Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Visibility and response across your entire Microsoft security ecosystem.
XDR with Machine Learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert threat hunting, original research, and proactive threat intelligence.
TRU is foundational to our MDR service. No add-ons or additional costs required.
Stop ransomware attacks before they disrupt your business.
Detect and respond to zero-day exploits.
Protect against third-party and supply chain risk.
Adopt a risk-based approach to cybersecurity.
Protect your most sensitive data.
Meet cybersecurity regulatory compliance mandates.
Eliminate misconfigurations and policy violations.
Prevent business disruption by outsourcing MDR.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and mediating threats to prevent lateral spread.
Enhance investigation and threat detection across multi-cloud or hybrid environments.
Remediate critical misconfigurations, security vulnerabilities and policy violations across cloud and containerized environments.
Detect malicious insider and identity-based behavior leveraging machine learning models.
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company's mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
We believe a multi-signal approach is paramount to protecting your complete attack surface. See why eSentire MDR means multi-signal telemetry and complete response.
See how our 24/7 SOC Cyber Analysts and Elite Threat Hunters stop even the most advanced cyberattacks before they disrupt your business.
Choose the right mix of Managed Detection and Response, Exposure Management, and Incident Response services to strengthen your cyber resilience.
Try our interactive tools including the MITRE ATT&CK Tool, the SOC Pricing Calculator, the Cybersecurity Maturity Assessment, and our MDR ROI Calculator.
Read the latest security advisories, blogs, reports, industry publications and webinars published by eSentire's Threat Response Unit (TRU).
See why 2000+ organizations count on eSentire to build resilience and prevent business disruption.
Understanding the life cycle of an attack is a key component to being able to prevent, detect and respond. Depending on how attackers target an organization there are specific compensating controls and visibility that can be put in place. Verizon’s’ 2019 Data Breach Investigations Report does a good job of explaining this concept:
“In our world, you’ve put defenses and mitigations in place to deter, detect, and defend. And just like on the golf course, the attackers reach into their bag, pull out their iron, in the form of a threat action, and do everything they can to land on the attribute they want in the soft grass of the fairway.” – Page 20, 2019 Data Breach Investigations Report
The above statement relates to how companies practice defense in depth strategies. Even with all of the security investments that organizations put in place hackers have the ability pick a path that isn’t going to trigger any indicators. What is key for managed detection and response providers (MDR) in the security space is that they have the have the ability to collect data from any component of an attack life cycle. Examples of this can include network telemetry, endpoint telemetry, and log data. Being able to piece together what happened when an attacker breached the network, to being able to disrupt the initial access they have from multiple enforcement points is a key differentiator for an MDR provider.
Verizon’s Data Breach Investigations Report also explores (Figure 29 below) how detecting attack paths that are short is much more difficult than detecting longer attack paths. From eSentire’s perspective this makes a lot of sense. The hardest part for an attacker is the initial compromise. Once past the perimeter defenses of an organization it is really about completing the objective without triggering any additional alarms. The least number of steps within a compromise makes it more difficult for a security product or service to detect the threat actors.
Figures 31-33 from the same Verizon report also provides insight into the steps hackers take when an incident occurs. When looking at the results for the beginning (left image), middle (middle image) and end of an attack path (right image) it is important to note that the first step doesn’t generally originate with malware. This is common with what eSentire sees across its client base as well. Getting initial code execution within a target environment most commonly involves some sort of exploitation or social engineering. Once the initial code execution has occurred malware is generally used to gain persistence and a reliable connection into an environment. Malware is a reliable way for threat actors to keep access, load additional tools/capabilities and allows for pivoting to other machines from the compromise. In the later part of the attack stage pivoting to other machines often related to additional hacking techniques and deploying additional malware.
Defense strategies around being able to prevent, detect and respond to these types of events in the threat landscape is important. Utilizing known standards and industry supported techniques for covering these gaps within an organization is necessary to have any remote chance of detecting these various stages of an attack. An excerpt from the Center for Internet Security from the VDBIR report:
“Leveraging an attack path model is not only an important step towards formalizing our understanding of attacks, but also a means to understanding our defense.” – Page 23, 2019 Data Breach Investigations Report
MITRE ATT&CK is a great framework to leverage for creating coverage for attacks that have been seen in the wild. The tactics and techniques can be associated with specific attack paths for adversaries seen in previous incidents but at a higher level can be used to share commonalities and detection criteria. The key is to understand the different entry points in an attack and creating the capabilities to have visibility, prevention, detection and response actions tied to identifying a specific attack path.
Verizon’s Data Breach Investigations Report is a great yearly resource for companies to read and digest for trends of attacks. It should be used as an additional input (alongside resources like eSentire’s own Threat Intelligence Reports) into what an organization should focus on from a security strategy perspective.