What We Do
How we do it
Resources
SECURITY ADVISORIES
Oct 18, 2021
Grief Ransomware Gang Claims 41 New Victims, Targeting Manufacturers; Municipalities; & Service Companies in U.K. & Europe
Grief Operators Earned an Estimated 8.5 Million British Pounds in Four Months Key Findings: The Grief Ransomware Gang (a rebrand of the DoppelPaymer Ransomware Group) claims to have infected 41 new victims between May 27, 2021—Oct. 1, 2021 with their ransomware.Over half the companies listed on Grief’s underground leak site are based in the U.K. and Europe. The Grief Ransomware Gang appears to…
Read More
View all Advisories →
Company
ABOUT eSENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
Oct 12, 2021
eSentire Launches MDR with Microsoft Azure Sentinel Extending Response Capabilities Across Entire Microsoft Security Ecosystem
Waterloo, ON – Oct. 12, 2021 -- eSentire, recognized globally as the Authority in Managed Detection and Response (MDR), today announced the expansion of its award-winning MDR services with Microsoft Azure Sentinel, as part of its integration with the complete Microsoft 365 Defender and Azure Defender product suites supporting Microsoft SIEM, endpoint, identity, email and cloud security services.…
Read More
Partners
PARTNER PROGRAM
Partners
Our award-winning partner program offers financial rewards, sales and marketing tools and personalized training. Accelerate your business and grow your revenue by offering our world-class Managed Detection and Response (MDR) services.
Learn about our Partner Program
PARTNER RESOURCES
Apply today to partner with the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
Resources
Blog — Mar 04, 2015

Would active threat protection from eSentire have prevented the Sony hack?

In the weeks that have passed since the well-publicized Sony breach I have been asked the same question dozens of times, ‘could eSentire’s services have prevented this breach?’ I should say eSentire does not have all the details about this particular breach and we are relying on recent comments issued by FBI Director James Comey and Sony’s own CEO to give us insight to make a determination. In short, the answer is that there is a high probability that the type of threat Sony experienced would have been detected and contained had continuous monitoring like that provided by eSentire, been employed.

Regardless of how the threat actors (or hackers), gained initial network entry access, the resulting breach actually would’ve taken several weeks to achieve, not days. The combination of state-of-the-art detection technologies and human monitoring – the core premise of Active Threat Protection – would have immediately flagged inconsistencies associated with the attack.

When a breach of this level occurs there are several red flags that arise before the damage is done. The key to preventing a serious breach is to identify the significance of those red flags and actively mitigate the harm. Here are some examples of the inconsistencies that should have set off alarm bells:

1. Numerous external connections using non-company proxy servers (eSentire Solution: Network Interceptor™ to identify the connection attempts and Asset Manager Protect and Country Killer to recognize blacklisted IP addresses).

2. Lateral movement within the network originated from different hosts (eSentire Solution: Network Interceptor™ and Host Interceptor).

3. For exploit deployment, numerous payload drops would have to occur (eSentire Solution: Active Forensics, Network Interceptor™ and Executioner).

4. Changes in logging, as privileges were escalated to gather the necessary data to extract (eSentire Solution: Log Sentry™).

5. Finally, Active Threat Protection would have caught and alerted a threat analysis as a result of the 100 TB data exfiltration, as described by Sony’s CEO (eSentire Solution: Active Forensics and Network Interceptor™).

In the world of Active Threat Protection, we act on each of these signals immediately. The elements of this attack are what we detect and block everyday. Intricate attacks such as these are becoming commonplace – so much so that leading analyst firm Gartner Research published a best practices framework (in 2014) to help organizations defend against and mitigate against these kinds of targeted attacks.

As we have seen with the case of Sony, the clean up work involved after a breach has occurred is far more complex and expensive than the preventative measures available to stop and prevent this level of damage.

Without forensic-level network traffic at your disposal, the job of tracking down the culprits and retrieving data is immeasurably more difficult – approaching impossible. In hindsight it is easy to say, “I should have used a working fire alarm,” after you’ve experienced a house fire. In the same way, we don’t want a business to find out too late that they could have had protection measures in place to protect their high value assets.

When we revisit the question of whether Active Threat Protection would help to prevent a breach like Sony’s, the answer is that every indicator points to yes.

J. Paul Haynes
J. Paul Haynes President & Chief Operating Officer

J.Paul Haynes is a professional engineer with a 25-year entrepreneurial track record of success. J.Paul has led eSentire to 10x its size since he joined the company in late 2010.