What We Do
How we do it
Resources
TRU INTELLIGENCE CENTER
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
View Threat Intelligence Resources →
SECURITY ADVISORIES
Mar 15, 2023
CVE-2023-23397 - Microsoft Outlook Elevation of Privilege Zero-Day Vulnerability
THE THREAT On March 14th, as part of Microsoft’s monthly Patch Tuesday release, the company disclosed a critical, actively exploited vulnerability impacting Microsoft Office and Outlook. The…
Read More
View all Advisories →
Company
ABOUT ESENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
Mar 20, 2023
Exertis and eSentire Partner to Deliver 24/7 Multi-Signal MDR, Digital Forensics & IR Services and Exposure Management to Organisations Across the UK, Ireland, and Europe
Basingstoke, UK– 20 March, 2023. Leading technology distributor, Exertis, announced today that it has bolstered its cybersecurity services, adding eSentire, the Authority in Managed Detection and Response (MDR), to its Enterprise portfolio of offerings. eSentire’s award-winning, 24/7 multi-signal MDR, Digital Forensics & Incident Response (IR), and Exposure Management services will be available…
Read More
Partners
PARTNER PROGRAM
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
ECOSYSTEM PARTNER RESOURCES
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
Use Cases
THIRD-PARTY CYBER RISK

Protection From Third-Party and Supply Chain Risk

Organizations typically have multiple vendors and those vendors have vendors, which creates a hidden web of potential data risk. While you are responsible for your partners, you must also consider the risk brought on by external parties in your vendor ecosystem. eSentire helps assess your third-party risk, and offers 24/7 support for rapid threat detection, threat hunting and complete threat containment in minutes, before your business is disrupted.

Get Started

Identify your risk of a
third-party breach

Protection from threat actors
leveraging third-party
vendors for attacks

×

We're here to help!

Submit your information and an eSentire representative will be in touch.

Our Current G2 Ratings
mdr Leader winter enterprise leader winter mid market highest adoption winter

Managed Detection and Response
(MDR)

security leader winter

System Security

THIRD-PARTY AND SUPPLY CHAIN CYBER RISK BY THE NUMBERS

60%

of security incidents will result from issues with third parties1

55%

of security pros reported their organization experienced an incident or breach involving supply chain or third-party providers in the past 12 months1

An estimated

2/3

of breaches are a result of supplier or third-party vulnerabilities2

74%

of organizations reported suffering a data breach as a result of giving too much privileged access to third-parties3

How Do You Assess Vendor Risk Today?

For many organizations, cost-effective scalability means outsourcing some or all of your business functions to a complex web of third-party vendors.

Third-party cyber risk, also known as vendor risk, is about analyzing and controlling the fact that your data could be compromised by external vendors and service providers. When it comes to third-party cyber risk, you need to ask yourself:

  • Do I have formal procedures to manage the potential web of cyber risk that comes with outsourcing?
  • Have I thought about the supply chain in my vendors’ ecosystems and who else may have access to my data?
  • How am I ensuring my data is protected if one of my third-party vendors or supply chain partners is compromised?

The cost of a third-party vendor breach is not just measured in short-term financial loss and lost productivity, but also in long-term reputational damage and client churn.

The best way to protect your company from a devastating breach is to avoid one in the first place – conduct the due diligence needed and have the right protection in place.

How eSentire Protects Against Third-Party and Supply Chain Risk

We can help with third-party cyber risk due diligence with our Vendor Risk Assessments and provide ongoing 24/7 protection with eSentire Managed Detection and Response (MDR).

eSentire Vendor
Risk Assessment
eSentire Managed
Detection & Response
KEY CHALLENGE

Identify your risk of a supply chain or third-party breach.

Protect your business from threat actors leveraging your third-party vendor(s) to bypass traditional security controls.

