Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert hunting, research and content.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and remediating threats to prevent lateral spread.
Investigation and enhanced threat detection across multi-cloud or hybrid environments.
Configuration escalations, policy and posture management.
Detects malicious insider behavior leveraging Machine Learning models.
Customer testimonials and case studies.
Stories on cyberattacks, customers, employees, and more.
Cyber incident, analyst, and thought leadership reports & papers.
Demonstrations, seminars and presentations on cybersecurity topics.
Information and solution briefs for our services.
Episodes on cybersecurity strategy and threat intel.
eSentire will be speaking at Advocate's Insider Summit.
Join eSentire’s half-day Cybersecurity Insights Summit to hear from a…
eSentire will be speaking and exhibiting at CIO Arena.
“Those who cannot remember the past are condemned to repeat it.”
It’s a fact: All non-trivial software code has bugs so don’t be surprised if vulnerabilities are discovered, and since patches are also non-trivial code, don’t be surprised if vulnerabilities are also discovered within the patches. It’s somewhat of a tautology within the discipline of Software Engineering.
Keeping this in mind, if you’re relying solely on the strength of the software to defend yourself, you’re setting yourself up for a grave mistake, especially if the software has elevated access permissions to your company and/or is critical to your company’s s function.
The Kaseya incident that eSentire investigated in 2018 is an unfortunate example of this. A few years ago, we discovered attackers had figured out how to gain high-level access to VSA instances around the world and had hijacked the process to install Monero cryptocurrency mining software. While we were helping Kaseya investigate the incident (through a responsible vulnerability disclosure methodology), I remember waiting on tenterhooks for the patches to be released; knowing that at any time the attackers could choose to pivot from cryptomining to ransomware. Luckily, at the time, the attackers chose to stay on the cryptomining course without escalating the situation.
When the final patch was released, everyone released a deep sigh of relief, but truly – it wasn’t over. It took years until someone else discovered a vulnerability and then chose to deploy ransomware. The rest, as they say, is recent history.
It’s critical to isolate and monitor all high-impact and/or critical systems within your organization. It’s not sufficient to merely keep them patched and up-to-date; you need to get a sense of what kind of activity is “expected” and have the capability to investigate when something unusual occurs; not so much an “Indicator of Compromise” but more of an “Indicator of Concern”. This is even more important for systems that have externally-facing access from the Internet in general.
Even properly-patched software has bugs, and vulnerabilities not yet discovered and/or exercised. The recent Microsoft Exchange, SolarWinds, and Kaseya events demonstrate this, and if we don’t figure out how to defend ourselves better, as George Santayana stated: “Those who cannot remember the past are condemned to repeat it,” to which I might add, “and it might be even worse the next time around.”