What We Do
How we do it
Resources
TRU INTELLIGENCE CENTER
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
View Threat Intelligence Resources →
SECURITY ADVISORIES
Aug 03, 2022
CVE-2022-31656 – Critical VMware Vulnerability
THE THREAT On August 2nd, 2022, VMware disclosed a new critical vulnerability impacting multiple VMware products. The vulnerability, tracked as CVE-2022-31656 (CVSS: 9.8) is an authentication…
Read More
View all Advisories →
Company
ABOUT ESENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1500+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
Aug 11, 2022
eSentire Researchers Unmask the Top Malware Supplier to Russia’s Most Notorious Financial Crime Families: Fin6 and Cobalt Group
Waterloo, ON, and Las Vegas, NV, August 11, 2022 — eSentire, the Authority in Managed Detection and Response (MDR), released a report today, unmasking the threat actor behind the Golden Chickens malware, the weapon of choice for Russia’s most infamous financial cybercrime families— FIN6 and Cobalt Group. Joe Stewart and Keegan Keplinger, security researchers with eSentire‘s Threat Response Unit…
Read More
Partners
PARTNER PROGRAM
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
ECOSYSTEM PARTNER RESOURCES
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
What we do

CYBERSECURITY ASSESSMENT

Receive a free executive report.

Get Your Report
DIGITAL FORENSICS & INCIDENT RESPONSE

Be ready with the world's fastest threat suppression

Stop attackers in their tracks with our breakthrough 4-hour remote threat suppression commitment. No one moves faster to contain an incident and bring your business back to standard operation.
eSentire Digital Forensics & Incident Response services are available for On-Demand 24/7 Incident Response as a retainer offering, or for Emergency Incident Response support.

Experiencing a security incident or have you been breached?

Contact us at:
1-866-579-2200

When a Data Breach Occurs, You Want Us In Your Corner.

Respond to any security incident with the world’s fastest threat suppression.

When disaster strikes you need an incident response partner that can react with industry-leading speed and efficacy. Having immediate access to expert on-demand cyber forensics and incident response services brings rapid control and stability to your organization when a breach occurs. It can be the difference between a catastrophic day and just another day at the office because how fast your organization can contain and recover from a security incident is critical to limiting business disruption, reducing costs, and salvaging reputational damage.

eSentire’s On-Demand 24/7 Incident Response service provides you peace of mind with the fastest threat suppression in the industry and the guarantee that you’re prepared for even the most advanced attack. Through a combination of best-in-class digital forensics technology and elite responders, we can suppress a cybersecurity incident, anywhere in the world, within 4 hours. Our response speed is made possible by eSentire Atlas XDR Investigator - a proprietary and breakthrough digital forensics tool deployed in your environment to give our team instant access, detection and containment capabilities the moment you call. Atlas XDR Investigator agents are deployed once our partnership begins, resulting in time to value that is unmatched industry-wide.

DFIR image 4 hour SLA
DFIR image 4 hour SLA

ESENTIRE INCIDENT RESPONSE

Learn how eSentire's On-Demand 24/7 Incident Response service gets you back to normal business operations in a matter of hours, delivering a guaranteed 4-hour threat suppression promise, anywhere in the world.

Watch Now
×

What you can expect

Our Difference

Industry Leading 4-Hour Threat Suppression

Elite Global Expertise, On-Demand

Breakthrough Digital Forensics Technology

Full Support From Response To Recovery

Your Results

We get you back to normal business operations in a matter of hours, delivering a guaranteed 4-hour threat suppression promise, anywhere in the world. No one moves faster to contain cybercriminals before they can disrupt your business.

We strategically deploy our proprietary eSentire Atlas XDR Investigator agent to devices across your network. Therefore, within minutes of your call, our team will have immediate access and forensic capabilities to actively work to suppress the threat.

We provide you with priority access on-demand to our team of elite incident responders who are highly accredited with diverse cybersecurity backgrounds and decades of experience. Many of our incident responders have held technical leadership positions across the Federal Government (Special Forces, FBI, DEA, CIA) and within Fortune 500 companies. Sleep easy knowing that you have priority, on-demand access to our global team of elite incident responders - standing by, 24/7, wherever in the world you need us.

