What We Do
How we do it
Resources
TRU INTELLIGENCE CENTER
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
View Threat Intelligence Resources →
SECURITY ADVISORIES
May 31, 2023
CVE-2023-2868 – Barracuda Zero-Day Vulnerability
THE THREAT On May 23rd, the email security company Barracuda disclosed a new vulnerability impacting Barracuda Email Security Gateway (ESG) appliances. Exploitation of the vulnerability, by threat…
Read More
View all Advisories →
Company
ABOUT ESENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
Mar 20, 2023
Exertis and eSentire Partner to Deliver 24/7 Multi-Signal MDR, Digital Forensics & IR Services and Exposure Management to Organisations Across the UK, Ireland, and Europe
Basingstoke, UK– 20 March, 2023. Leading technology distributor, Exertis, announced today that it has bolstered its cybersecurity services, adding eSentire, the Authority in Managed Detection and Response (MDR), to its Enterprise portfolio of offerings. eSentire’s award-winning, 24/7 multi-signal MDR, Digital Forensics & Incident Response (IR), and Exposure Management services will be available…
Read More
Partners
PARTNER PROGRAM
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
ECOSYSTEM PARTNER RESOURCES
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
Case study

Fraudulent Transaction Illuminates
Third-Party Risk

In the summer of 2018, eSentire was engaged by a financial services firm to conduct third-party risk assessments because the firm had experienced a failed audit due to the discovery of a fraudulent transaction from a compromised third party. Being in the heavily regulated financial services industry, the client had a dedicated internal compliance team and a depth understanding of the various risks associated with information security. In an attempt to mature and formalize its security program, a full-time CISO and dedicated security personnel were recruited but program formalization was ultimately unsuccessful due to the scarcity of qualified and available candidates. As a result, responsibility for information security policies and implementation of controls fell back on the cross-functional teamwork of the firm’s internal compliance and IT teams.

32% of organizations reported lack of internal time/resources to evaluate or monitor third-party risk1

Industry

Finance

Trigger Event:

Fraudulent transaction by third-party

Client Challenges:

  • Time and resource constraints
  • Limited third-party risk visibility
  • Informal security policies for third-party risk management
  • Questionnaire and measurement criteria relevance to business risk profile
  • Limited expertise in conducting third-party risk assessment and progress measurement

Collaboration between the cross-functional teams resulted in an improved security posture, but limitations remained in their ability to measure and mitigate third-party risk. Inventory measurement concluded that over 50 vendors and third parties had network and data access to some degree resulting in potential risk to overall business operations. Unfortunately for the client, risk became consequence during a routine audit, when a transaction with a trusted third party was discovered to be fraudulent, facilitated by a compromised user within their third party network. Investigation revealed the user was compromised from a spear-phishing campaign culminating in substantial financial losses and lengthy time and resource consuming claims processes with their cybersecurity insurance provider.

The eSentire Security Strategist immediately went to work helping the client update their third-party risk policies, formalizing mandatory annual and bi-annual risk assessments of critical vendors based on type and risk profile. eSentire then executed tailored risk assessments on 10 clients that were both critical to continued business operations as well as high-risk profiles. The data from the assessments was compared against eSentire’s Security Framework based on NIST foundations, financial industry standards, and specific risk indicators.

The Security Strategist discussed the findings with the client’s cross-functional and Executive team and began to develop a pragmatic plan to systematically reduce risk among the 10 vendors that were subject to the assessment. Satisfied with the progression of the firm’s security posture under their Virtual CISO, recruiting efforts were ceased. With the tedious work of creating and conducting the 10 assessments handled by eSentire, IT and compliance teams were able to focus on other projects. Both of these benefits from eSentire’s Vendor Risk Assessments resulted in operational cost savings for their business.

Download Now
References:
  1. eSentire/Spiceworks Third-Party Risk Research, January 2019

Ready to get started?

Connect with an eSentire Security Specialist to learn how we can help you build a more resilient security operation and prevent disruption.