What We Do
How we do it
Resources
SECURITY ADVISORIES
May 11, 2022
CVE-2022-26923 - Active Directory Domain Services Elevation of Privilege Vulnerability
THE THREAT Microsoft has disclosed a new vulnerability impacting Active Directory Certificate Services (ADCS) tracked as CVE-2022-26923 (Active Directory Domain Services Elevation of Privilege Vulnerability). If exploited successfully, an authenticated attacker can escalate privileges in environments where ADCS is running on the domain. eSentire is aware of technical details and tooling [2] for…
Read More
View all Advisories →
Company
ABOUT ESENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1200+ organizations in 75+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
May 17, 2022
Cybersecurity Leader eSentire Continues Its Commitment to Rigorous Security Standards Earning PCI DSS Certification
Waterloo, ON, May 17, 2022 — eSentire, the Authority in Managed Detection and Response (MDR), maintains one of the most secure and robust IT environments of any MDR provider in the industry. To that end, eSentire today announced that it has received the Payment Card Industry Data Security Standard (PCI DSS) certification, considered one of the most stringent and comprehensive payment card…
Read More
Partners
PARTNER PROGRAM
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
ECOSYSTEM PARTNER RESOURCES
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
Use Cases
SENSITIVE DATA SECURITY

Protect Your Most Sensitive Data

Threat actors will target you based on how sensitive your data is, how much that data is worth, and how easy of a target you are versus your industry peers. Learn what it takes to build a cybersecurity strategy that protects the sensitive data of your business and your customers.

Get Started

Protection for your most
sensitive data

Test and assess
your defenses

The More Sensitive The Data, The More Likely It Will Be Targeted

Consumers and businesses are sharing more data across an ever-expanding digital landscape, including cloud, mobile and IoT. Organizations are increasingly challenged to deliver a mobile, cloud-enabled, customer experience in order to compete while balancing the associated cyber risk that it entails.

No matter how big or small your organization is, there is a significant amount of sensitive data that you may store, handle, process, and/or transmit that must be secured, such as personally identifiable information (PII) and protected health information (PHI):

  • Personally identifiable information (PII) includes the full name, address, phone number, email address, social security number, taxpayer information, financial information, and any other data that companies can store to identify a specific individual, whether they’re an employee or customer.

  • Protected health information (PHI) includes a patient’s medical history, demographic data, medical test and lab results, insurance coverage information, and other sensitive data that a healthcare provider collects to identify an individual and administer proper medical care.

  • Electronic protected health information (ePHI) refers to any of the above confidential health data that is stored, handled, or transmitted electronically.

The more sensitive the data, the higher the probability that threat actors will attack it. It is not just a question of financial gain. Hackers enjoy the challenge, and status that comes from breaking into your most sensitive data.

When thinking data security, ask yourself:

  • How prepared are we to protect against sensitive data theft?
  • What is the probability of our traditional perimeter defenses being bypassed by hackers?

Organizations can take preventative measures, such as delivering phishing and security awareness training for employees to take extra precaution in their personal and professional online activities. However, this only goes so far to mitigate the inevitable risk of human error.

We live in a world where people constantly share personal information online giving threat actors endless opportunity and time to use personal data as a key that allows easy entry into a target’s network.

How eSentire Protects Your Sensitive Data

Protection from a targeted attack requires swift detection and response capabilities. eSentire Managed Detection and Response (MDR) delivers advanced detection, 24/7 threat hunting, deep investigation, and most of all complete response. We detect attacks on your sensitive data and stop threats on your behalf before they disrupt your business - full stop.

We also recommend continually testing your cyber defenses through Managed Risk services such as Red Teaming and Penetration Testing engagements and conducting Vulnerability Scanning to ensure that your team can identify any blindspots and build an effective defensive strategy against the most pressing cyber threats.

We Secure Industries Responsible For Protecting Sensitive and Confidential Data

Put Your Cyber Defenses to the Test

No matter how large or small your organization is, threat actors are going to exploit vulnerable systems and take advantage of human error in pursuit of their objectives. Unfortunately, research commissioned by eSentire has shown that only 39% of organizations have the detection and response capabilities to deter a cyberattacker.

It is essential that you prioritize testing your organizations cyber defenses continually to maintain your business operations, deliver services and limit operational disruption.

Download the white paper to learn how you can put your cyber defenses to the test using proactive risk management programs to safeguard your sensitive data and mitigate your cyber risk.

Download Now →

Another Sensitive Data Breach?