Our industry-leading digital forensics and investigative tools allow us to provide immediate time to value - collecting digital forensics artifacts regardless of your organization’s size or location - to get you back to normal business operations within hours vs days.

Our digital forensics and incident response services are powered by eSentire Atlas XDR Investigator, our proprietary technology, which enables our team to perform end-to-end investigations remotely.

Experience a smooth recovery with our full support through the investigative lifecycle including the filing of cyber insurance claims, compliance & litigation evidence preservation, transitioning findings to law enforcement, supporting legal proceedings, expert witness testimony and strengthening security gaps through the implementation of lessons learned.

Our Difference
With Your Results

Industry Leading 4-Hour Threat Suppression

We get you back to normal business operations in a matter of hours, delivering a guaranteed 4-hour threat suppression promise, anywhere in the world. No one moves faster to contain cybercriminals before they can disrupt your business.

We strategically deploy our proprietary eSentire Atlas XDR Investigator agent to devices across your network. Therefore, within minutes of your call, our team will have immediate access and forensic capabilities to actively work to suppress the threat.

Elite Global Expertise, On-Demand

We provide you with priority access on-demand to our team of elite incident responders who are highly accredited with diverse cybersecurity backgrounds and decades of experience. Many of our incident responders have held technical leadership positions across the Federal Government (Special Forces, FBI, DEA, CIA) and within Fortune 500 companies. Sleep easy knowing that you have priority, on-demand access to our global team of elite incident responders - standing by, 24/7, wherever in the world you need us.

Breakthrough Digital Forensics Technology

Our industry-leading digital forensics and investigative tools allow us to provide immediate time to value - collecting digital forensics artifacts regardless of your organization’s size or location - to get you back to normal business operations within hours vs days.

Our digital forensics and incident response services are powered by eSentire Atlas XDR Investigator, our proprietary technology, which enables our team to perform end-to-end investigations remotely.

Full Support From Response To Recovery

Experience a smooth recovery with our full support through the investigative lifecycle including the filing of cyber insurance claims, compliance & litigation evidence preservation, transitioning findings to law enforcement, supporting legal proceedings, expert witness testimony and strengthening security gaps through the implementation of lessons learned.

Incident Response and Digital Forensics Services

eSentire Digital Forensics & Incident Response services are available for On-Demand 24/7 Incident Response or Emergency Incident Response support.

PROACTIVE

On-Demand 24/7 Incident Response

Incident Response Retainer

  • Benefit from 4-hour threat suppression, remotely, anywhere in the world
  • We strategically deploy our proprietary Atlas XDR Investigator agent to devices across your client network
  • Within minutes of your call, our team will have digital forensic capabilities on your network so we can actively work to suppress the threat
  • Unlimited number of incident response hours without the upfront commitment

Security Consulting & Advisory Services

  • Data discovery and classification
  • Managed data loss prevention
  • Managed insider threat programs
  • Risk-based security management

Security Incident Response Planning (SIRP) (Add On)

  • Incident Response Lifecycle Planning
  • Incident Response Policy Development
Get Started

REACTIVE

Emergency Incident Response

Supporting the end-to-end Incident Response Lifecycle

  • Rapid mobilization and deployment aimed at quickly securing your systems and networks
  • End-to-End Incident Management
  • Managed Containment
  • Digital Forensic Analysis collecting as much information and insight as possible from your systems and networks
  • Regression analysis to conclusively determine the full extent of compromised assets and determine root cause
  • Incident Recovery
  • Determination of Extent
  • Stakeholder Reporting
  • Compliance support to meet regulatory requirements with centralized collection, retention and reports of log, network and endpoint data
  • Litigation Support as required
  • Crisis Communication Support
1-866-579-2200
MARKET GUIDE

Gartner® Market Guide for Digital Forensics and Incident Response (DFIR) Services

The increasing number and severity of cybersecurity incidents has prompted growing adoption of digital forensics and incident response (DFIR). The Gartner Market Guide for DFIR services can aid in identifying the most suitable cyber incident response provider for your organization.

