Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
CVE-2023-23397 - Microsoft Outlook Elevation of Privilege Zero-Day Vulnerability
THE THREAT
On March 14th, as part of Microsoft’s monthly Patch Tuesday release, the company disclosed a critical, actively exploited vulnerability impacting Microsoft Office and Outlook. The…
Read More
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Exertis and eSentire Partner to Deliver 24/7 Multi-Signal MDR, Digital Forensics & IR Services and Exposure Management to Organisations Across the UK, Ireland, and Europe
Basingstoke, UK– 20 March, 2023. Leading technology distributor, Exertis, announced today that it has bolstered its cybersecurity services, adding eSentire, the Authority in Managed Detection and Response (MDR), to its Enterprise portfolio of offerings. eSentire’s award-winning, 24/7 multi-signal MDR, Digital Forensics & Incident Response (IR), and Exposure Management services will be available…
Read More
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Organizations typically have multiple vendors and those vendors have vendors, which creates a hidden web of potential data risk. While you are responsible for your partners, you must also consider the risk brought on by external parties in your vendor ecosystem. eSentire helps assess your third-party risk, and offers 24/7 support for rapid threat detection, threat hunting and complete threat containment in minutes, before your business is disrupted.
For many organizations, cost-effective scalability means outsourcing some or all of your business functions to a complex web of third-party vendors.
Third-party cyber risk, also known as vendor risk, is about analyzing and controlling the fact that your data could be compromised by external vendors and service providers. When it comes to third-party cyber risk, you need to ask yourself:
Do I have formal procedures to manage the potential web of cyber risk that comes with outsourcing?
Have I thought about the supply chain in my vendors’ ecosystems and who else may have access to my data?
How am I ensuring my data is protected if one of my third-party vendors or supply chain partners is compromised?
The cost of a third-party vendor breach is not just measured in short-term financial loss and lost productivity, but also in long-term reputational damage and client churn.
The best way to protect your company from a devastating breach is to avoid one in the first place – conduct the due diligence needed and have the right protection in place.
How eSentire Protects Against Third-Party and Supply Chain Risk
We can help with third-party cyber risk due diligence with our Vendor Risk Assessments and provide ongoing 24/7 protection with eSentire Managed Detection and Response (MDR).
eSentire Vendor Risk Assessment
eSentire Managed Detection & Response
KEY CHALLENGE
Identify your risk of a supply chain or third-party breach.
Protect your business from threat actors leveraging your third-party vendor(s) to bypass traditional security controls.
HOW WE HELP
Review and assist in the development or improvement of an ongoing third-party risk management program.
Conduct questionnaire-based cyber risk assessments on specific third parties based on the core 15 areas of eSentire’s Security Framework.
Interpret and communicate the findings and develop a pragmatic plan for improvements to reduce cyber risk.
Multi-signal visibility with deep correlation and investigation capability, strengthening our Response, and Time to Contain.
24/7 threat hunting with proactive, automated blocks of malicious intent and SOC Cyber Analyst support.
Atlas XDR driven rapid detection and automated threat disruptions.
We detect, isolate and contain cyber threats before they disrupt your business operations.
eSentire Vendor Risk Assessment
KEY CHALLENGES
Identify your risk of a supply chain or third-party breach
HOW WE HELP
Review and assist in the development or improvement of an ongoing third-party risk management program
Conduct questionnaire-based cyber risk assessments on specific third parties based on the core 15 areas of eSentire’s Security Framework
Interpret and communicate the findings and develop a pragmatic plan for improvements to reduce cyber risk
eSentire Managed Detection & Response
KEY CHALLENGES
Protect your business from threat actors leveraging your third-party vendor(s) to bypass traditional security controls
HOW WE HELP
Multi-signal visibility with deep correlation and investigation capability, strengthening our Response, and Time to Contain.
24/7 threat hunting with proactive, automated blocks of malicious intent and SOC Cyber Analyst support.
Atlas XDR driven rapid detection and automated threat disruptions.
We detect, isolate and contain cyber threats before they disrupt your business operations.
The Complexity of Supply Chain and Third-Party Cyber Risk
Companies increasingly use third-parties to scale their operations quickly and reduce costs. But, many of the organizations contracting third-parties don’t consider the data, operational, and financial risks. The heightened use of technologies such as IoT and mobile devices, and cloud platforms by vendors should make you question, “Where is my data and how can I protect it in someone else’s hands?”
Third-party or supply chain partners gain privileged access to your mission-critical IT environments and sensitive data. Read our guide for a condensed due diligence questionnaire to help you quantify these cyber risks.
Consider the Three Ps of Third-Party Risk: Policies, Prevention, and Promises
Organizations need to bake security, by design, into their programs, products, and services. This includes accounting for the vulnerabilities or weaknesses for any third-parties that you rely on. So, consider the three Ps of third-party risk:
POLICIES
MINIMIZE
Define Supply Chain Policies
Develop Due Diligence Tools
Establish Periodic Validation
Raise Security Awareness
Encourage Improvement
Understand what information you’re willing to share and the type of access you’re willing to provide to a vendor. These policies should be established prior to, or alongside, early discussions with potential third-party vendors and service providers.
PREVENTION
MEASURE
Identify Assets and Obligations
Define Risk Appetite
Conduct Risk Assessments
Analyze Results and Risks
Define Defensive Requirements
Once your team has set the policies in place, identify the threats and risks that may arise as a result of the policies. Then, work with your vendor(s) to establish the minimum security requirements needed to mitigate the risks and protect your business from the potential cyber threats.
