What We Do
How we do it
Jan 13, 2022
GootLoader Hackers Are Compromising Employees of Law and Accounting Firms, Warns eSentire
GootLoader Gang Launches Wide-Spread Cyberattacks Enticing Legal and Accounting Employees to Download Malware eSentire, the industry’s leading Managed Detection and Response (MDR) cybersecurity provider, is warning law and accounting firms of a wide-spread GootLoader hacker campaign. In the past three weeks and as recently as January 6, eSentire’s threat hunters have intercepted and shut down…
Read More
View all Advisories →
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
Oct 28, 2021
Telarus and eSentire Expand Partnership to Safeguard Enterprises Globally Against Business Disrupting Ransomware and Zero-Day Attacks
London, UK and Sydney, Australia– Oct. 28, 2021 - eSentire, recognized globally as the Authority in Managed Detection and Response (MDR), today announces the expansion of its partnership with Telarus, the largest privately-held distributor of business cloud infrastructure and contact centre services. Building on their mutual success across North America, Telarus will bring eSentire’s Managed…
Read More
Our award-winning partner program offers financial rewards, sales and marketing tools and personalized training. Accelerate your business and grow your revenue by offering our world-class Managed Detection and Response (MDR) services.
Learn about our Partner Program
Apply today to partner with the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Artemis small
What we do


Receive a free executive report.

Get Your Report


Act Fast To Reduce Impact.

Digital Forensics & Incident Response services are available for Emergency Incident Response Support or as an Incident Response Retainer. When you’ve been breached, every second counts so we make 4-hour threat suppression possible, remotely, anywhere in the world.

Experiencing a security incident or have you been breached?

Contact us at:

The Next Generation of Cyber Investigation and Incident Response

The eSentire Cyber Security Investigations experts are battle-tested and highly certified.

When an incident strikes, you want us in your corner.

Our team delivers the fastest response time in the industry and can begin threat suppression remotely within just 4 hours of being engaged.

With Incident Commander level expertise and industry-leading technologies for remote access and recovery, we work with you to handle emergency security incidents and digital forensics investigations.


Gartner® Market Guide for Digital Forensics and Incident Response (DFIR) Services

The increasing number and severity of cybersecurity incidents has prompted growing adoption of DFIR. The Gartner Market Guide for DFIR services can aid in identifying the most suitable cyber incident response provider for your organization.

Download the Report

Our Difference, Your Results

eSentire supports the incident response lifecycle end-to-end, prioritizing rapid deployment, containment and analysis, incident resolution including reporting to relevant parties and security strategy to stop recurrences.

Our Difference
Your Results

Industry-Leading Rapid Response

  • For eSentire Incident Response Retainer customers, we deploy remote technology for threat suppression within 4 hours, anywhere in the world.
  • Our time to value in terms of driving critical insight, accelerating investigation and closing the incident response cycle can’t be beat.


  • Discipline, structure and organization led by computer forensic practitioners with decades of experience serving the Federal Government (Special Forces, FBI, DEA, CIA) and Fortune 500 companies.
  • Highly credentialed responders partner with our global 24/7 SOC Cyber Analysts and Elite Threat Hunters extending IR support and expertise across hundreds of individuals with decades of experience in stopping attackers that evade defenses.

Proven Tools and Incident Response Processes

  • Industry-leading digital forensics, remote access, investigation and response tools and techniques .
  • Battle-tested response against real world threats ensuring attackers are quickly contained and incidents fully resolved.
  • Visibility and remote triage for forensic analysis, evidence capture, and incident recovery across networked servers and endpoint workstations.


  • End-to-end incident response lifecycle coverage not only stops attackers but supports remediation and recovery that ensures root causes are fixed and the chance for recurrence is eliminated.
  • Satisfies reporting obligations.
  • Transition findings to law enforcement.
  • Strengthen security gaps.
  • Implement lessons learned.

