What We Do
How we do it
Resources
SECURITY ADVISORIES
Sep 23, 2021
SolarMarker Malware Activity
THE THREAT eSentire has observed a recent and significant increase in SolarMarker infections delivered through drive-by download attacks. These attacks rely on social engineering techniques to persuade users to execute malware disguised as document templates. SolarMarker is a modular information-stealing malware; infections may result in the theft of sensitive data including user credentials.…
Read More
View all Advisories →
Company
ABOUT eSENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
Aug 25, 2021
eSentire named a Leader in IDC MarketScape for U.S. Managed Detection and Response Services
August 26, 2021 – Waterloo, ON -  eSentire, recognized globally as the Authority in Managed Detection and Response (MDR), announced today that it has been named a Leader in the IDC MarketScape: U.S. Managed Detection and Response Services 2021 Vendor Assessment (doc #US48129921, August 2021). IDC defines the core services an MDR must provide as follows: reduced time for onboarding, 24/7…
Read More
Partners
PARTNER PROGRAM
Partners
Our award-winning partner program offers financial rewards, sales and marketing tools and personalized training. Accelerate your business and grow your revenue by offering our world-class Managed Detection and Response (MDR) services.
Learn about our Partner Program
Search
Artemis small
What we do
DIGITAL FORENSICS & INCIDENT RESPONSE

Breached?

Act Fast To Reduce Impact.

Digital Forensics & Incident Response services are available for Emergency Incident Response Support or as an Incident Response Retainer. When you’ve been breached, every second counts so we make 4-hour threat suppression possible, remotely, anywhere in the world.

Experiencing a security incident or have you been breached?

Contact us at:
1-866-579-2200

The Next Generation of Cyber Investigation and Incident Response

The eSentire Artemis Cyber Investigations team is named after the goddess of hunting and warfare. Our Cyber Investigations experts are battle-tested and highly certified.

When an incident strikes, you want us in your corner.

Our team delivers the fastest response time in the industry and can begin threat suppression remotely within just 4 hours of being engaged.

With Incident Commander level expertise and industry-leading technologies for remote access and recovery, we work with you to handle emergency security incidents and digital forensics investigations.

REPORT

The Current State of Incident Response Services in 2021

See how modern-day cyber investigations and incident response services can leap off the starting blocks quicker, with faster time-to-execution and time-to-value for customers, changing the game for information security executives.

Get Your Copy

Our Difference, Your Results

eSentire supports the incident response lifecycle end-to-end, prioritizing rapid deployment, containment and analysis, incident resolution including reporting to relevant parties and security strategy to stop recurrences.

Our Difference
Your Results

Industry-Leading Rapid Response

  • For eSentire Incident Response Retainer customers, we deploy remote technology for threat suppression within 4 hours, anywhere in the world.
  • Our time to value in terms of driving critical insight, accelerating investigation and closing the incident response cycle can’t be beat.

Unmatched
Expertise

  • Discipline, structure and organization led by computer forensic practitioners with decades of experience serving the Federal Government (Special Forces, FBI, DEA, CIA) and Fortune 500 companies.
  • Highly credentialed responders partner with our global 24/7 SOC Cyber Analysts and Elite Threat Hunters extending IR support and expertise across hundreds of individuals with decades of experience in stopping attackers that evade defenses.

Proven Tools and Incident Response Processes

  • Industry-leading digital forensics, remote access, investigation and response tools and techniques .
  • Battle-tested response against real world threats ensuring attackers are quickly contained and incidents fully resolved.
  • Visibility and remote triage for forensic analysis, evidence capture, and incident recovery across networked servers and endpoint workstations.

Comprehensive
Recovery

  • End-to-end incident response lifecycle coverage not only stops attackers but supports remediation and recovery that ensures root causes are fixed and the chance for recurrence is eliminated.
  • Satisfies reporting obligations.
  • Transition findings to law enforcement.
  • Strengthen security gaps.
  • Implement lessons learned.

Expert Response To Critical Security Incidents

Effective incident response quickly brings control, stability and organization to the chaotic situation you may find yourself in, should a breach occur. When the worst scenario happens, how fast your organization can contain and recover is critical to limiting business disruption, reducing cost, and salvaging reputational damage.