HOW WE HELP
  • Review and assist in the development or improvement of an ongoing third-party risk management program.
  • Conduct questionnaire-based cyber risk assessments on specific third parties based on the core 15 areas of eSentire’s Security Framework.
  • Interpret and communicate the findings and develop a pragmatic plan for improvements to reduce cyber risk.
  • Multi-signal visibility with deep correlation and investigation capability, strengthening our Response, and Time to Contain.
  • 24/7 threat hunting with proactive, automated blocks of malicious intent and SOC Cyber Analyst support.
  • Atlas XDR driven rapid detection and automated threat disruptions.
  • We detect, isolate and contain cyber threats before they disrupt your business operations.

eSentire Vendor
Risk Assessment

KEY CHALLENGES

Identify your risk of a supply chain or third-party breach

HOW WE HELP
  • Review and assist in the development or improvement of an ongoing third-party risk management program
  • Conduct questionnaire-based cyber risk assessments on specific third parties based on the core 15 areas of eSentire’s Security Framework
  • Interpret and communicate the findings and develop a pragmatic plan for improvements to reduce cyber risk

eSentire Managed
Detection & Response

KEY CHALLENGES

Protect your business from threat actors leveraging your third-party vendor(s) to bypass traditional security controls

HOW WE HELP
  • Multi-signal visibility with deep correlation and investigation capability, strengthening our Response, and Time to Contain.
  • 24/7 threat hunting with proactive, automated blocks of malicious intent and SOC Cyber Analyst support.
  • Atlas XDR driven rapid detection and automated threat disruptions.
  • We detect, isolate and contain cyber threats before they disrupt your business operations.

The Complexity of Supply Chain and Third-Party Cyber Risk

Companies increasingly use third-parties to scale their operations quickly and reduce costs. But, many of the organizations contracting third-parties don’t consider the data, operational, and financial risks. The heightened use of technologies such as IoT and mobile devices, and cloud platforms by vendors should make you question, “Where is my data and how can I protect it in someone else’s hands?”

Third-party or supply chain partners gain privileged access to your mission-critical IT environments and sensitive data. Read our guide for a condensed due diligence questionnaire to help you quantify these cyber risks.

Download Now

Identify Your Risk of A Third-Party Breach

As a security leader, you must account for the lack of visibility and reduced end-to-end control the presence of third-party vendors has on your overall attack surface. eSentire is here to minimize your third-party risk with Managed Risk and Multi-Signal MDR services.

eSentire Vendor Risk Assessment

Lack of visibility and end-to-end control of vendor security practices increase the potential attack surface that your organization must consider.

eSentire’s Vendor Risk Assessment is built on the foundation of NIST and is designed to help resource constrained organizations to:

  • Determine risk identification and measurement criteria
  • Categorize assessment data access against your organization’s risk appetite
  • Develop questionnaires for assessment
  • Conduct comprehensive assessments
  • Analyze data with comparisons against risk categorizations
  • Define corrective actions for risky third-parties and vendors
  • Determine defensive adjustments to mitigate your risk
Read the Data Sheet

eSentire Multi-Signal MDR

Not all MDR is created equal. eSentire is the Authority in Managed Detection and Response, protecting the critical data and applications of 2000+ organizations in 80+ countries, representing 35 industries from known and unknown cyber threats. Team eSentire’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.

With eSentire MDR, you get:

  • 24/7 Always-on Monitoring, Threat Hunting, Threat Disruption & Containment
  • Mean Time to Contain: 15 Minutes
  • Machine Learning XDR Cloud Platform
  • Multi-signal Coverage and Visibility
  • Automated Blocking
  • Proactive Manual Threat Containment and Response
  • Threat Advisories & Thought Leadership
  • Cyber Risk Advisor
  • Operational Reporting with 24/7 Insight Portal Access
Read the Data Sheet

eSentire In Action

WE OWN THE R IN MDR

The Kaseya Zero-Day Attacks

Watch this video with one of eSentire’s Elite Threat Hunters, Spence Hutchinson, as he reviews the Kaseya VSA supply chain attacks. Spence outlines how eSentire’s Security Operations Center (SOC) & Threat Response Unit (TRU) were able to quickly respond on our customer’s behalf and notify Kaseya of the breaches.

In these 2018 and 2021 attacks, threat actors leveraged zero-day vulnerabilities to push Cryptomining malware and Ransomware to Kaseya VSA customers. Our BlueSteel Machine Learning Engine identified malicious Powershell commands being executed. eSentire’s actions to detect, respond and remediate these attacks demonstrate the importance of MDR services that go beyond alerting and host isolation to deliver complete & robust response.