Expert Response To Critical Security Incidents

Effective incident response quickly brings control, stability and organization to the chaotic situation you may find yourself in, should a breach occur. When the worst scenario happens, how fast your organization can contain and recover is critical to limiting business disruption, reducing cost, and salvaging reputational damage.

Financially-Motivated Crimes

Intellectual Property Theft

Data Breaches

Insider Threat

Destructive Cyberattacks

Personally Identifiable Information (PII) and Protected Health Information (PHI)

Incident Response and Digital Forensics Services


Emergency Incident Response

Supporting the end-to-end Incident Response Lifecycle

  • Rapid mobilization and deployment aimed at quickly securing your systems and networks
  • End-to-End Incident Management
  • Managed Containment
  • Digital Forensic Analysis collecting as much information and insight as possible from your systems and networks
  • Regression analysis to conclusively determine the full extent of compromised assets and determine root cause
  • Incident Recovery
  • Determination of Extent
  • Stakeholder Reporting
  • Compliance support to meet regulatory requirements with centralized collection, retention and reports of log, network and endpoint data
  • Litigation Support as required
  • Crisis Communication Support


Security Incident Response Planning Services

Incident Response Retainer

  • Hours available for Emergency Incident Response and additional IR Strategic Services
  • Benefit from 4-hour threat suppression, remotely, anywhere in the world
  • SLAs for malware analysis, boots on ground and phone response

Security Consulting & Advisory Services

  • Digital Forensics toolset deployments
  • Data discovery and classification
  • Managed data loss prevention
  • Managed insider threat programs
  • Risk-based security management

Security Incident Response Planning (SIRP)

  • Incident Response Life Cycle Planning
  • Incident Response Policy Development

Simulations and Training

  • Cyber Wargames
  • Tabletop exercises
  • Compromise assessment
Start Now

Revolutionizing Incident Response

4 Hour Threat Suppression SLA

If you choose to engage with us for an Incident Response Retainer, our Cyber Security Investigations team members can deploy remote technology and kick off threat suppression in less than 4 hours, anywhere in the world.

DFIR image 4 hour SLA

How It Works

DFIR image 2

Complete Cyber Incident Response

We deliver cutting-edge digital forensics, industry-leading Threat Intelligence and powerful 24/7 Incident Response expertise.


4 Hour Remote SLA with Retainer

Quickly mobilizes responders and investigative tool sets providing critical visibility across your affected networks and assets.

End-to-End Incident Management

Cyber Security investigations team and supporting technologies cover the full incident response lifecycle.

Elite Tool Sets

To illuminate where attackers are present. Supports root cause analysis.

Critical Visibility

Deployment of commercially available and open-source tools, including eSentire’s network, endpoint, and log technology, as needed, to collect endpoint telemetry, full network packets, netflow and log data from on-premises and cloud environments to provide multiple vantage points for analysis.


Managed Containment

Locks down and isolates threat actors preventing further spread and business impact.

Digital Forensic Analysis

Reconstructs the incident determining root cause, affected systems and attacker pathways.

Asset Handling

Secure and robust processes for asset handling and chain of custody support.


Identifies exploited vulnerabilities, remediates affected assets and deletes presence of all malware.


Robust Reporting

Detailed findings and impacts of the cyber investigation chronicle all actions taken with lessons learned at the executive and technical level.

Compliance Satisfaction

Meets regulatory requirements with centralized collection, retention and reporting.

Litigation Support

Expert and fact witness testimony, if needed, is available.

Crisis Communication

Assist with internal and external communications, including media releases, FAQs, and executive communications.

eSentire’s Digital Forensics Technology Advantage

No other company is in possession of technology that will help you triage and contain a data security breach faster. Within hours of deployment, you will know every impacted system on your network and be completing containment and remediation steps. Competing service providers and technology companies will take months to arrive at the same point of resolution.