Financially-Motivated Crimes

Intellectual Property Theft

Data Breaches

Insider Threat

Destructive Cyber Attacks

Personally Identifiable Information (PII) and Protected Health Information (PHI)

Incident Response and Digital Forensics Services

REACTIVE - BREAK THE GLASS

Emergency Incident Response

Supporting the end-to-end Incident Response Lifecycle

  • Rapid mobilization and deployment aimed at quickly securing your systems and networks
  • End-to-End Incident Management
  • Managed Containment
  • Digital Forensic Analysis collecting as much information and insight as possible from your systems and networks
  • Regression analysis to conclusively determine the full extent of compromised assets and determine root cause
  • Incident Recovery
  • Determination of Extent
  • Stakeholder Reporting
  • Compliance support to meet regulatory requirements with centralized collection, retention and reports of log, network and endpoint data
  • Litigation Support as required
  • Crisis Communication Support
1-866-579-2200

PROACTIVE - STRATEGIC INCIDENT PREPAREDNESS

Security Incident Response Planning Services

Incident Response Retainer

  • Hours available for Emergency Incident Response and additional IR Strategic Services
  • Benefit from 4-hour threat suppression, remotely, anywhere in the world
  • SLAs for malware analysis, boots on ground and phone response

Security Consulting & Advisory Services

  • Digital Forensics toolset deployments
  • Data discovery and classification
  • Managed data loss prevention
  • Managed insider threat programs
  • Risk-based security management

Security Incident Response Planning (SIRP)

  • Incident Response Life Cycle Planning
  • Incident Response Policy Development

Simulations and Training

  • Cyber Wargames
  • Tabletop exercises
  • Compromise assessment
Start Now

Revolutionizing Incident Response

4 Hour Threat Suppression SLA

If you choose to engage with us for an Incident Response Retainer, our Cyber Investigations team members can deploy remote technology and kick off threat suppression in less than 4 hours, anywhere in the world.

DFIR image 4 hour SLA

How It Works

DFIR image 2

Complete Cyber Incident Response

We deliver cutting-edge digital forensics, industry-leading Threat Intelligence and powerful 24/7 Incident Response expertise.

RAPID DEPLOYMENT

4 Hour Remote SLA with Retainer

Quickly mobilizes responders and investigative tool sets providing critical visibility across your affected networks and assets.

End-to-End Incident Management

Cyber investigations team and supporting technologies cover the full incident response lifecycle.

Elite Tool Sets

To illuminate where attackers are present. Supports root cause analysis.

Critical Visibility

Deployment of commercially available and open-source tools, including eSentire’s network, endpoint, and log technology, as needed, to collect endpoint telemetry, full network packets, netflow and log data from on-premises and cloud environments to provide multiple vantage points for analysis.

CONTAINMENT AND ANALYSIS

Managed Containment

Locks down and isolates threat actors preventing further spread and business impact.

Digital Forensic Analysis

Reconstructs the incident determining root cause, affected systems and attacker pathways.

Asset Handling

Secure and robust processes for asset handling and chain of custody support.

Eradication

Identifies exploited vulnerabilities, remediates affected assets and deletes presence of all malware.

DETERMINATION OF EXTENT

Robust Reporting

Detailed findings and impacts of the cyber investigation chronicle all actions taken with lessons learned at the executive and technical level.

Compliance Satisfaction

Meets regulatory requirements with centralized collection, retention and reporting.

Litigation Support

Expert and fact witness testimony, if needed, is available.

Crisis Communication

Assist with internal and external communications, including media releases, FAQs, and executive communications.

eSentire’s Digital Forensics Technology Advantage

No other company is in possession of technology that will help you triage and contain a data security breach faster. Within hours of deployment, you will know every impacted system on your network and be completing containment and remediation steps. Competing service providers and technology companies will take months to arrive at the same point of resolution.

Want to know if your breach is attributable to an external actor or an internal operator with legitimate credentials? The eSentire approach is unique in driving your results quickly so we can rapidly answer that question. And if you want to take action in court, respond to a regulator, or pursue any number of other activities associated with a data breach, you will need forensically-assured data. Collecting that data is often prohibitively expensive, unless you’re using eSentire Digital Forensics & Incident Response capabilities.

eSentire brings unique capabilities with its proprietary platform and endpoint agent technology, with unparalleled real-time visibility across all deployed assets. Unlike legacy “dead drive” forensic tools, our platform enables cybersecurity investigators to immediately and remotely commence identifying the exact nature of a security event, determining to what extent systems have been affected, and accelerating incident response. eSentire’s platform mitigates impact by substantially reducing the mean time to identify (MTTI) and mean time to contain (MTTC) cyberthreats to minutes from days or even weeks.

Meet the eSentire Cyber Investigations Team

With the eSentire Cyber Investigations team, you gain access to highly credentialed responders, comprised of computer forensic practitioners with decades of experience serving the Federal Government (Special Forces, FBI, DEA, CIA) and Fortune 500 companies. They partner with our global SOC Cyber Analysts and Elite Threat Hunters, extending your Incident Response support and expertise across hundreds of team members with decades of experience in threat detection, remediation and recovery.

The Cyber Investigations team has deep knowledge of how targeted attacks break through, and the tactics the adversary is using to achieve their objectives. eSentire IR procedures aren’t built on rigid frameworks. Instead, we rely on flexible solutioning and hands-on incident response experience.