Download the Report

Complete Cyber Incident Response

We deliver cutting-edge digital forensics, industry-leading Threat Intelligence and powerful 24/7 Incident Response services and expertise. With our On-Demand 24/7 Incident Response retainer in place, you can be sure you’re prepared for the most advanced cyberattacks.

RAPID DEPLOYMENT

4-Hour Remote SLA with Retainer

Quickly mobilizes investigative toolset and expert responders providing critical visibility and support across your affected networks and assets.

End-to-End Incident Management

Cyber security Investigations team and supporting technologies cover the full incident response lifecycle.

On-Site Incident Responders

Within 24 hours, anywhere in the world, we can deploy boots on the ground for on-site incident response management.

Elite Tool Sets

To illuminate where attackers are present. Supports root cause analysis.

CONTAINMENT AND ANALYSIS

Managed Containment

Locks down and isolates threat actors preventing further spread and business impact.

Eradication Support

Identifies exploited vulnerabilities, supports remediation of affected assets.

Digital Forensic Analysis

Reconstructs the incident determining root cause, affected systems and attacker pathways.

Critical Visibility

Deployment of commercially available and open-source tools, including eSentire’s network, endpoint, and log technology, as needed, to collect endpoint telemetry, full network packets, netflow and log data from on-premises and cloud environments to provide multiple vantage points for analysis.

Asset Handling

Secure and robust processes for asset handling and chain of custody support.

Confirmation

Ensures the network is secure and monitors for attacker response and persistence measures.

Malware Analysis

We will detect and analyze malicious files and URLs for suspicious activities to gather a deep analysis and generate comprehensive & detailed reports.

DETERMINATION OF EXTENT

Compliance Satisfaction

Meets regulatory requirements with centralized collection, retention and reporting.

Evidence Preservation

Gathers and stores incident details that meet legal, insurance and regulatory requirements.

Litigation Support

Expert and fact witness testimony, if needed, is available.

Robust Reporting

Detailed finding and impacts of the cyber investigation chronicle taken with lessons learned at the executive and technical level.

Meet the eSentire Cyber Security Investigations Team

With the eSentire Cyber Security Investigations (CSI) team, you gain access to highly credentialed responders, comprised of computer forensic practitioners with decades of experience serving government intelligence agencies, federal & city law enforcements, the United States Military and Fortune 500 companies. Our team of responders have extensive incident response experience and multiple industry certifications:

  • Certified Information Systems Security Professional (CISSP)
  • Licensed Private Investigator (LPI)
  • Certified Hacker Forensics Investigator (C|HFI)
  • Certified Computer Forensics Examiner (CCFE)
  • Certified Forensics Consultant (CFC)
  • GIAC Certified Incident Handler (GCIH)

eSentire CSI partners with our global SOC Cyber Analysts and Elite Threat Hunters, extending your Incident Response support and expertise across hundreds of team members with decades of experience in threat detection, remediation and recovery. Our team has deep knowledge of how targeted attacks break through, and the Tactics, Techniques, and Procedures (TTPs) adversaries use to achieve their objectives. eSentire Incident Response procedures aren’t built on rigid frameworks. Instead, we rely on flexible solutioning and hands-on incident response experience.

Delivers Results

  • Attacks are quickly contained and incidents are resolved
  • Recovery is supported eliminating the chance for recurrence
  • Root cause analysis and threat eradication
  • Systems clear for return to standard business operations

Power of 24/7 SOC Team

  • Access to hundreds of team members
  • 24/7 SOC Cyber Analysts and Elite Threat Hunters
  • Expertise detecting, disrupting and responding to threats

Flexible Delivery Model

  • Can be engaged on Retainer for Incident Response and Emergency Preparedness
  • Available to address Emergency Incident Response

eSentire’s Digital Forensics Technology Advantage

Our service is powered by our proprietary eSentire Atlas XDR Investigator agent. This digital forensics tool enables our team to perform end-to-end investigations remotely. No other company is in possession of technology that will help you triage and contain a data security breach faster. Within hours of deployment, you will know every impacted system on your network and be completing containment and remediation steps. Competing service providers and technology companies will take months to arrive at the same point of resolution.

