Get Started
What We Do
How We Do It
Resources
Company
Partners
Get Started
What we do
How we do it
Resources
Company
Partners
Get Started
What We Do
ESENTIRE SERVICES
Managed Detection and Response

Combine AI-driven security operations, multi-signal attack surface coverage and 24/7 Elite Threat Hunters to help you take your security program to the next level.
All-in-One eSentire MDR → MDR for Microsoft → MDR for GenAI →
Digital Forensics and Incident Response

Get unlimited Incident Response with threat suppression guarantee - anytime, anywhere.
Continuous Threat Exposure Management (CTEM)

CTEM and advisory programs that identify security gaps and build proactive strategies to address them.
AI Powered platform
Atlas Security Operations Platform

Multi-agent Generative AI system embedded across eSentire’s Security Operations platform to scale human expertise.

 Extended Detection and
Response (XDR)

Open XDR with Agentic AI & machine learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.

 Customer Portal

See what our SOC sees, review investigations, and see how we are protecting your business. 

 Platform Integrations 

Seamless integrations and threat investigation across your existing tech stack.  
human led response
Security Operations Center (SOC)

24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.

 Threat Response Unit (TRU)

Proactive threat intelligence, original threat research and a world-class team of seasoned industry veterans.

 Cyber Resilience Team

Extend your team capabilities and prevent business disruption with expertise from eSentire.

 Response and Remediation

We balance automated blocks with rapid human-led investigations to manage threats.
How We Do It
MDR Packages and 24/7 Protection
MDR Pricing and Packages

Flexible MDR pricing and packages that fit your unique security requirements.
Atlas Essentials

Entry level foundational MDR coverage
Atlas Advanced

Comprehensive Next Level eSentire MDR
Atlas Complete

Next Level eSentire MDR with Cyber Risk Advisors to continuously advance your security program
Explore MDR Packages → Build Your MDR Package →
24/7 Coverage
Endpoint
Network
Log
Cloud
Identity
INDUSTRIES
Insurance Construction Finance Legal Manufacturing Private Equity Healthcare Retail Food Supply Government and Education Automotive Dealerships
USE CASES
Ransomware

Stop ransomware before it spreads.

 Identity Response

Stop identity-based cyberattacks.

 Zero Day Attacks

Detect and respond to zero-day exploits.

 Cybersecurity Compliance

Meet regulatory compliance mandates.

 Third-Party Risk

Defend third-party and supply chain risk.

 Cloud Misconfiguration

End misconfigurations and policy violations.

 Cyber Risk

Adopt a risk-based security approach.

 Mid-Market Security

Mid-market security essentials to prioritize.

 Sensitive Data Security

Protect your most sensitive data.

 Cyber Insurance

Meet insurability requirements with MDR.

 Cyber Threat Intelligence

Operationalize cyber threat intelligence.

 Security Leadership

Build a proven security program.
Resources
Resources
Resource Library Video Library Case Studies Compare MDR Vendors TRU Intelligence Center Monthly Threat Intelligence Briefings Cybersecurity Tools Cybersecurity Glossary Real vs. Fake MDR Blogs Security Advisories
SECURITY ADVISORIES
Sep 29, 2025 Actively Exploited GoAnywhere MFT Zero- Day Vulnerability (CVE-2025-10035)

THE THREATOn September 25th, 2025, watchTowr Labs revealed that a recently disclosed vulnerability in Fortra's GoAnywhere Managed File Transfer (MFT), identified as CVE-2025-10035 (CVSS:…

Read More
Sep 25, 2025 Cisco ASA and FTD Zero-Day Vulnerabilities

THE THREATOn September 25th, 2025, Cisco disclosed two zero-day vulnerabilities, CVE-2025-20333 (CVSS: 9.9) and CVE-2025-20362 (CVSS: 6.5), in Cisco Secure Firewall Adaptive Security…

Read More
View Advisories
From The Blog
Oct 02, 2025 Beyond Standard Protection: How eSentire's Atlas Agent Delivered Critical…
Read More
Sep 25, 2025 Eye of the Storm: Analyzing DarkCloud's Latest Capabilities
Read More
Sep 24, 2025 How Identity-Centric Attacks Are Threatening Mid-Market Organizations
Read More
VIEW ARTICLES
Company
ABOUT ESENTIRE

eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.