Want to know if your breach is attributable to an external actor or an internal operator with legitimate credentials? The eSentire approach is unique in driving your results quickly so we can rapidly answer that question. And if you want to take action in court, respond to a regulator, or pursue any number of other activities associated with a data breach, you will need forensically-assured data. Collecting that data is often prohibitively expensive, unless you’re using eSentire Digital Forensics & Incident Response capabilities.

eSentire brings unique capabilities with its proprietary platform and endpoint agent technology, with unparalleled real-time visibility across all deployed assets. Unlike legacy “dead drive” forensic tools, our platform enables cybersecurity investigators to immediately and remotely commence identifying the exact nature of a security event, determining to what extent systems have been affected, and accelerating incident response. eSentire’s platform mitigates impact by substantially reducing the mean time to identify (MTTI) and mean time to contain (MTTC) cyberthreats to minutes from days or even weeks.

Meet the eSentire Cyber Security Investigations Team

With the eSentire Cyber Security Investigations team, you gain access to highly credentialed responders, comprised of computer forensic practitioners with decades of experience serving the Federal Government (Special Forces, FBI, DEA, CIA) and Fortune 500 companies. They partner with our global SOC Cyber Analysts and Elite Threat Hunters, extending your Incident Response support and expertise across hundreds of team members with decades of experience in threat detection, remediation and recovery.

The Cyber Security Investigations team has deep knowledge of how targeted attacks break through, and the tactics the adversary is using to achieve their objectives. eSentire IR procedures aren’t built on rigid frameworks. Instead, we rely on flexible solutioning and hands-on incident response experience.

The eSentire Cyber Security Investigations Team Difference

Power of 24/7 SOC Team

  • Access to hundreds of team members
  • 24/7 SOC Cyber Analysts and Elite Threat Hunters
  • Expertise detecting, disrupting and responding to threats

Delivers Results

  • Attacks are quickly contained and incidents are resolved
  • Recovery is supported eliminating the chance for recurrence
  • Root cause analysis and threat eradication
  • Systems clear for return to standard business operations

Flexible Delivery Model

  • Available to address Emergency Incident Response
  • Can be engaged on Retainer for Incident Response and Emergency Preparedness

When minutes matter, you have to be prepared. We’re here to help.

Cybersecurity incidents can disrupt operations, and lead to the loss of services, data and assets. How quickly an incident can be contained and remediated is paramount. eSentire’s Cyber Security Investigations team delivers results.

Attacks are quickly contained, incidents are resolved, and recovery is supported – eliminating the chance for recurrence with root cause analysis and threat eradication so we ensure your systems are clear for a return to standard business operations.

Don’t be caught unprepared.

Engage eSentire for Emergency Preparedness Planning as part of an Incident Response Retainer.

Contact Us →



of attackers can breach perimeter controls in under 15 hours1


of attackers can complete a breach in under 15 hours2


of attackers report that security teams identify their presence less than 50% of the time3


average total cost of a data breach, globally4

1 2018 Nuix Black Report
2 Ponemon 2019 Cost of a Breach Report
3 2018 Nuix Black Report
4 Ponemon 2020 Cost of a Breach Report

eSentire Investigator

Enable your In-House IT and Incident Response teams with state-of-the-art eDiscovery and forensics software.

For larger enterprises with dedicated incident response and internal investigation teams, eSentire Investigator enables your experts with unparalleled insight into incident response, threat hunting, digital forensic investigations, insider threat analysis and malware detection.

eSentire Investigator is a top eDiscovery, digital forensics and incident response enterprise-grade software solution that goes beyond breach protection to enable real-time investigation, analysis and resolution of active, or potential threats, no matter the origin. No other enterprise software matches eSentire Investigator’s depth of endpoint visibility and speed to resolution.

Incredible time to value

Unparalleled depth of visibility & investigation data

Trusted by government intelligence, federal law enforcement & military personnel

Works over low-bandwidth connections to support investigations in remote work settings

Addreses multiple use cases including: malware infection, eDiscovery collection, IP protection, data exfiltration, M&A assessments, internal HR investigations and more

The Power of eSentire Investigator: See More, Know More, Respond Instantly.

Evaluate processes on every endpoint in near real-time without impacting business operations.

