Inspect everything.
Miss nothing.
Assume the suspicious is malicious.

Identify threats lurking within your networks and those looking to take advantage of blind spots with 45 days of  continuous network monitoring.

ransomware one of the greatest cybersecurity threats

Detect the known.
Hunt the unknown.
Isolate before impact.

Detect the known, identify the unknown and isolate attackers before they can achieve their objectives with embedded threat hunting.

ransomware one of the greatest cybersecurity threats

Identify blind spots.
Understand your risk.
Adapt for the future.

Pinpoint areas of greatest risk and adapt your defenses with investigation details and refinement recommendations. 

ransomware one of the greatest cybersecurity threats

A Breach Could Be On the Horizon.

Malicious Activity Assessment augments eSentire partners’ risk assessments providing 45 days of continuous network visibility to detect known, unknown and evasive threats that may be present or are bypassing preventative measures.

Network data is fed to 24x7 SOC analysts who leverage proprietary hunting methods to confirm and isolate attackers before their objectives are achieved. Summary reports illuminate where preventative measures failed, and areas that require refinement.

As a result, your organization identifies defensive weaknesses over an extended timeframe against real-world attackers.

To learn more, download our Malicious Activity Assessment Infographic.

Learn More

Review the Malicious Activity Assessment Data Sheet

Learn More

Continuous Threat Monitoring

eSentire SOC analysts monitor all network activity 24x7, with no reduction in coverage or reliance on on-call employees. We average 35 seconds or less from notification of a possible event to begin a human investigation.

Full Packet Capture (PCAP)

Summary metadata and targeted queries into full PCAP data to confirm or explain an event with forensic analysis techniques.

URL History

Captures HTTP traffic and provides full forensics view complete with referrer and user agent. It also uses a proprietary Deep Packet Inspection (DPI) engine to detect and capture URLs.

IP Blacklist (AMP)

Optional - Disabled by Default

Uses a proprietary DPI engine to detect traffic from blacklisted IPs.

Data Loss Analysis

Provides outbound file capture, such as email attachments, for threat qualification and forensic analysis including SMTP, cloud storage, FTP transfers, etc.

Packet Analyzer

Detects suspicious behavior such as unusual ports scans, sequential scans and “spamming” machines.

Bandwidth Profiler

Detects abnormal bandwidth usage if there is a suspected internal threat (exfiltration or otherwise) or a Distributed Denial of Service (DDOS) attack.

SSL Decryption and Traffic Disruption

Detects SSL based malware for profiling and threat signature creation.

Active Threat Hunting

Signals that are unusual are marked as threats and fed into eSentire’s analytics pipeline and suspicious activity identified via human investigation and confirmation.

Alerts

Immediate alerting from a human analyst at the eSentire SOC upon detection of both confirmed threats and unusual behaviors or activity.

Tactical Threat Containment

Rule-based detection and mitigation capabilities can automatically “kill” TCP connections in real-time or to notify SOC analysts.The SOC can also manually “kill” TCP connections on the client’s behalf preventing a threat actor’s spread.

Forensic Investigation

Embedded SOC support includes forensic investigation to determine the root cause of confirmed threats and corrective actions.

Event Management

SOC analysts deliver deeper analysis to determine true positives and further escalation of security incidents for corrective action with defined threat context.

Co-Managed Remediation

Analysts provide co-managed remediation until the threat actor is completely eliminated, not simply alerts and general guidance.

Weekly Review

Dedicated client engagement team provides weekly reports of activity, SOC findings, notable investigations and malicious activities detected.

Executive Summary

At the conclusion of the engagement an executive summary meeting provides high level and detailed insight into your risk posture and recommendations for defensive refinement.

Country Killer

Optional - Disabled by Default

Uses a proprietary DPI engine to stop traffic from IPs that are located in a specific country or blocks them based on the country’s domain.

Executable Analysis and Blocking

Optional - Disabled by Default

Provides whitelist-based executable download detection and mitigation. If a file is not in the whitelist, analysts intervene and block the download by killing the connection in real time.

Talk to a Malicious Activity Assessment Sales Representative Today

By submitting your email address, you consent to receive electronic communications from eSentire regarding our services, news, updates and events. View our Privacy policy.

Loading Form...
Thank you for your interest.

A representative will be in contact with you shortly.