PROMISES
MITIGATE
Contractual Obligations
Demark Responsibilities
Establish Minimum Standards
Document Notifications
Representations/Warranties
Any contract you sign with your third-party vendor should extend from simple things like service definitions and pricing to the minimum security requirements. Consider the following:
If you detect unauthorized activity, what type of activity requires notification and how quickly does that notification have to occur?
What is the division of duty in that type of event? Who performs forensic analysis? What information is logged? Is a complete examination required?
Ultimately, who is responsible if damages occur?
Although every business is a potential target for cybercrime, trusted vendors that provide critical services to various client bases across all sorts of industry sectors are especially at risk of suffering a crippling cyberattack.
Threat actors often target these critical vendors as a choke point, because if the attack is successful, they gain access to a downstream client base.
Identify Your Risk of A Third-Party Breach
As a security leader, you must account for the lack of visibility and reduced end-to-end control the presence of third-party vendors has on your overall attack surface. eSentire is here to minimize your third-party risk with Managed Risk and Multi-Signal MDR services.
eSentire Vendor Risk Assessment
Lack of visibility and end-to-end control of vendor security practices increase the potential attack surface that your organization must consider.
eSentire’s Vendor Risk Assessment is built on the foundation of NIST and is designed to help resource constrained organizations to:
Determine risk identification and measurement criteria
Categorize assessment data access against your organization’s risk appetite
Develop questionnaires for assessment
Conduct comprehensive assessments
Analyze data with comparisons against risk categorizations
Define corrective actions for risky third-parties and vendors
Determine defensive adjustments to mitigate your risk
Not all MDR is created equal. eSentire is the Authority in Managed Detection and Response, protecting the critical data and applications of 2000+ organizations in 80+ countries, representing 35 industries from known and unknown cyber threats. Team eSentire’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Watch this video with one of eSentire’s Elite Threat Hunters, Spence Hutchinson, as he reviews the Kaseya VSA supply chain attacks. Spence outlines how eSentire’s Security Operations Center (SOC) & Threat Response Unit (TRU) were able to quickly respond on our customer’s behalf and notify Kaseya of the breaches.
In these 2018 and 2021 attacks, threat actors leveraged zero-day vulnerabilities to push Cryptomining malware and Ransomware to Kaseya VSA customers. Our BlueSteel Machine Learning Engine identified malicious Powershell commands being executed. eSentire’s actions to detect, respond and remediate these attacks demonstrate the importance of MDR services that go beyond alerting and host isolation to deliver complete & robust response.
eSentire was engaged by a financial services firm to conduct third-party risk assessments because the firm had experienced a failed audit due to the discovery of a fraudulent transaction from a compromised third party.
Realizing the potential implications of a repeat issue and that they may already be compromised by another vendor, the client contracted eSentire’s Virtual CISO services, specifically a Third-Party Risk Assessment.
Read the case study for the full story on how eSentire executed tailored risk assessments that resulted in operational cost savings for this firm.
Third-party serves as staging point for cryptojacking attack using Powershell
eSentire observed an unknown threat actor attempting to deploy Monero cryptocurrency mining malware to multiple customers. This increasingly common type of attack known as “cryptojacking” allows a hacker to leverage the compute power of devices on a personal or corporate network to mine cryptocurrencies, unbeknownst to the victim.
Following an investigation from eSentire’s SOC, it was determined that the threat actor was leveraging a previously unknown vulnerability (zero-day exploit) in Kaseya’s Virtual Systems Administrator (VSA) agent as a vector to gain access to the clients’ network.
Read this case study for more details and to see how eSentire remediated the attack.
Watch this video with one of eSentire’s Elite Threat Hunters, Spence Hutchinson, as he reviews the Kaseya VSA supply chain attacks. Spence outlines how eSentire’s Security Operations Center (SOC) & Threat Response Unit (TRU) were able to quickly respond on our customer’s behalf and notify Kaseya of the breaches.
In these 2018 and 2021 attacks, threat actors leveraged zero-day vulnerabilities to push Cryptomining malware and Ransomware to Kaseya VSA customers. Our BlueSteel Machine Learning Engine identified malicious Powershell commands being executed. eSentire’s actions to detect, respond and remediate these attacks demonstrate the importance of MDR services that go beyond alerting and host isolation to deliver complete & robust response.
eSentire was engaged by a financial services firm to conduct third-party risk assessments because the firm had experienced a failed audit due to the discovery of a fraudulent transaction from a compromised third party.
Realizing the potential implications of a repeat issue and that they may already be compromised by another vendor, the client contracted eSentire’s Virtual CISO services, specifically a Third-Party Risk Assessment.
Read the case study for the full story on how eSentire executed tailored risk assessments that resulted in operational cost savings for this firm.
Third-party serves as staging point for cryptojacking attack using Powershell
eSentire observed an unknown threat actor attempting to deploy Monero cryptocurrency mining malware to multiple customers. This increasingly common type of attack known as “cryptojacking” allows a hacker to leverage the compute power of devices on a personal or corporate network to mine cryptocurrencies, unbeknownst to the victim.
Following an investigation from eSentire’s SOC, it was determined that the threat actor was leveraging a previously unknown vulnerability (zero-day exploit) in Kaseya’s Virtual Systems Administrator (VSA) agent as a vector to gain access to the clients’ network.
Read this case study for more details and to see how eSentire remediated the attack.
We’re here to help! Submit your information and an eSentire Representative will be in touch to discuss how we can protect your business from third-party cyber risk.
Cookies allow us to deliver the best possible experience for you on our website - by continuing to use our website or by closing this box, you are consenting to our use of cookies. Visit our Privacy Policy to learn more.
