What We Do
How we do it
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
View Threat Intelligence Resources →
Mar 15, 2023
CVE-2023-23397 - Microsoft Outlook Elevation of Privilege Zero-Day Vulnerability
THE THREAT On March 14th, as part of Microsoft’s monthly Patch Tuesday release, the company disclosed a critical, actively exploited vulnerability impacting Microsoft Office and Outlook. The…
Read More
View all Advisories →
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
Mar 20, 2023
Exertis and eSentire Partner to Deliver 24/7 Multi-Signal MDR, Digital Forensics & IR Services and Exposure Management to Organisations Across the UK, Ireland, and Europe
Basingstoke, UK– 20 March, 2023. Leading technology distributor, Exertis, announced today that it has bolstered its cybersecurity services, adding eSentire, the Authority in Managed Detection and Response (MDR), to its Enterprise portfolio of offerings. eSentire’s award-winning, 24/7 multi-signal MDR, Digital Forensics & Incident Response (IR), and Exposure Management services will be available…
Read More
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
What we do

We Own The R
in MDR

eSentire’s Multi-Signal Managed Detection and Response services offers the world’s most complete response capability. We balance high fidelity automated blocks with rapid human-led threat investigations to isolate, contain and remediate security incidents, with a Mean Time to Contain of 15 minutes.

Build a Quote

Not All MDR Is Created Equal. Expect Complete Response.

To build a more responsive security operation, you need more than just alerts. You need a partner who goes further to prevent your business from ever being disrupted. When it comes to response, it's how we do it that makes all the difference.



We Find and Stop Cyber Threats Faster Than Anyone

When your business' reputation and operations are under attack, every minute matters. Our Atlas XDR platform instantly detects and blocks threats millions of times per day. When human intuition is required, our 24/7 experts are on guard to protect you with a Mean Time to Contain of only 15 minutes.



We Don’t Just Alert You to Cyber Threats, We Act On Them

We never throw alerts over the fence to you like other MSSPs and MDR providers. We take real ownership of protecting your business, responding to ensure cyber threats are contained and remediated, and your business operations continue to run smoothly. An attack on you, is an attack on us.



We Continuously Protect You Across Your Complete Cyberattack Surface

Be confident your defenses are always one step ahead. Our global SOCs are home to the industry's only 24/7 threat hunters and with eSentire's unique multi-signal intelligence, you can sleep easy knowing that whenever and wherever a new cyber threat is detected, we'll always respond to protect you.

Multi-Signal Response

As part of our Multi-Signal MDR service we ingest signal sources that drive data correlation, cyber threat analysis and kill switch response capabilities. When combined we deliver full attack surface visibility, deep investigation, threat detection, and complete response.


Our Technology Partners






eSentire Logo


VMware Carbon Black



Sentinel One Logo Carbon Black Logo Crowdstrike Logo Microsoft Logo


Microsoft Logo


Google Cloud Platform



Sumo Logic

AWS Logo Google Cloud Platform Logo Microsoft Logo Laceworks Logo Sumo Logic Logo

Sumo Logic


Sumo Logic Logo Microsoft Logo


Microsoft Logo
Vulnerability Scans


Tenable Logo


Esentire Logo

Response + Remediation You Can Trust

Our Atlas XDR Cloud Platform ingests over 20M signals per day, makes sense of the data and then automatically blocks over 3M threats per day based on Indicators of Compromise (IOCs) and malicious IPs known to eSentire.

We add over 400 indicators of compromise daily to our machine learning models based on original research, proactive threat hunting and threat intelligence driven across our global customer base.

When an automated response isn’t possible our 24/7 SOC Cyber Analysts and Elite Threat Hunters will perform rapid investigations and initiate response measures on your behalf. These are documented, pre-approved and customizable.

Standard response procedures include:

Preventing infected endpoints from spreading to other machines.

Isolating ransomware, data exfiltration and hands-on keyboard attackers.

Quarantining malicious files and terminate processes.

Stopping/removing service and registry keys.

Preventing compromised email accounts from forwarding compromised communications.

Phishing attempts reported, investigated and remediated.

Organizational retroactive email purges.

Account and access suspension to stop compromised users from corrupting data or applications.

Correcting critical misconfigurations across your multi-cloud environments.

Preventing any devices on the network from communicating with known bad actors based on eSentire Threat Intelligence.

Tactically disrupting network connections involved in investigations or incidents.

eSentire MDR goes beyond alerting and host isolation to deliver complete and robust response. We delve deep into the incident response lifecycle, eradicating threats, and remediating security incidents as part of our standard multi-signal MDR service.

In the event that digital forensics evidence, litigation testimony or crime scene reconstruction is required, our Cyber Security Investigations team can provide complete Digital Forensics and Incident Response support capable of bearing scrutiny in a court of law.

