Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert hunting, research and content.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and remediating threats to prevent lateral spread.
Investigation and enhanced threat detection across multi-cloud or hybrid environments.
Configuration escalations, policy and posture management.
Detects malicious insider behavior leveraging Machine Learning models.
Customer testimonials and case studies.
Stories on cyberattacks, customers, employees, and more.
Cyber incident, analyst, and thought leadership reports.
Demonstrations, seminars and presentations on cybersecurity topics.
Information and solution briefs for our services.
MITRE ATT&CK Framework, Cybersecurity Assessment, SOC Calculator & more
There are steps that organizations can take to prevent Trickbot infections. Regular security awareness training and promoting a culture of caution when it comes to email communications can help mitigate some human-error related risk.
Maintaining a consistent vulnerability and patch management program to ensure that none of your IT assets have critical known vulnerabilities that can be easily exploited by malware like Trickbot is another fundamental preventative step.
Confirming your antivirus and/or endpoint protection products are properly tuned and updated is important. Particularly in the case of Microsoft Windows Defender, confirming that tamper protection features are enabled can mitigate Trickbot’s ability to disable and bypass endpoint security measures.5
It is worth repeating that the sophisticated resources behind the development of malware like Trickbot are specifically designed to bypass common preventative measures, meaning today’s threat prevention strategies could be ineffective tomorrow. Furthermore, no amount of awareness training and security culture can change the fact that human error is inevitable. Prevention is ultimately an impossible task unless it is tied to a robust threat detection and response capability.
The programs are designed to identify blind spots and harden your posture against known threats. Services within include Phishing and Security Awareness Training, Technical Testing and Virtual CISO services.
Dedicated eSentire experts act as an extension of your team to execute timely scanning and tracking of known vulnerabilities among your IT assets.
In January 2020, an eSentire manufacturing customer was initially alerted to suspicious network activity, which prompted further investigation by analysts from eSentire’s Security Operations Center (SOC). Nine minutes later, a host was observed sending unusual outbound communications, at which point SOC analysts took action and placed TCP disruptions on both the internal host and the IP it was communicating with in order to halt the activity via eSentire MDR for Network. The host itself was isolated from the rest of the network as well via eSentire MDR for Endpoint. The SOC updated the customer with the latest development in the incident.
At this point, the threat appeared to be limited to a single compromised workstation with no observed indicators of compromise on the rest of the customer network. Furthermore, there was no risk of lateral movement with the host quarantined, which was fortunate because deeper forensic endpoint investigation revealed that the host was attempting to spread via the known EternalBlue exploit less than 20 minutes following the SOC’s actions to isolate the threat.
Trickbot was identified as the malware responsible for the activity with the initial infection traced back to human error from an employee who clicked on a link from a malspam email. Further investigation did reveal that a limited amount of the employee’s personal information (saved passwords and shipping address from a web browser auto-fill function) was exfiltrated before eSentire blocked the connection. We recommended to the customer that the end user change their passwords and their workstation be completely reimaged to ensure no traces of malware remained.
Swift investigation and response within less than 10 minutes of the initial threat detection was critical in containing this particular Trickbot incident. If reaction to the threat was slower by just 17 minutes, (a relative blink of an eye in the context of the typical workday in the average IT organization) there is a good chance this Trickbot infection would have been able to spread throughout the network. This underscores the speed security teams must operate at to stop advanced threats. Success is measured in seconds and minutes, but unfortunately, most organizations are lagging far behind with the mean time to contain a data breach at 73 days.6 Multi-signal Managed Detection and Response closes this gap for 1500+ customers with a 15 mean time to contain threats.
Security Primer TrickBot, Center for Internet Security: https://www.cisecurity.org/white-papers/security-primer-trickbot/
Stealthy TrickBot Malware Has Compromised 250 Million Email Accounts And Is Still Going Strong,Forbes: https://www.forbes.com/sites/leemathews/2019/07/14/stealthy-trickbotmalware-
has-compromised-250-million-email-accounts-and-is-still-going-strong/#1976b2c74884
TrickBot, MITRE ATT&CK Framework: https://attack.mitre.org/software/S0266/
The Unholy Alliance of Emotet, TrickBot and the Ryuk Ransomware,Decipher:
https://duo.com/decipher/the-unholy-alliance-of-emotet-trickbot-and-the-ryuk-ransomware
Connect with an eSentire Security Specialist to learn how we can help you build a more resilient security operation and prevent disruption.