Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert hunting, research and content.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and remediating threats to prevent lateral spread.
Investigation and enhanced threat detection across multi-cloud or hybrid environments.
Configuration escalations, policy and posture management.
Detects malicious insider behavior leveraging Machine Learning models.
Customer testimonials and case studies.
Stories on cyberattacks, customers, employees, and more.
Cyber incident, analyst, and thought leadership reports.
Demonstrations, seminars and presentations on cybersecurity topics.
Information and solution briefs for our services.
MITRE ATT&CK Framework, Cybersecurity Assessment, SOC Calculator & more
eSentire will be a sponsor at the Seattle CyberSecurity Conference.
eSentire will be a Sponsor at the NetDiligence Cyber Risk Summit in…
eSentire will be presenting and is a Gold Sponsor at the CyberRisk…
High Growth UK Software Company Uses Managed Detection and Response Services to Get New Levels of Visibility and Protection During its Digital Transformation to the Cloud
IRIS Software Group (IRIS) is a high-growth software company that has expanded beyond its core accounting focus into new markets including education, payroll and HR. It faces a unique challenge as it absorbs and manages disparate software systems and network infrastructures inherited from different acquisitions. Network visibility to monitor for cybersecurity threats is critical as it consolidates everything into a single standard technology stack.
The eSentire Solution:
eSentire provides industry-defining, cloud-native Managed Detection and Response (MDR) that removes blind spots and enables 24/7 threat hunters to contain attacks and stop breaches within minutes.
UK-based IRIS has grown aggressively through acquisition and organic growth across a range of vertical sectors. As it took on more technology stacks from acquired companies, network visibility and management information--especially being able to identify nefarious activity--became increasingly important for IRIS. The business had reporting from its anti-malware software, but it wasn’t enough, explains David Adams, IT Technical Authority for the Group. “It gave us good visibility on viruses, malware, and malicious sites, but it didn’t give us the ability to see what was happening on the network,” he says.
To accelerate the adoption of new technologies and services that IRIS needed to move at the speed of business and the organisation’s growth, the company developed and began executing on a strategy to move software and workloads to the cloud. Given the additional layer of security complexity and risk cloud brings, IRIS knew they needed a service provider that would keep their hybrid environment secure.
IRIS is moving from almost 10 different CRM packages and multiple ERPs running on various companies’ premises to a single cloud-based model with single applications for ERP, CRM, and marketing. This will leave just a few internal applications handling licensing fulfillment and development engineering environments running on its premises.
This digital transformation required an expansion strategy that included a 100-point strategic security program to overhaul basic cybersecurity hygiene measures like patch management, and bring new security tools such as two-factor authentication to the cloud.
The company realised early on that it couldn’t tackle the challenges ahead and manage growing volumes of network traffic with a small security team. According to Adams, ”it was rapidly becoming apparent that we were going to go international.” IRIS had traditionally been a UK-centric business, however recognised that adversaries work around the clock and internationally.
Extending its cybersecurity coverage across its evolving environment and the need to provide around the clock detection and response, was beyond in-house capabilities, Adams recalls. “The ROI of bringing the expertise and commitment to running a 24/7 SOC is not there for an organization of our size” he said.
IRIS ran a thorough tender process and eSentire lined up against nine other candidates during its selection process. It was eSentire’s multi-signal approach to provide visibility across IRIS’ entire IT environment and its 24/7 monitoring that stood out, as well as its flexible approach to pricing and licensing.
The Group began by installing eSentire MDR for Endpoint, eSentire MDR for Network service and eSentire MDR for Log, leveraging the existing Sumo Logic investment at IRIS’ new flagship head office and datacentre. It also used a co-managed version of eSentire Managed Risk - Managed Vulnerability Service, that gave it full visibility into what was happening on its network.
Adams added an option to scan the Group’s external websites as part of that service, enabling it to scan the applications that run on those sites for vulnerabilities. IRIS provides access to several of its products through online portals, and it can feed that vulnerability information directly back to the engineering teams responsible. “We’ve used that to clear up some vulnerabilities that we had on those sites,” Adams says.
IRIS realised immediate benefits of eSentire services soon after deployment. eSentire Managed Risk - Managed Vulnerability Service revealed several vulnerabilities that could be addressed immediately.
“Even during the deployment period, the data that we looked at exposed a lot of information about our environment that we previously did not know” Adams recalls. “We were aware of vulnerabilities and issues that we had, but eSentire Managed Risk - Managed Vulnerability Service was able to highlight things that had not been caught with others.”
One unknown vulnerability that eSentire Managed Risk - Managed Vulnerability Service caught concerned a VoIP-enabled phone handset that had not been updated with a security patch. This left an open exploit on the phone, which was accessible from outside the network with no authentication. “This could have created a compliance issue, but was resolved,” he pointed out.
eSentire’s Threat Response Unit researches and identifies emerging threats on behalf of its customers and translates the threat into action the customer can take to harden their security stance. One such example involved a phishing attack involving links to Google Drive and Microsoft’s OneDrive. The attack payload would often ask victims to enter their corporate login credentials, IRIS was able to take this new information to spot and block URLs with telltale patterns.
eSentire also identified attack patterns in which threat actors would try to execute malicious code on IRIS’ network, through a website, and notified them of several scans looking for open ports on its firewall. The IRIS security team used this information to block the offending source IP, which originated in the Seychelles.
eSentire MDR for Log has provided unprecedented visibility across IRIS’ environment by gathering information from across its broad array of network products and endpoints. Before eSentire, it would have to manually log into network equipment and download log information manually for analysis, which is a daunting task for a small security team.
“It’s great to have a service that correlates all of that information together automatically, along with people experienced at spotting things outside the norm, investigating, and only alerting us if it’s something that we need to do something about,” Adams says, adding that it could continue to focus on core IT functions without the need to hire or build a Security Operations Centre (SOC) team.
With more large acquisitions planned this year, IRIS will need network visibility more than ever in the future. Partnering with eSentire gives it the platform it needs to deliver a strong cybersecurity strategy that will protect a company with aggressive growth ambitions.
Connect with an eSentire Security Specialist to learn how we can help you build a more resilient security operation and prevent disruption.