Organizations that depend on MDR services for the bulk of their security operations functions have reported that they are highly likely to reject MDR providers that cannot take mitigative response actions against threats on their behalf.

2023 Gartner® Market Guide for Managed Detection and Response Services


How to Spot MDR Fact vs Fiction

With hundreds of Managed Detection and Response (MDR) service providers and every company saying the same thing when it comes to “Response”, you need to learn how to separate MDR fact from fiction to select the right MDR provider to secure your business.

eSentire MDR

Goes beyond alerting to provide multi-signal visibility, threat containment, and complete response to cyberattacks on your behalf with a 15-minute Mean Time to Contain.

Fake MDR

Crushes you with alerts, has limited threat visibility and leaves you to contain cyber threats on your own.

Real MDR addresses five measurable components of your protection:


Threat Intelligence - How is my organization keeping up with the evolving threat landscape?


Visibility - How is my organization accounting for sensitive data and potential blind spots?


Automation - How many threats am I able to automatically block?


Human-led Threat Detection, Response, and Remediation - How fast is my organization able to investigate, respond, and remediate identified threats?


Risk reduction over time - How is my provider leveraging data and lessons learned from ongoing MDR operations to reduce my risk over time?

Learn more about Real vs Fake MDR

20+ Questions To Ask When You're Evaluating an MDR Provider

With so many MDR service providers and variations of what they provide, you need to ensure you are getting the right protection for your business. Get the top questions you need to ask when qualifying potential Managed Detection and Response vendors and the reasons why each answer matters.

See eSentire Response In Action

An effective defensive posture requires process, technology and most importantly human expertise for combat-level containment and response. You can’t battle these types of attacks alone. Learn how eSentire MDR responded to emerging threats, including zero-day and ransomware attacks, with a balance of automated platform disruptions and hands-on expertise for investigation & manual threat containment.


Defending Against Modern Ransomware: Lessons from the SunWalker Incident

Home SLA graphic

Read this report and see how our 24/7 SOC and Threat Response Unit (TRU) defended an online educational institution over an 8-hour ransomware battle with eSentire Managed Detection and Response.

Download The Report

A Review of the Kaseya
Zero-Day Attacks

Watch this video with one of eSentire’s Elite Threat Hunters, Spence Hutchinson, as he reviews the Kaseya VSA supply chain attacks and how eSentire’s SOC & TRU responded quickly on our customer’s behalf and notified Kaseya of the breaches.

Watch Now

Why XDR Matters

The eSentire Atlas XDR Cloud Platform makes MDR possible. Patented machine learning and proprietary threat content from our Threat Response Unit (TRU) eliminates noise, enabling real-time detection & response, and automatically blocking over 3M threats per day.

Our XDR platform is capable of answering questions like:

Which of these pieces of information are relevant?

Which of these events are related?

Which activities are obviously, clearly and demonstrably malicious?

When is it appropriate to initiate an automated response workflow?

What requires further analysis and human attention?

How many IT assets do I have, where are they, and how has that number changed over time?

Which of my assets might be the target of a cyberattack in the future?

How does my external risk compare to my industry peers?

When there are very high-confidence answers to all of these questions, eSentire threat response can be fully automated. This entirely removes human effort from the process.

In cases where there’s some ambiguity and human intuition is required, the platform gives our 24/7 SOC Cyber Analysts and Elite Threat Hunters in-depth information that makes their jobs easier. It also allows them to be more creative, have more confidence in their effectiveness, and stop more threats.

Learn more about Atlas XDR


See why XDR is the Secret to Highly Effective MDR Services


Learn more about eSentire MDR


FAQ: Don’t get lost in the abbreviations

The increasing number of organizations jumping on the MDR bandwagon has led to confusion and risk for unsuspecting buyers. What separates MDR from DFIR from XDR from MXDR? Putting confusing abbreviations aside, eSentire prioritizes the security outcomes that will prevent your business’ disruption. We support complete response & remediation across our Multi-Signal Managed Detection and Response service, and have a portfolio of Cyber Investigations services, including our 24/7 On-Demand Incident Response Retainer offering, that can support your business as you prepare for, or are faced with, the worst-case scenario.


What is MDR?

Managed Detection and Response services provide remotely delivered modern security operations center capabilities focused on quickly detecting, investigating and actively mitigating security incidents.

What is XDR?

Extended detection and response (XDR) is a technology approach that involves combining a pre-built integration of multiple security telemetry sources with analytics and response capabilities (451 Research, 2021). eSentire’s Atlas XDR platform enables our Security Operations Center (SOC) to operate more efficiently to deliver Managed Detection and Response at scale for our global customers.

What is Threat Response?

The initial incident lifecycle from threat detection to investigation to isolation, containment and remediation of a security incident before it becomes business impacting.

What is Remediation?