Want to know if your data breach is attributable to an external actor or an internal operator with legitimate credentials? The eSentire approach is unique in driving your results quickly so we can rapidly answer that question. If you want to take action in court, respond to a regulator, or pursue any number of other activities associated with a data breach, you will need forensically-assured data. Collecting that data is often prohibitively expensive, unless you’re using eSentire Digital Forensics & Incident Response capabilities.

eSentire brings unique capabilities with its proprietary XDR and endpoint technology, with unparalleled real-time visibility across all deployed assets. Unlike legacy “dead drive” digital forensic tools, our platform enables cybersecurity investigators to immediately and remotely commence identifying the exact nature of a security event, determining to what extent systems have been affected, and accelerating incident response. eSentire’s platform mitigates impact by substantially reducing the mean time to identify (MTTI) and mean time to contain (MTTC) cyber threats to minutes from days or even weeks.

ESENTIRE ATLAS XDR INVESTIGATOR

Watch this video to see how eSentire’s Atlas XDR Investigator enables our 4-hour threat suppression SLA as part of our On-Demand 24/7 IR Retainer offering.

Watch Now
×

eSentire Atlas XDR Investigator

Enable your in-house IT and Incident Response teams with state-of-the-art eDiscovery and digital forensics software.

For larger enterprises with dedicated incident response and internal investigation teams, Atlas XDR Investigator is available and enables your experts with unparalleled insight into incident response, threat hunting, digital forensic investigations, insider threat analysis and malware detection.

Atlas XDR Investigator is a top eDiscovery, digital forensics and incident response enterprise-grade software solution that goes beyond breach protection to enable real-time investigation, analysis and resolution of active, or potential threats, no matter the origin. No other enterprise software matches Atlas XDR Investigator’s depth of endpoint visibility and speed to resolution. Atlas XDR Investigator's forward leaning technology instantly enables full forensic capabilities on any endpoint, anywhere in the world.

Incredible time to value

Unparalleled depth of visibility & investigation data

Trusted by government intelligence, federal law enforcement & military personnel

Works over low-bandwidth connections to support investigations in remote work settings

Addresses multiple use cases including: malware infection, eDiscovery collection, IP protection, data exfiltration, M&A assessments, internal HR investigations and more

The Power of Atlas XDR Investigator: See More, Know More, Respond Instantly.

Evaluate processes on every endpoint in near real-time without impacting business operations.

SEE MORE
  • Search globally across your enterprise concurrently
  • Perform, remote, in-depth digital forensic investigations without leaving your corporate or home office
  • An optional agent stealth mode makes Atlas XDR Investigator activities difficult to detect on the endpoint
KNOW MORE
  • Provides intelligence into system and network level activities through network and process telemetry
  • View data about processes and their associated files, modules, registry settings, network connects and child processes running RAM in real time
  • View, analyze, recover and acquire (if necessary) files and directions on disk
  • Find malware or other indicators of malicious activity your other security tools and antivirus/EDR solutions might have missed
RESPOND INSTANTLY
  • Full remote imaging of hard drives (physical or logical), files, memory, or processes
  • Collect screenshots of active user desktops and running process snapshots of remote systems
  • Search across any number of endpoints for critical indicators of compromise
  • Gain privileged command line access to any endpoint
  • Selectively kill processes on an endpoint to stop active events
  • Remotely mount an endpoint’s media as a local drive to enable the use of additional forensic or operational tools

Atlas XDR Investigator Data Sheet

The Difference Between MDR and Incident Response

eSentire is proud to be recognized globally as the Authority in Managed Detection and Response. We prioritize our capability to respond and own the R in MDR.

