past August, Gartner released the fifth version), that Managed Detection and Response (MDR) was elevated to a standard term. And in my view, MDR is a much better term than anything we came up with because it better captures the value and the mechanism:
And—as in the scenario at the top of this post—all of that happens before the customer is even aware that there’s an event unfolding.
From eSentire’s inception to today, almost 20 years later, the name of the services provided has changed but the mission has not: ensuring a customer’s network is never breached.
While our MDR services have been adopted by the mainstream today, they were forged in the fires of defending hedge funds, lawyers, critical infrastructure—and other high-value targets—against motivated, well-funded attackers.
Providing effective defense against such threats required constant, relentless innovation—in terms of foundational technology, operational scaffolding, and people-centric processes.
To a large extent, cybersecurity has always been a data problem. But today it is a big data problem: full-spectrum coverage (e.g., endpoints, network, cloud, logs) creates a constant stream of forensic data and telemetry from an expansive threat surface; in practice, a mid-market company can easily generate in excess of 10,000 alerts per day.
It takes a well-architected platform to ingest and process that data, from pulling in signals, taking automated actions where possible, enabling SOC analysts and manual responses, and constantly evolving the heuristics, baselines and machine-learning algorithms which help the whole system operate (our 2018 acquisition of cybersecurity AI leader Versive really gave us an edge in this regard).
Even more recently, the cloud has become critical to what we do. Building a cloud-native platform takes time, expertise and investment—it requires completely rearchitecting systems and overhauling software development methodologies. This level of commitment means there’s no quick catch-up option for providers who’ve been left behind with legacy architectures.
But there’s no doubt that the investment is worthwhile, so we started the long and challenging shift to cloud native in early 2019—and our clients are already enjoying the benefits of Atlas, our cloud-native platform. To be clear, this wasn’t a lift-and-shift of our existing technologies; rather, it was a complete re-architecting and rebuilding.
Leveraging patented AI technologies, Atlas learns across our global customer base and immediately extends protection to every customer with each specific detection. This ability to rapidly learn and work at cloud scale, combined with expert human actions (there’s that people plus technology theme again!), stops breaches and reduces customer risk in ways unattainable by legacy security products, traditional MSSPs and other MDR providers.
And it turned out that our timing was prescient. When the pandemic struck and we shifted to a remote SOC model (we operate SOCs in Canada and Ireland), it coincided with the introduction of Atlas—and the cloud model made the transition from physical SOCs to a distributed SOC completely seamless.
So in a short time we’ve seen tremendous innovation in a range of areas: from the richness of the telemetry gathered by agents and sensors, to the ability to process volumes of data that even a decade ago seemed far-fetched, to advances in machine learning and other AI technologies that are key to finding well-hidden needles in ever-larger haystacks, to cloud-native architectures that enable necessary efficiency and scale.
I often get asked what will come next for MDR, in terms of technological evolution and in general.
While it’s impossible to say for certain, on the technology side I think we’ll see increasing levels or more powerful versions of automation in the coming years. While automatic actions have been a part of cybersecurity for as long as “if…then” statements have been employed—which is to say, forever—we’re on the cusp of a new age of automation. Termed hyperautomation, this approach applies advanced technologies like robotic process automation (RPA) and artificial intelligence to extend well beyond what traditional automation technologies can achieve. Hyperautomation is already a key enabler of our Atlas platform, but I think we’re only scratching the surface of what this technology can do.
What about MDR in general? I think we can get a glimpse into the future by looking at some of the challenges in the latest Gartner market guide. Gartner lists a few challenges near the top of the guide, including the need to establish trust between providers and clients before direct responses can be implemented, and the potential for confusion in the marketplace because so many security providers purport to do MDR (related: 5 Essential Questions to Ask Your Security Provider). But one issue that was deeper in the guide is that customers will increasingly want protection that is customized to their environment.
Delivering custom protection introduces a whole new level of complexity for the MDR provider. If you’re taking a one-size-fits-all approach to detection and response, then that lets you benefit from highly efficient economies of scale. However, when detection and response is tailored to the specifics of a customer’s environment, that’s an extra layer of nuance that must be accounted for in your baselines, your AI algorithms, your automated responses, and your manual interventions.
Most MDR providers are struggling to cover the cloud, let alone to introduce cloud-native architectures, and those two items are probably the top priorities for those vendors. They’re a long way away from offering truly customized protection.
But for those few vendors who are truly pioneering the MDR space, customization is a great way to earn client trust and stand out in a crowded and noisy marketplace.
It’s been almost 20 years since we set up the beginnings of eSentire in a spare bedroom in Waterloo, Ontario. So much has changed in that time—the threat landscape, the technology on both sides of the fight, the terminology—and when I sit back and take it all in, I’m amazed how far we’ve come.
But whether we call what we do Collaborative Threat Management, Embedded Incident Response or MDR, one thing has never changed: our guiding value that a customer’s network can never be compromised.
Eldon Sprickerhoff is the original pioneer and inventor of what is now referred to as Managed Detection and Response (MDR). In founding eSentire, he responded to the incipient yet rapidly growing demand for a more proactive approach to preventing and investigating information security breaches. Now with over 20 years of tactical experience, Eldon is acknowledged as a subject matter expert in information security analysis. Eldon holds a Bachelor of Mathematics, Computer Science degree from the University of Waterloo.