Get Started
What We Do
How We Do It
Resources
Company
Partners
Get Started
What we do
How we do it
Resources
Company
Partners
Get Started
What We Do
ESENTIRE SERVICES
Managed Detection and Response

Combine AI-driven security operations, multi-signal attack surface coverage and 24/7 Elite Threat Hunters to help you take your security program to the next level.
All-In-One MDR Solution →
MDR for Microsoft →
MDR for GenAI →
Digital Forensics and Incident Response

Get unlimited Incident Response with threat suppression guarantee - anytime, anywhere.
Continuous Threat Exposure Management (CTEM)

CTEM and advisory programs that identify security gaps and build proactive strategies to address them.
AI Powered platform
Atlas Security Operations Platform

Multi-agent Generative AI system embedded across eSentire’s Security Operations platform to scale human expertise.
Extended Detection and
Response (XDR)

Open XDR with Agentic AI & machine learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Customer Portal

See what our SOC sees, review investigations, and see how we are protecting your business. 
Platform Integrations 

Seamless integrations and threat investigation across your existing tech stack.  
human led response
Security Operations Center (SOC)

24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
Threat Response Unit (TRU)

Proactive threat intelligence, original threat research and a world-class team of seasoned industry veterans.
Cyber Resilience Team

Extend your team capabilities and prevent business disruption with expertise from eSentire.
Response and Remediation

We balance automated blocks with rapid human-led investigations to manage threats.
How We Do
MDR Packages and 24/7 Protection
MDR Pricing and Packages

Flexible MDR pricing and packages that fit your unique security requirements.
Atlas Essentials

Entry level foundational MDR coverage
Atlas Advanced

Comprehensive Next Level MDR from eSentire
Atlas Complete

Next Level MDR with Cyber Risk Advisors to continuously advance your security program
Explore MDR Packages → Build Your MDR Package →
24/7 Coverage
Endpoint
Network
Log
Cloud
Identity
INDUSTRIES
Insurance
Construction
Finance
Legal
Manufacturing
Private Equity
Healthcare
Retail
Food Supply
Government and Education
Automotive Dealerships
USE CASES
Ransomware

Stop ransomware before it spreads.
Identity Response

Stop identity-based cyberattacks.
Zero Day Attacks

Detect and respond to zero-day exploits.
Cybersecurity Compliance

Meet regulatory compliance mandates.
Third-Party Risk

Defend third-party and supply chain risk.
Cloud Misconfiguration

End misconfigurations and policy violations.
Cyber Risk

Adopt a risk-based security approach.
Do More With Less

Prevent disruption by outsourcing MDR.
Sensitive Data Security

Protect your most sensitive data.
Cyber Insurance

Meet insurability requirements with MDR.
Cyber Threat Intelligence

Operationalize cyber threat intelligence.
Security Leadership

Build a proven security program.
Resources
VIEW ARTICLES
Resources
Case Studies
Compare MDR Vendors
TRU Intelligence Center
Cybersecurity Tools
Videos
Reports
Webinars
Data Sheets
Real vs. Fake MDR
Blogs
Security Advisories
EXPLORE LIBRARY
SECURITY ADVISORIES
Jul 24, 2025
Cisco Vulnerabilities Exploited CVE-2025-20281 & CVE-2025-20337

THE THREATOn July 21st, 2025, Cisco confirmed attempted exploitation of recently disclosed maximum severity vulnerabilities impacting its Identity Services Engine (ISE) and ISE Passive…

 Jul 21, 2025
CrushFTP Zero-Day Vulnerability CVE-2025-54309

THE THREAT On July 18th, 2025, CrushFTP confirmed exploitation of a critical zero-day vulnerability, CVE-2025-54309. CVE-2025-54309 (CVSS: 9.0) occurs due to mishandling of…
View Advisories
Company
ABOUT ESENTIRE

eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.

About Us
Leadership
Careers
Event Calendar
Newsroom
Aston Villa Football Club
EVENT CALENDAR
Aug
02
Black Hat
Aug
10
ILTACON
Aug
12
August TRU Intelligence Briefing
Aug
14
FutureCon Omaha
Aug
14
INTERFACE Kansas City
View Calendar
LATEST PRESS RELEASE
Mar 06, 2025
eSentire Unleashes AI-Driven Atlas Nexus Network, Empowering Cybersecurity Partners to Build Differentiated Security Services at Scale
Read More
View Newsroom
OUR PARTNERSHIPS
Aston Villa Football Club

AVFC takes its cyber protection to the Next Level with eSentire as its official cybersecurity partner.