The eSentire Cyber Investigations Team Difference

Power of 24/7 SOC Team

  • Access to hundreds of team members
  • 24/7 SOC Cyber Analysts and Elite Threat Hunters
  • Expertise detecting, disrupting and responding to threats

Delivers Results

  • Attacks are quickly contained and incidents are resolved
  • Recovery is supported eliminating the chance for recurrence
  • Root cause analysis and threat eradication
  • Systems clear for return to standard business operations

Flexible Delivery Model

  • Available to address Emergency Incident Response
  • Can be engaged on Retainer for Incident Response and Emergency Preparedness

When minutes matter, you have to be prepared. We’re here to help.

Cybersecurity incidents can disrupt operations, and lead to the loss of services, data and assets. How quickly an incident can be contained and remediated is paramount. eSentire’s Cyber Investigations team delivers results.

Attacks are quickly contained, incidents are resolved, and recovery is supported – eliminating the chance for recurrence with root cause analysis and threat eradication so we ensure your systems are clear for a return to standard business operations.

Don’t be caught unprepared.

Engage eSentire for Emergency Preparedness Planning as part of an Incident Response Retainer.

Contact Us →

DID YOU KNOW?

91%

of attackers can breach perimeter controls in under 15 hours1

54%

of attackers can complete a breach in under 15 hours2

95%

of attackers report that security teams identify their presence less than 50% of the time3

$3.92M

average total cost of a data breach, globally4

1 2018 Nuix Black Report
2 Ponemon 2019 Cost of a Breach Report
3 2018 Nuix Black Report
4 Ponemon 2020 Cost of a Breach Report

The Difference Between MDR and Incident Response

eSentire is proud to be recognized globally as the Authority in Managed Detection and Response. We prioritize our capability to respond, and over index our efforts to own the R. Team eSentire is proud to deliver MDR3 - Response. Remediation. Results.

Our capability in Response is built from:

Full threat visibility with multi-signal ingestion across network, endpoint, log and cloud sources

Detection capabilities mapped to MITRE ATT&CK framework

Automated detections and orchestrated blocks through our Atlas XDR Cloud Platform

Proactive Security Network Effects amplifying detection and response capabilities across our entire global customer base

Human intuition and threat hunting expertise for deeper investigation and analysis

Threat isolation, containment and remediation

When your preventative tools are bypassed, have confidence that Team eSentire is there to detect, disrupt, and contain the threat. So where does MDR end and where does Incident Response begin?

MDR + IR: A Recipe for Cyber Resilience in a Twenty-First Century Risk Landscape

Find out why it’s necessary to enhance Managed Detection and Response services with Digital Forensics and Incident Response capabilities.

Download the Report

eSentire Managed Detection and Response (MDR)

Based on multi-signal ingest capability we disrupt and contain attacks before they become business impacting events. We provide recommendations on remediation, or can complete remediation.

eSentire Incident Response and Digital Forensics (IR)

Rapid deployment of incident responders and remote access tools to identity the root cause of an existing security incident and determine the extent to which data and assets were compromised. We contain the incident ensuring no path for continued compromise, support recovery, and provide assistance to satisfy stakeholder and compliance obligations.

eSentire MDR:

24/7 always on monitoring

24/7 Live SOC Cyber Analyst support

24/7 Threat Hunting

24/7 Threat Disruption and Containment Support

Mean time to contain 15 mins

Detailed escalations with analysis and security recommendation

eSentire IR:

Available for emergency engagement or as a retainer model

Deployment of remote and on site incident responders

Provisioning and use of forensic tool sets

Forensic investigation and analysis

Provides root cause analysis and determines extent of asset impact

Containment and eradication of attacker presence and persistent tactics

Recover systems, data and connectivity to return to standard business operations

Reporting and communications support for relevant stakeholders

What our customers are saying

Riverside greyscale logo
The combination of tools, technology and eSentire's Security Operations Center (SOC) means that we have eyes and ears on our network at all times. We consider eSentire as an extension of our team."
Eric Feldman
Chief Information Officer | Riverside
Align greyscale logo
In one solution you are achieving three big main objectives of your cybersecurity program. You’re getting the visibility, you’re getting the detection and identification of potentially bad traffic and you’re getting response if anything is detected as malicious."
Alex Bazay
CISO | Align Communications
Wetherby greyscale logo
It’s a pleasure working with a group of people that know what they’re doing. They are an extension of the Wetherby technical security team"
Trevor Hicks
Principal and CTO | Wetherby Asset Management

Ready to get started?

We’re here to help! Submit your information and an eSentire representative will be in touch to discuss how eSentire Digital Forensics & Incident Response Services can ensure you quickly bring control, stability and organization if a breach should occur.