Learn more about the r in mdr →

CASE STUDY

Fraudulent Transaction Illuminates Third-Party Risk

eSentire was engaged by a financial services firm to conduct third-party risk assessments because the firm had experienced a failed audit due to the discovery of a fraudulent transaction from a compromised third party.

Realizing the potential implications of a repeat issue and that they may already be compromised by another vendor, the client contracted eSentire’s Virtual CISO services, specifically a Third-Party Risk Assessment.

Read the case study for the full story on how eSentire executed tailored risk assessments that resulted in operational cost savings for this firm.

Read Now →

CASE STUDY

Third-party serves as staging point for cryptojacking attack using Powershell

eSentire observed an unknown threat actor attempting to deploy Monero cryptocurrency mining malware to multiple customers. This increasingly common type of attack known as “cryptojacking” allows a hacker to leverage the compute power of devices on a personal or corporate network to mine cryptocurrencies, unbeknownst to the victim.

Following an investigation from eSentire’s SOC, it was determined that the threat actor was leveraging a previously unknown vulnerability (zero-day exploit) in Kaseya’s Virtual Systems Administrator (VSA) agent as a vector to gain access to the clients’ network.

Read this case study for more details and to see how eSentire remediated the attack.

Read Now →

WE OWN THE R IN MDR

The Kaseya Zero-Day Attacks

Watch this video with one of eSentire’s Elite Threat Hunters, Spence Hutchinson, as he reviews the Kaseya VSA supply chain attacks. Spence outlines how eSentire’s Security Operations Center (SOC) & Threat Response Unit (TRU) were able to quickly respond on our customer’s behalf and notify Kaseya of the breaches.

In these 2018 and 2021 attacks, threat actors leveraged zero-day vulnerabilities to push Cryptomining malware and Ransomware to Kaseya VSA customers. Our BlueSteel Machine Learning Engine identified malicious Powershell commands being executed. eSentire’s actions to detect, respond and remediate these attacks demonstrate the importance of MDR services that go beyond alerting and host isolation to deliver complete & robust response.

Learn more about the r in mdr →

CASE STUDY

Fraudulent Transaction Illuminates Third-Party Risk

eSentire was engaged by a financial services firm to conduct third-party risk assessments because the firm had experienced a failed audit due to the discovery of a fraudulent transaction from a compromised third party.

Realizing the potential implications of a repeat issue and that they may already be compromised by another vendor, the client contracted eSentire’s Virtual CISO services, specifically a Third-Party Risk Assessment.

Read the case study for the full story on how eSentire executed tailored risk assessments that resulted in operational cost savings for this firm.

Read Now →

CASE STUDY

Third-party serves as staging point for cryptojacking attack using Powershell

eSentire observed an unknown threat actor attempting to deploy Monero cryptocurrency mining malware to multiple customers. This increasingly common type of attack known as “cryptojacking” allows a hacker to leverage the compute power of devices on a personal or corporate network to mine cryptocurrencies, unbeknownst to the victim.

Following an investigation from eSentire’s SOC, it was determined that the threat actor was leveraging a previously unknown vulnerability (zero-day exploit) in Kaseya’s Virtual Systems Administrator (VSA) agent as a vector to gain access to the clients’ network.

Read this case study for more details and to see how eSentire remediated the attack.

Read Now →

×

Security Leaders Count on eSentire

En Cap Investments LP grey
eSentire provides a better security posture for our organization."
Shahab Kazim
Chief Technology Officer (CTO) | EnCap Investments LP
CWS Apartment Homes grey
I have enjoyed having the additional security knowledge on my team. I sleep better at night."
David Greene
IT Vice President | CWS Apartment Homes, Inc.
Wetherby greyscale logo
It’s a pleasure working with a group of people that know what they’re doing. They are an extension of the Wetherby technical security team."
Trevor Hicks
Principal and CTO | Wetherby Asset Management
View Case Studies and Reviews

Ready to get started?

We’re here to help! Submit your information and an eSentire Representative will be in touch to discuss how we can protect your business from third-party cyber risk.