  • Search globally across your enterprise concurrently
  • Perform, remote, in-depth forensic investigations without leaving your corporate or home office
  • An optional agent stealth mode makes eSentire Investigator activities difficult to detect on the endpoint
  • Provides intelligence into system and network level activities through network and process telemetry
  • View data about processes and their associated files, modules, registry settings, network connects and child processes running RAM in real time
  • View, analyze, recover and acquire (if necessary) files and directions on disk
  • Find malware or other indicators of malicious activity your other security tools and antivirus/EDR solutions might have missed
  • Full remote imaging of hard drives (physical or logical), files, memory, or processes
  • Collect screen shots of active user desktops and running process snapshots of remote systems
  • Search across any number of endpoints for critical indicators of compromise
  • Gain privileged command line access to any endpoint
  • Selectively kill processes on an endpoint to stop active events
  • Remotely mount an endpoint’s media as a local drive to enable the use of additional forensic or operational tools

eSentire Investigator Data Sheet

The Difference Between MDR and Incident Response

eSentire is proud to be recognized globally as the Authority in Managed Detection and Response. We prioritize our capability to respond, and over index our efforts to own the R. Team eSentire is proud to deliver MDR3 - Response. Remediation. Results.

Our capability in Response is built from:

Full threat visibility with multi-signal ingestion across network, endpoint, log and cloud sources

Detection capabilities mapped to MITRE ATT&CK framework

Automated detections and orchestrated blocks through our Atlas XDR Cloud Platform

Proactive Security Network Effects amplifying detection and response capabilities across our entire global customer base

Human intuition and threat hunting expertise for deeper investigation and analysis

Threat isolation, containment and remediation

When your preventative tools are bypassed, have confidence that Team eSentire is there to detect, disrupt, and contain the threat. So where does MDR end and where does Incident Response begin?

MDR + IR: A Recipe for Cyber Resilience in a Twenty-First Century Risk Landscape

Find out why it’s necessary to enhance Managed Detection and Response services with Digital Forensics and Incident Response capabilities.

Download the Report

eSentire Managed Detection and Response (MDR)

Based on multi-signal ingest capability we disrupt and contain attacks before they become business impacting events. We provide recommendations on remediation, or can complete remediation.

eSentire Incident Response and Digital Forensics (IR)

Rapid deployment of incident responders and remote access tools to identity the root cause of an existing security incident and determine the extent to which data and assets were compromised. We contain the incident ensuring no path for continued compromise, support recovery, and provide assistance to satisfy stakeholder and compliance obligations.

eSentire MDR:

24/7 always on monitoring

24/7 Live SOC Cyber Analyst support

24/7 Threat Hunting

24/7 Threat Disruption and Containment Support

Mean time to contain 15 mins

Detailed escalations with analysis and security recommendation

eSentire IR:

Available for emergency engagement or as a retainer model

Deployment of remote and on site incident responders

Provisioning and use of forensic tool sets

Forensic investigation and analysis

Provides root cause analysis and determines extent of asset impact

Containment and eradication of attacker presence and persistent tactics

Recover systems, data and connectivity to return to standard business operations

Reporting and communications support for relevant stakeholders

What our customers are saying

Riverside greyscale logo
The combination of tools, technology and eSentire's Security Operations Center (SOC) means that we have eyes and ears on our network at all times. We consider eSentire as an extension of our team."
Eric Feldman
Chief Information Officer | Riverside
Align greyscale logo
In one solution you are achieving three big main objectives of your cybersecurity program. You’re getting the visibility, you’re getting the detection and identification of potentially bad traffic and you’re getting response if anything is detected as malicious."
Alex Bazay
CISO | Align Communications
Wetherby greyscale logo
It’s a pleasure working with a group of people that know what they’re doing. They are an extension of the Wetherby technical security team"
Trevor Hicks
Principal and CTO | Wetherby Asset Management

Ready to get started?

We’re here to help! Submit your information and an eSentire representative will be in touch to discuss how eSentire Digital Forensics & Incident Response Services can ensure you quickly bring control, stability and organization if a breach should occur.