What We Do
How we do it
Jan 13, 2022
GootLoader Hackers Are Compromising Employees of Law and Accounting Firms, Warns eSentire
GootLoader Gang Launches Wide-Spread Cyberattacks Enticing Legal and Accounting Employees to Download Malware eSentire, the industry’s leading Managed Detection and Response (MDR) cybersecurity provider, is warning law and accounting firms of a wide-spread GootLoader hacker campaign. In the past three weeks and as recently as January 6, eSentire’s threat hunters have intercepted and shut down…
Read More
View all Advisories →
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
Oct 28, 2021
Telarus and eSentire Expand Partnership to Safeguard Enterprises Globally Against Business Disrupting Ransomware and Zero-Day Attacks
London, UK and Sydney, Australia– Oct. 28, 2021 - eSentire, recognized globally as the Authority in Managed Detection and Response (MDR), today announces the expansion of its partnership with Telarus, the largest privately-held distributor of business cloud infrastructure and contact centre services. Building on their mutual success across North America, Telarus will bring eSentire’s Managed…
Read More
Our award-winning partner program offers financial rewards, sales and marketing tools and personalized training. Accelerate your business and grow your revenue by offering our world-class Managed Detection and Response (MDR) services.
Learn about our Partner Program
Apply today to partner with the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
What we do

We Own The R
in MDR

eSentire Multi-Signal Managed Detection and Response services enable detection in seconds and containment in minutes. We balance high fidelity automated blocks with rapid human-led threat investigation to isolate, contain and remediate security incidents, with a Mean Time to Contain of 15 minutes.

Build a Custom Quote

Not All MDR Is Created Equal. Expect Complete Response.

As part of our Multi-Signal MDR service we ingest signal sources that drive data correlation, cyber threat analysis and kill switch response capabilities. When combined we deliver full attack surface visibility, deep investigation, threat detection, and complete response.


Our Technology Partners






eSentire Logo


VMware Carbon Black



Sentinel One Logo Carbon Black Logo Crowdstrike Logo Microsoft Logo


Microsoft Logo


Google Cloud Platform


AWS Logo Google Cloud Platform Logo Microsoft Logo

Sumo Logic


Sumo Logic Logo Microsoft Logo


Microsoft Logo
Vulnerability Scans




Tenable Logo Qualys Logo Frontline Logo


Esentire Logo

You can rest assured that with eSentire we are delivering on our commitment to own the R in MDR with each interaction. In fact, eSentire proudly delivers what we like to refer to as MDR3 – Response. Remediation. Results.

Response + Remediation You Can Trust

Our Atlas XDR Cloud Platform ingests over 20M signals per day, makes sense of the data and then automatically blocks over 3M threats per day based on Indicators of Compromise (IOCs) and malicious IPs known to eSentire.

We add over 400 indicators of compromise daily to our machine learning models based on original research, proactive threat hunting and threat intelligence driven across our global customer base.

When an automated response isn’t possible our 24/7 SOC Cyber Analysts and Elite Threat Hunters will perform rapid investigations and initiate response measures on your behalf. These are documented, pre-approved and customizable.

Standard response procedures include:

Preventing infected endpoints from spreading to other machines.

Isolating ransomware, data exfiltration and hands-on keyboard attackers.

Quarantining malicious files and terminate processes.

Stopping/removing service and registry keys.

Preventing compromised email accounts from forwarding compromised communications.

Phishing attempts reported, investigated and remediated.

Organizational retroactive email purges.

Account and access suspension to stop compromised users from corrupting data or applications.

Correcting critical misconfigurations across your multi-cloud environments.

Preventing any devices on the network from communicating with known bad actors based on eSentire Threat Intelligence.

Tactically disrupting network connections involved in investigations or incidents.

eSentire MDR goes beyond alerting and host isolation to deliver complete and robust response. We delve deep into the incident response lifecycle, eradicating threats, and remediating security incidents as part of our standard multi-signal MDR service.

In the event that digital forensics evidence, litigation testimony or crime scene reconstruction is required, our Cyber Security Investigations team can provide complete Digital Forensics and Incident Response support capable of bearing scrutiny in a court of law.