Part of the incident lifecycle that involves resolving a security incident and bringing the affected assets and or user accounts back to business operation/production standard.

What is Digital Forensics & Incident Response (DFIR)?

DFIR services are advisory services that help clients identify the extent of, and deal with, events and requirements such as security and IT incident investigations, forensic response and triage, and security breaches. They are typically offered by firms on a retainer-based service model, but on-demand or emergency services are also available. Services may include digital forensics investigations, root cause analysis, crime scene reconstruction and more. The results of a DFIR service should be able to bear scrutiny in a court of law.

How Will You Use My Existing Security Investments for MDR and How Locked into a Provider Will I Be?

We support “Bring your own license” (BYOL) service models for our core technology partners- Crowdstrike, VMWare Carbon Black, SentinelOne, Sumo Logic, Microsoft, and Tenable. Our best of breed technology partner approach provides you with the ability to leverage the best Endpoint, SIEM, and Cloud providers in the market and have flexibility of choice. Our customers leverage existing investments in combination with our eSentire MDR and Atlas XDR Cloud Platform. Depending on your technology roadmap, we work with you to support migration from one provider to another so that you are never locked in.

How Do You Support Open XDR?

In addition to interoperability with our technology partners, Atlas XDR is an open platform that supports ingesting data from on-prem and cloud security systems via standard logging protocols that drive threat detections, SOC investigations, and threat hunts. We also support a growing list of APIs for technologies not among our core partners such as ServiceNow, Qualys, and SolarWinds which provide network and asset context to further our platform and our analysts’ understanding of your environment, driving better investigations.

What is Your Level of Transparency in MDR Cybersecurity Investigations?

We are extremely transparent. You will get access to the same threat cases and data pertaining to the “who, what, when, where, and how” of a cyber incident as our analysts do through our Insight portal.

Remember not all MDR is created equal

The Response Spectrum

How far does the service provider go in terms of threat response and remediation?




Multi-Signal Visibility

MDR - Detection

MDR - Detection

Not always multi-signal

Rapid Human-Led Investigations

MDR - Detection

MDR - Detection

Containment in 15 Minutes

MDR - Response

MDR - Response

Inconsistent MTTC

Automated Response Driven by XDR Platform

MDR - Response

MDR - Response

Endpoint Threat Containment

MDR - Response

MDR - Response

Quarantine Files

MDR - Response

MDR - Response

You’re responsible

Hash Blocking

MDR - Response

MDR - Response

You’re responsible

Account and Access Suspension

MDR - Response

MDR - Response

You’re responsible

Network Isolation

MDR - Response

MDR - Response

You’re responsible

Blocking Compromised Email Accounts

MDR - Response

MDR - Response

You’re responsible

Terminate Malicious Processes

MDR - Remediation

MDR - Remediation

You’re responsible

Facilitated Retroactive Email Purges

MDR - Remediation

MDR - Remediation

You’re responsible

System Reboot

MDR - Remediation

MDR - Remediation

You’re responsible

Removal of Registry Keys/Values

MDR - Remediation

MDR - Remediation

You’re responsible

Threat Eradication

MDR - Remediation

MDR - Remediation

You’re responsible

Root Cause Analysis

eSentire MDR and DFIR

eSentire MDR and DFIR


Digital Forensics Analysis




Crime Scene Reconstruction








Security Leaders Count on eSentire

Align greyscale logo
In one solution you are achieving three big main objectives of your cybersecurity program. You’re getting the visibility, you’re getting the detection and identification of potentially bad traffic and you’re getting response if anything is detected as malicious."
Alex Bazay
CISO | Align Communications
Mcsaatchi greyscale logo
With eSentire MDR we have gained visibility into attacks against our infrastructure and I have peace of mind knowing that we are defended by the best in the business with 24/7 SOC Cyber Analysts and Elite Threat Hunters who are bolstered by eSentire’s unique Threat Response Unit for original research, threat analysis and content development."
Neil Waugh
Chief Information Officer| M&C Saatchi
Tum greyscale logo
Being able to communicate to the board that our mean time to containment is less than 15 minutes, that’s why we hired eSentire."
Ray Texter
Chief of Information Security | Texas United Management
Hhr greyscale logo
The nice thing with eSentire is, they’re always looking at my network. They’re looking at my environment. They’re looking at everything that’s coming through. I can sleep at night. I don’t have to have 24/7 SOC. I know that my network is being looked at and they’re taking care of it. And if they see something that they deem to be a threat, they can prevent it, and block it, and stop it, and get a hold of my team, if needed."
Leon Goldstein
CIO | Hughes Hubbard & Reed LLP
View Case Studies and Reviews

Ready to get started?

We're here to help! Submit your information and an eSentire representative will be in touch to demonstrate how eSentire delivers complete response to stop threats before they disrupt your business.