Evidenced in daily data breach headlines, organizations are losing ground to the evolving cyber threat landscape. How quickly organizations can detect and respond to cyberattacks is the most important factor in risk mitigation. More specifically, the ability to identify and contain cyberattacks early in the attack chain and prevent attempts to exfiltrate sensitive data is a necessity to avoid business disruption.

eSentire Managed Detection and Response Protects Your Most Sensitive Data

eSentire is the Authority in Managed Detection and Response, protecting the critical data and applications of 1200+ organizations in 75+ countries from known and unknown cyber threats. Team eSentire’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.

With eSentire MDR, you get:

  • 24/7 Always-on Monitoring, Threat Hunting, Threat Disruption & Containment
  • Mean Time to Contain: 15 Minutes
  • Machine Learning XDR Cloud Platform
  • Multi-signal Coverage and Visibility
  • Automated Blocking
  • Proactive Manual Threat Containment and Response
  • Threat Advisories & Thought Leadership
  • Cyber Risk Advisor
  • Operational Reporting with 24/7 Insight Portal Access
Read the Data Sheet

Test and Assess Your Cyber Defenses with Managed Risk Services

eSentire Managed Risk Services measure your current security posture through a framework of industry best practices and regulatory compliance requirements to protect your most sensitive data.

Our risk management team helps you identify blind spots, build a strategy for mitigating risk, and operationalizes capabilities to predict and prevent known threats. Our managed risk program works hand in hand with our multi-signal MDR service to deliver high fidelity detection and complete response.

The results? Your security program becomes adaptable to business performance drivers and the evolving threat landscape. Your defenses are hardened, risks are managed, and you can demonstrate measurable return on your cyber investment over time.

Read the Data Sheet

Inside The Mind Of A Hacker: Personal Data Used As A Key For Intrusion

This real eSentire Red Team engagement gives a close up look inside the mind of a hacker.

What is red team testing?

Red Team engagements are designed to test your prevention, detection, and response capabilities over a longer period of time versus more traditional forms of penetration testing.

STEP ONE

Infrastructure Scanning To Discover Exposed Applications Or Servers To Exploit

We discovered, and identified, a password reset application as a possible vector for intrusion. It required four pieces of personal data to reset the password including username, date of birth, social security number and place of birth.

STEP TWO

Identify A Target User And Their Username As The Subject To Hack The Password Reset Tool

Next, we targeted a user with a unique first and last name for easier identification in the OSINT process. Free online scraping tools easily confirmed the target’s username.

STEP THREE

Discover Date of Birth

We leveraged social media profiles, legitimate “find a person” websites and data dumps from breaches to verify the target user’s date of birth.

STEP FOUR

Discover Social Security Number

We were able to purchase the user’s social security numbers which are widely available on the Dark Web.

STEP FIVE

Discover Place of Birth

Place of birth is not as common of a data type used online, making it more difficult to discover. We leveraged a fake social media account to connect with the target user on multiple platforms. Then, we monitored the target user’s social media accounts for clues and cross-referenced old photos, connections, past attended events, and support of a local school, which pointed toward a place of birth.

The Result

eSentire’s Red Team successfully hacked the exposed password reset tool. Once inside the network, the team was eventually able to compromise 39 other accounts, including an account with IT administrative privileges. Ultimately, eSentire’s Red Team gained access to the following:

  • Corporate credit card numbers
  • Confidential price list on products and services
  • Documents on fiscal year planning and strategy
  • Information on existing customers

Read the sheet for more information on this Red Team engagement and learn how to protect your organization against targeted attacks.

Security Leaders Count on eSentire

Mcsaatchi greyscale logo
With eSentire MDR we have gained visibility into attacks against our infrastructure and I have peace of mind knowing that we are defended by the best in the business with 24/7 SOC Cyber Analysts and Elite Threat Hunters who are bolstered by eSentire’s unique Threat Response Unit for original research, threat analysis and content development."
Neil Waugh
Chief Information Officer | M&C Saatchi
Rawlinson greyscale logo
We have immediate visibility into attempts to penetrate our network and feel better knowing that eSentire’s MDR is ‘manned’ 24/7/365 with experienced cyber security experts.”
Mark Fairhead
Associate Director ( IT Department ) | Rawlinson & Hunter
Hhr greyscale logo
The nice thing with eSentire is, they’re always looking at my network. They’re looking at my environment. They’re looking at everything that’s coming through. I can sleep at night. I don’t have to have 24/7 SOC. I know that my network is being looked at and they’re taking care of it. And if they see something that they deem to be a threat, they can prevent it, and block it, and stop it, and get a hold of my team, if needed.”
Leon Goldstein
CIO | Hughes Hubbard & Reed LLP
View Case Studies and Reviews

Ready to get started?

We’re here to help! Submit your information and an eSentire Representative will be in touch to discuss how we can protect your sensitive data.