Security leaders are increasingly cognizant that reducing the time to detect a threat is meaningless without a corresponding reduction in the time to respond to a threat to enable a return to a known good state.

Gartner® Market Guide for Managed Detection and Response Services


How to Spot MDR Fact vs Fiction

With hundreds of Managed Detection and Response (MDR) service providers and every company saying the same thing when it comes to “Response”, you need to learn how to separate MDR fact from fiction to select the right MDR provider to secure your business.

eSentire MDR

Goes beyond alerting to provide multi-signal visibility, threat containment, and complete response to cyberattacks on your behalf with a 15-minute Mean Time to Contain.

Fake MDR

Crushes you with alerts, has limited threat visibility and leaves you to contain cyber threats on your own.

Real MDR addresses five measurable components of your protection:


Threat Intelligence - How is my organization keeping up with the evolving threat landscape?


Visibility - How is my organization accounting for sensitive data and potential blind spots?


Automation - How many threats am I able to automatically block?


Human-led Threat Detection, Response, and Remediation - How fast is my organization able to investigate, respond, and remediate identified threats?


Risk reduction over time - How is my provider leveraging data and lessons learned from ongoing MDR operations to reduce my risk over time?

Learn more about Real vs Fake MDR

20 Questions to Ask When You’re Evaluating an MDR Provider

With so many MDR service providers and variations of what they provide, you need to ensure you are getting the right protection for your business. Get the top 20 questions you need to ask when qualifying potential Managed Detection and Response vendors and the reasons why each answer matters.

See eSentire Response In Action

An effective defensive posture requires process, technology and most importantly human expertise for combat-level containment and response. You can’t battle these types of attacks alone. Learn how eSentire MDR responded to emerging threats, including zero-day and ransomware attacks, with a balance of automated platform disruptions and hands-on expertise for investigation & manual threat containment.


Defending Against Modern Ransomware: Lessons from the SunWalker Incident

Home SLA graphic

Read this report and see how our 24/7 SOC and Threat Response Unit (TRU) defended an online educational institution over an 8-hour ransomware battle with eSentire Managed Detection and Response.

Download The Report

A Review of the Kaseya
Zero-Day Attacks

Watch this video with one of eSentire’s Elite Threat Hunters, Spence Hutchinson, as he reviews the Kaseya VSA supply chain attacks and how eSentire’s SOC & TRU responded quickly on our customer’s behalf and notified Kaseya of the breaches.

Watch Now

Why XDR Matters

The eSentire Atlas XDR Cloud Platform makes MDR3 possible. Patented machine learning and proprietary threat content from our Threat Response Unit (TRU) eliminates noise, enabling real-time detection & response, and automatically blocking over 3M threats per day.

Our XDR platform is capable of answering questions like:

Which of these pieces of information are relevant?

Which of these events are related?

Which activities are obviously, clearly and demonstrably malicious?

When is it appropriate to initiate an automated response workflow?

What requires further analysis and human attention?

How many IT assets do I have, where are they, and how has that number changed over time?

Which of my assets might be the target of a cyberattack in the future?

How does my external risk compare to my industry peers?

When there are very high-confidence answers to all of these questions, eSentire threat response can be fully automated. This entirely removes human effort from the process.

In cases where there’s some ambiguity and human intuition is required, the platform gives our 24/7 SOC Cyber Analysts and Elite Threat Hunters in-depth information that makes their jobs easier. It also allows them to be more creative, have more confidence in their effectiveness, and stop more threats.

Learn more about Atlas XDR


See why XDR is the Secret to Highly Effective MDR Services


Learn more about eSentire MDR


Don’t get lost in the abbreviations

The increasing number of organizations jumping on the MDR bandwagon has led to confusion and risk for unsuspecting buyers. What separates MDR from DFIR from XDR from MXDR? Putting confusing abbreviations aside, eSentire prioritizes the security outcomes that will prevent your business’ disruption. We support complete response & remediation across our Multi-Signal Managed Detection and Response service, and have a portfolio of Cyber Investigations services, including our 24/7 On-Demand Incident Response Retainer offering, that can support your business as you prepare for, or are faced with, the worst-case scenario.