About Us Leadership Careers
Event Calendar
Newsroom
Aston Villa Football Club
EVENT CALENDAR
Oct
07
October TRU Intelligence Briefing
Oct
09
Digital as Usual Brisbane
Oct
14
CyberSec 2025 London
Oct
14
CXO CISO Round Table
Oct
19
2025 MISAC Annual Conference
View Calendar
LATEST PRESS RELEASE
Aug 12, 2025 eSentire’s Dustin Hillard Recognized on Channel Insider's 2025 AI Leaders List Read More
View Newsroom
OUR PARTNERSHIPS
Aston Villa Football Club

AVFC takes its cyber protection to the Next Level with eSentire as its official cybersecurity partner.

Learn More
Partners
PARTNER PROGRAM

Apply to become an e3 ecosystem partner with eSentire today.
APPLY NOW

Login to the Partner Portal for resources and content for current partners.
LOGIN NOW
Search

Search our site

Quick Links

ALL-IN-ONE ESENTIRE MDR

Multi-Signal MDR with 300+ technology integrations to support your existing investments.
24/7 SOC SUPPORT

24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
MDR PRICING AND PACKAGES

We offer three flexible MDR pricing packages that can be customized to your unique needs.
TRU INTELLIGENCE CENTER

The latest security advisories, blogs, reports, industry publications and webinars published by TRU.
MDR VENDOR COMPARISONS

Compare eSentire to other Managed Detection and Response vendors to see how we stack up against the competition.
MDR CASE STUDIES

See why 2000+ organizations globally have chosen eSentire for their MDR Solution.
Get Started
Get Started
Build A Quote
Become A Partner
Incident report

Proof of Concept Reveals PlugX Trojan Intrusion of 6+ Years

DOWNLOAD NOW
2 minutes read

Attack Types:

PlugX Trojan

Industry:

Non-profit research organization

A cyberattack can compromise systems that drive an organization’s operations and expose sensitive data. Financial institutions are obvious targets, but opportunistic cybercriminals will target organizations they suspect do not have banking-level security. In this case, a non-profit research organization was unaware a PlugX trojan had invaded its network and had been present for more than six years. Fortunately, eSentire’s Security Operation Center (SOC), leveraging MDR for Network and MDR for Endpoint, quickly detected the threat actor’s presence during a proof of concept exercise.

Patient Zero

eSentire was conducting a proof of concept (POC) with a potential customer. We installed an eSentire MDR for Network sensor, which immediately triggered an alert in our Security Operations Center (SOC) for a Command and Control check in for a PlugX trojan. Based on this, eSentire received permission from the customer to install an endpoint sensor on the machine that triggered the alert of a PlugX trojan, a remote access tool (RAT) that uses modular plugins. It is a common tool used by multiple threat groups because it is complex and often evades typical security measures.

Investigation revealed that legitimate antivirus (AV) software had been used to install the malicious trojan without being detected by the AV, through a technique called dll hijacking. The trojan had a lot of complexity and encryption, so that it did not appear malicious. It included a “do not execute until 2013” time code, revealing that the machine had been infected for several years. Decrypting this was no easy task.

The trojan initially loads a dll that is a simple launcher. It looks for an encrypted, hidden “stage-one” payload, which then launches a “stage-two” payload, also hidden, encrypted and compressed. When unpacked, it launches the final, malicious dll file containing the trojan. Investigation showed two functionalities for the final payload: periodic screenshots of the infected machine and a keystroke logger. There was no evidence of any screenshots to be found. But, we decrypted a 30mb file of keystroke data with timestamps going back to 2014.

Threat Quickly Eliminated

eSentire isolated the affected machine when we installed the endpoint sensor. It is unknown when the initial infection occurred because there was no sensor on the endpoint to collect telemetry. The malware had a network channel back to the attacker, but we had no way to prove what they saw. Luckily, what we were able to find in the 30mb file was not the company’s critical data. The customer had an IT security company monitoring their network and they detected nothing for five-plus years. During the eSentire POC, eSentire detected, isolated, investigated and removed the longstanding threat in less than two weeks.

Summary of Events

A summary of events that occurred during a proof of concept exercise in which eSentire’s Security Operation Center (SOC) leveraged MDR for Network and MDR for Endpoint to detect and eliminate a PlugX trojan from a non-profit organization’s environment.

Ready to Get Started?

We’re here to help! Submit your information and an eSentire representative will be in touch to help you build a more resilient security operation today.

ARE YOU EXPERIENCING A SECURITY INCIDENT OR HAVE YOU BEEN BREACHED?
Call 1-866-579-2200

The Proven Choice for
Managed Detection and Response

GET STARTED PARTNER LOGIN

Sales and
Customer Support

NORTH AMERICA 1-866-579-2200 EMEA (0)8000-443242 ANZ/APAC 1-519-651-2200
What we do
How we do it
Industries
Use Cases
Resources
Tools
Company

2025 eSentire, Inc. All Rights Reserved.