Learn More
Partners
PARTNER PROGRAM

Apply to become an e3 ecosystem partner with eSentire today.
APPLY NOW

Login to the Partner Portal for resources and content for current partners.
LOGIN NOW
Search

Search our site

Quick Links

ALL-IN-ONE MDR SERVICE

Multi-Signal MDR with 300+ technology integrations to support your existing investments.
24/7 SOC SUPPORT

24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
MDR PRICING AND PACKAGES

We offer three flexible MDR pricing packages that can be customized to your unique needs.
TRU INTELLIGENCE CENTER

The latest security advisories, blogs, reports, industry publications and webinars published by TRU.
MDR VENDOR COMPARISONS

Compare eSentire to other Managed Detection and Response vendors to see how we stack up against the competition.
MDR CASE STUDIES

See why 2000+ organizations globally have chosen eSentire for their MDR Solution.
Get Started
Get Started
Build A Quote
Become A Partner
Incident report

Proof of Concept Reveals PlugX Trojan Intrusion of 6+ Years

DOWNLOAD NOW
2 minutes read

Attack Types:

PlugX Trojan

Industry:

Non-profit research organization

A cyberattack can compromise systems that drive an organization’s operations and expose sensitive data. Financial institutions are obvious targets, but opportunistic cybercriminals will target organizations they suspect do not have banking-level security. In this case, a non-profit research organization was unaware a PlugX trojan had invaded its network and had been present for more than six years. Fortunately, eSentire’s Security Operation Center (SOC), leveraging MDR for Network and MDR for Endpoint, quickly detected the threat actor’s presence during a proof of concept exercise.

Patient Zero

eSentire was conducting a proof of concept (POC) with a potential customer. We installed an eSentire MDR for Network sensor, which immediately triggered an alert in our Security Operations Center (SOC) for a Command and Control check in for a PlugX trojan. Based on this, eSentire received permission from the customer to install an endpoint sensor on the machine that triggered the alert of a PlugX trojan, a remote access tool (RAT) that uses modular plugins. It is a common tool used by multiple threat groups because it is complex and often evades typical security measures.

Investigation revealed that legitimate antivirus (AV) software had been used to install the malicious trojan without being detected by the AV, through a technique called dll hijacking. The trojan had a lot of complexity and encryption, so that it did not appear malicious. It included a “do not execute until 2013” time code, revealing that the machine had been infected for several years. Decrypting this was no easy task.

The trojan initially loads a dll that is a simple launcher. It looks for an encrypted, hidden “stage-one” payload, which then launches a “stage-two” payload, also hidden, encrypted and compressed. When unpacked, it launches the final, malicious dll file containing the trojan. Investigation showed two functionalities for the final payload: periodic screenshots of the infected machine and a keystroke logger. There was no evidence of any screenshots to be found. But, we decrypted a 30mb file of keystroke data with timestamps going back to 2014.

Threat Quickly Eliminated

eSentire isolated the affected machine when we installed the endpoint sensor. It is unknown when the initial infection occurred because there was no sensor on the endpoint to collect telemetry. The malware had a network channel back to the attacker, but we had no way to prove what they saw. Luckily, what we were able to find in the 30mb file was not the company’s critical data. The customer had an IT security company monitoring their network and they detected nothing for five-plus years. During the eSentire POC, eSentire detected, isolated, investigated and removed the longstanding threat in less than two weeks.

Summary of Events

A summary of events that occurred during a proof of concept exercise in which eSentire’s Security Operation Center (SOC) leveraged MDR for Network and MDR for Endpoint to detect and eliminate a PlugX trojan from a non-profit organization’s environment.

Ready to Get Started?

We’re here to help! Submit your information and an eSentire representative will be in touch to help you build a more resilient security operation today.

ARE YOU EXPERIENCING A SECURITY INCIDENT OR HAVE YOU BEEN BREACHED?
Call 1-866-579-2200

The Proven Choice for
Managed Detection and Response

GET STARTED PARTNER LOGIN

Sales and
Customer Support

NORTH AMERICA 1-866-579-2200 EMEA (0)8000-443242 ANZ/APAC 1-519-651-2200
What we do
How we do it
Industries
Use Cases
Resources
Tools
Company

2025 eSentire, Inc. All Rights Reserved.