Managed Detection and Response services provide remotely delivered modern security operations center capabilities focused on quickly detecting, investigating and actively mitigating security incidents.


Extended detection and response (XDR) is a technology approach that involves combining a pre-built integration of multiple security telemetry sources with analytics and response capabilities (451 Research, 2021). eSentire’s Atlas platform enables our Security Operations Center (SOC) to operate more efficiently to deliver Managed Detection and Response at scale for our global customers.

Threat Response:

The initial incident lifecycle from threat detection to investigation to isolation, containment and remediation of a security incident before it becomes business impacting.


Part of the incident lifecycle that involves resolving a security incident, and bringing the affected assets and or user accounts back to business operation/production standard.

Digital Forensics & Incident Response (DFIR):

DFIR services are advisory services that help clients identify the extent of, and deal with, events and requirements such as security and IT incident investigations, forensic response and triage, and security breaches. They are typically offered by firms on a retainer-based service model, but on-demand or emergency services are also available. Services may include digital forensics investigations, root cause analysis, crime scene reconstruction and more. The results of a DFIR service should be able to bear scrutiny in a court of law.

Remember not all MDR is created equal

The Response Spectrum

How far does the service provider go in terms of threat response and remediation?




Multi-Signal Visibility

MDR - Detection

MDR - Detection

Not always multi-signal

Rapid Human-Led Investigations

MDR - Detection

MDR - Detection

Containment in 15 Minutes

MDR - Response

MDR - Response

Inconsistent MTTC

Automated Response Driven by XDR Platform

MDR - Response

MDR - Response

Endpoint Threat Containment

MDR - Response

MDR - Response

Quarantine Files

MDR - Response

MDR - Response

You’re responsible

Hash Blocking

MDR - Response

MDR - Response

You’re responsible

Account and Access Suspension

MDR - Response

MDR - Response

You’re responsible

Network Isolation

MDR - Response

MDR - Response

You’re responsible

Blocking Compromised Email Accounts

MDR - Response

MDR - Response

You’re responsible

Terminate Malicious Processes

MDR - Remediation

MDR - Remediation

You’re responsible

Facilitated Retroactive Email Purges

MDR - Remediation

MDR - Remediation

You’re responsible

System Reboot

MDR - Remediation

MDR - Remediation

You’re responsible

Removal of Registry Keys/Values

MDR - Remediation

MDR - Remediation

You’re responsible

Threat Eradication

MDR - Remediation

MDR - Remediation

You’re responsible

Root Cause Analysis

eSentire MDR and DFIR

eSentire MDR and DFIR


Digital Forensics Analysis




Crime Scene Reconstruction








Align greyscale logo
In one solution you are achieving three big main objectives of your cybersecurity program. You’re getting the visibility, you’re getting the detection and identification of potentially bad traffic and you’re getting response if anything is detected as malicious."
Alex Bazay
CISO | Align Communications
Mcsaatchi greyscale logo
With eSentire MDR we have gained visibility into attacks against our infrastructure and I have peace of mind knowing that we are defended by the best in the business with 24/7 SOC Cyber Analysts and Elite Threat Hunters who are bolstered by eSentire’s unique Threat Response Unit for original research, threat analysis and content development."
Neil Waugh
Chief Information Officer| M&C Saatchi
Tum greyscale logo
Being able to communicate to the board that our mean time to containment is less than 15 minutes, that’s why we hired eSentire."
Ray Texter
Chief of Information Security | Texas United Management
Hhr greyscale logo
The nice thing with eSentire is, they’re always looking at my network. They’re looking at my environment. They’re looking at everything that’s coming through. I can sleep at night. I don’t have to have 24/7 SOC. I know that my network is being looked at and they’re taking care of it. And if they see something that they deem to be a threat, they can prevent it, and block it, and stop it, and get a hold of my team, if needed."
Leon Goldstein
CIO | Hughes Hubbard & Reed LLP

Ready to get started?

We’re here to help! Submit your information and an eSentire representative will be in touch to demonstrate how eSentire Multi-Signal MDR service stops threats before they impact your business.