Our capability in Response is built from:

Full threat visibility with multi-signal ingestion across network, endpoint, log and cloud sources

Detection capabilities mapped to MITRE ATT&CK framework

Automated detections and orchestrated blocks through our Atlas XDR Cloud Platform

Proactive Security Network Effects amplifying detection and response capabilities across our entire global customer base

Human intuition and threat hunting expertise for deeper investigation and analysis

Threat isolation, containment and remediation

When your preventative tools are bypassed, have confidence that Team eSentire is there to detect, disrupt, and contain the threat. Our Incident Response services are battle proven to limit the financial, reputational and human cost of cyberattacks on your business. And the fact that the majority of customers we support through an incident go on to deploy our complete MDR service is testament to the exceptional experience you can expect. So where does MDR end and where does Incident Response begin?

eSentire Managed Detection and Response (MDR)

Based on multi-signal ingest capability we disrupt and contain attacks before they become business impacting events. We provide recommendations on remediation, or can complete remediation.

eSentire Digital Forensics and Incident Response (DFIR)

4-hour threat suppression delivered remotely by our Cyber Security Investigations team who are armed with best-in-class tools to identify the root cause of an existing security incident and determine the extent to which data & assets were compromised. This helps ensure you can get back to normal business operations and we will support you through recovery & provide assistance to satisfy your stakeholder and compliance obligations. The results of our digital forensics investigations can bear scrutiny in a court of law.

eSentire Managed Detection and Response (MDR)

24/7 Always-on Monitoring, Live SOC Cyber Analyst Support, Threat Hunting, and Threat Disruption & Containment Support

Mean Time to Contain: 15 minutes

Machine Learning XDR Cloud Platform

Multi-signal Coverage and Visibility

Automated Detections with Signatures, IOCs, and IPs

Security Network Effects

Detections mapped to MITRE ATT&CK Framework

5 Machine Learning patents for threat detection and data transfer

Detection of unknown attacks using behavioral analytics

Rapid human-led investigations

Threat containment and remediation

Detailed escalations with analysis and security recommendations

eSentire Insight Portal access and real-time visualizations

Threat Advisories, Threat Research, and Thought Leadership

Operational Reporting and Peer Coverage Comparisons

Named Cyber Risk Advisor

Business Reviews and Strategic Continuous Improvement planning

eSentire Digital Forensics and Incident Response (DFIR)

Available as a retainer or on an emergency basis

Deployment of remote and on site incident responders

Provisioning and use of forensic tool sets

Forensic investigation and analysis

Provides root cause analysis and determines extent of asset impact

Covers the full incident response lifecycle

Secure and robust processes for asset handling and chain of custody support

Containment and eradication of attacker presence and persistent tactics

Recover systems, data and connectivity to return to standard business operations

Meets regulatory requirements

Expert and fact witness testimony, if needed

Gathers and stores incident details that meet legal, insurance and regulatory requirements

Reporting and communications support for relevant stakeholders

REPORT

MDR + IR: A Recipe for Cyber Resilience in a Twenty-First Century Risk Landscape

Web dfir thumb Report 713x401

Find out why it’s necessary to enhance Managed Detection and Response services with Digital Forensics and Incident Response capabilities.

Download the Report
GUIDE

MDR and the Role of Digital Forensics

Web dfir thumb Guide 713x401

Learn about the role of digital forensics and how engaging with a complete, multi-signal MDR provider is a powerful means of protection against cyberattacks.

Read the Guide

Security Leaders Count on eSentire

En Cap Investments LP grey
eSentire provides a better security posture for our organization.”
Shahab Kazim
Chief Technology Officer (CTO) | EnCap Investments LP
CWS Apartment Homes grey
I have enjoyed having the additional security knowledge on my team. I sleep better at night."
David Greene
IT Vice President | CWS Apartment Homes, Inc.
Wetherby greyscale logo
It’s a pleasure working with a group of people that know what they’re doing. They are an extension of the Wetherby technical security team"
Trevor Hicks
Principal and CTO | Wetherby Asset Management
View Case Studies and Reviews

Ready to get started?

We’re here to help! Submit your information and an eSentire representative will be in touch to discuss how eSentire Digital Forensics & Incident Response Services can ensure you quickly bring control & stability to the situation, if a breach should occur.