What We Do
How we do it
Resources
SECURITY ADVISORIES
May 11, 2022
CVE-2022-26923 - Active Directory Domain Services Elevation of Privilege Vulnerability
THE THREAT Microsoft has disclosed a new vulnerability impacting Active Directory Certificate Services (ADCS) tracked as CVE-2022-26923 (Active Directory Domain Services Elevation of Privilege Vulnerability). If exploited successfully, an authenticated attacker can escalate privileges in environments where ADCS is running on the domain. eSentire is aware of technical details and tooling [2] for…
Read More
View all Advisories →
Company
ABOUT ESENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1200+ organizations in 75+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
May 17, 2022
Cybersecurity Leader eSentire Continues Its Commitment to Rigorous Security Standards Earning PCI DSS Certification
Waterloo, ON, May 17, 2022 — eSentire, the Authority in Managed Detection and Response (MDR), maintains one of the most secure and robust IT environments of any MDR provider in the industry. To that end, eSentire today announced that it has received the Payment Card Industry Data Security Standard (PCI DSS) certification, considered one of the most stringent and comprehensive payment card…
Read More
Partners
PARTNER PROGRAM
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
ECOSYSTEM PARTNER RESOURCES
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
Resources
Blog — May 16, 2019

Third-Party Risk to the Nth Degree: Supply Chain Breaches

Speak With A Security Expert Now

Wipro. Target. Image-I-Nation. British Airways. TicketMaster. The list of organizations affected by supply chain breaches continues to grow as criminals turn their sights on supply chains to attack their intended/final target. Third-party risk in the world of cybersecurity is often unaddressed despite increasing awareness and focus from regulators globally.

Carbon Black’s most recent Global Incident Response Threat Report (GIRTR) found that half of all cyberattacks now leverage the supply chain in some way. In the case of the April 2019 Wipro breach, clients that depend on the global IT services conglomerate for normal business operations were affected, as well as Wipro itself … all due to technologies common across Wipro’s organization. These third parties, especially in the MSP and MSSP world, are interconnected at a deep level with their own third-party organizations, as well as the multi-tenant client base they maintain and serve. Evaluating these organizations and understanding how and where they’re strong or weak is key to the trust you place in them by depending on their services.

This need expressed by our customers combined with regulatory pressure has driven eSentire to establish third-party risk programs to guard against third-party party risk to the nth degree and support our customers in preparing and addressing the most severe outcomes. We accomplish this by first understanding the types of risks presented with the levels of implicit trust afforded to MSPs and MSSPs and how they impact our customers.

By continually evaluating and reacting to the knowledge of risk in any third-party relationship, we can establish the right amount of governance and oversight needed to address said risks where they show up. In a nutshell, if customers don’t know that MSSP #1 is lacking its own cybersecurity risk program, security monitoring and operations program, vulnerability management program, or even a third-party risk management program, then customers have no sense of where and how their risk could become our risk. As the old adage goes, “Trust but verify” very much applies here.

At eSentire, we build security programs and products which, above and beyond whatever they do on paper, are risk-informed and standards-aligned. In seeking to address ongoing cybersecurity threats, nothing short of this will do. In the context of third-party risk, this means applying the NIST CSF at scale and understanding how to drive the maturity of these organizations up that scale in a way that makes them proactive and agile in their response to ongoing cybersecurity threats.

View Most Recent Blogs
eSentire
eSentire

eSentire is the Authority in Managed Detection and Response, protecting the critical data and applications of 1200+ organizations in 75+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk, and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts & Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services. For more information, visit www.esentire.com and follow @eSentire.