What We Do
How We Do
Get Started


Prevent the Most Advanced Cyberattacks from Ever Breaking Through

Stay ahead of sophisticated known and unknown cyber threats with proactive threat intelligence, original threat research, and a world-class team of seasoned industry veterans.


Reclaim the Advantage Over Sophisticated Cybercriminals with Expert Threat Response

Modern threat response requires the ability to collect unstructured data from disparate sources associated with attacker tactics, techniques, and procedures (TTPs) and operationalize global protections – all in a timely manner.

Unfortunately, many in-house security teams don’t have the bandwidth or expertise to perform proactive threat hunting, conduct original threat research, and develop or deploy new threat detection rules.

The eSentire Threat Response Unit (TRU) is an industry-leading threat research team committed to helping your organization become more resilient. This is an elite team of threat hunters and researchers that supports our 24/7 Security Operations Centers (SOCs), builds threat detection models across the eSentire XDR Cloud Platform, and works as an extension of your security team to continuously improve our Managed Detection and Response service.

By providing complete visibility across your attack surface and performing global threat sweeps and proactive hypothesis-driven threat hunts augmented by original threat research, we are laser-focused on defending your organization against known and unknown threats.

We prioritize creating and updating our detection rules and machine learning (ML) models regularly, so your security posture is hardened against the evolving threat landscape. Our content development is built upon the MITRE ATT&CK Framework® and is constantly fine-tuned for efficacy to reduce false positives.

Why Choose eSentire's Threat Response Unit (TRU)

TRU acts as an extension of your security team to build your cyber resilience and prevent business disruption. With TRU by your side, you can rest easy knowing that you’re protected by an MDR provider that law enforcement agencies rely on to identify threat actors and collaborate on threat intelligence.

Prepare and react to emerging, unknown cyber threats to prevent business disruption

TRU continuously monitors the threat landscape, publishes regular threat advisories, security bulletins, and threat intelligence reports, and conducts proactive real-time threat hunts so you can stay ahead of the latest emerging threats and prevent business disruption.

Harden your toolkit with novel threat detection rules and advanced ML models

As a foundational component of the eSentire MDR service, TRU constantly builds and updates new threat detection rules and ML models across our eSentire XDR platform. These detections are further strengthened by robust investigative runbooks to support our SOC Cyber Analysts in their investigation and containment actions – on your behalf.

Go into battle with a team of industry veterans with real-world experience

TRU has discovered dangerous cyber threats and nation-state attacks (e.g., the Kaseya MSP breach and identities of hackers behind the more_eggs malware). With a 95% employee retention rate, TRU consists of highly certified, seasoned industry veterans who regularly hold threat briefings, share their expertise with industry publications, and have proven to be trusted sources for global law enforcement agencies.

Advanced Threat Intelligence That Outpaces Cyberattacks


Multi-Signal MDR with 300+ technology integrations to support your existing investments.

Learn More →


Extend eSentire protection with our threat intel feed curated from IOCs of positive SOC investigations to enhance your automated blocking.

Learn More →


Threat intelligence resources including the latest security advisories, blogs, reports, industry publications, webinars and more.

Learn More →

Notable Threat Detections


Our Threat Response Unit (TRU) collects and processes threat intelligence from 54 commercial threat feeds and 10+ proprietary intel sources, the Dark Web, social media, security reports, positive SOC-driven threat investigations, and various third-party tools to conduct further investigations and identify potential Indicators of Compromise (IOCs).

Once a threat is discovered, eSentire TRU publishes regular threat advisories, security bulletins, and threat intelligence reports, and conducts proactive real-time threat hunts so you can stay ahead of the latest emerging threats and prevent business disruption.

eSentire TRU has discovered some of the most dangerous cyber threats and nation-state attacks in our space. Last year, TRU built 520+ new detectors to protect our customers and circulated 44 Security Advisories. We broke the news on the Kaseya MSP breach, the malicious more_eggs malware and more.


Of threats are identified by TRU before they appear on commercial threat feeds.


Of threats identified by TRU are never seen in the commercial feeds we manage.

Original nation-state attacks and threats discovered by eSentire TRU:

1. The Kaseya Crypto-mining Attack

2. Hackers Spearphish Professionals on LinkedIn with Fake Job Offers, Infecting them with more_eggs Malware

3. Malicious Google Ads to Lure Computer Users to Spoofed "Signal" and "Telegram" Websites

4. Hackers Flood the Web with 100,000+ Malicious Pages to Deliver Malware

5. Gootloader Hackers Poison Websites Globally to Infect Business Professionals with Ransomware

Read the Latest Security Advisories and TRU Positives

eSentire TRU regularly publishes Security Advisories, TRU Positives, and Malware Analyses on emerging cyber threats to arm you with the latest intel so you can make informed decisions that evolve with the threat landscape. TRU’s research routinely supports law enforcement agencies in their mission to unmask threat actors and stop cybercrime.

Static TRU logo Image

LATEST POST – Jun 12, 2024

Matanbuchus Malware

THE THREAT Beginning in May 2024, and carrying into early June, eSentire has identified an increase in observations of Matanbuchus malware. Matanbuchus is a loader type malware that was first identified in 2021. It has been used to deploy a variety of secondary payloads including Danabot, Qakbot, and Cobalt Strike. In recent cases observed by eSentire, malicious web-browser advertisements (Malvertising) were used to direct users to threat actor…

Jun 11, 2024

PHP Vulnerability Exploited (CVE-2024-4577)

May 29, 2024

Check Point Zero-Day Targeted in Ongoing Attacks

May 22, 2024

Critical Fluent Bit Vulnerability

TRU Positives

Read the summaries of recent threat investigations, how our TRU team responded to confirmed threats, and recommendations on defending your organization from emerging threats.

Read the latest from our
TRU Team.


Cyber Threat Hunting Done Right

Adversaries don’t work 9-5 and neither do we.

By leveraging contextualized human-driven threat intelligence, original content on emerging cyber threats, 24/7 availability of Elite Threat Hunters, and advanced analytics based on the latest TTPs, TRU is committed to delivering the strongest MDR offering from eSentire.

eSentire TRU is foundational to our MDR service – no add-ons or additional costs required. You benefit from:

  • Curated Threat Intelligence
  • Threat Hunting
  • Mitigation Support for Zero-Day Threats
  • Original Threat Research
  • Proactive and Reactive Threat Sweeps
  • Live Defense Against Attackers
  • Updated Detection Rules
  • Monthly TRU Intelligence Briefings

Security Leaders Count on eSentire to Prevent Business Disruption

Excellent MDR Provider, amazing value for the service that you get!

Michael S.

Enterprise Company


Best money I have ever spent on Infosec

Chris T.

Enterprise Company


eSentire excels with advanced threat detection, real-time monitoring, MDR services, customized security, 24/7 SOC, and proactive threat hunting."

David P.

Mid-Market Company


You can depend on the eSentire team at any time and situation. They're a strong SOC team, capable of quickly assessing the severity of an incident and taking appropriate action.

Verified Customer

Financial Services


eSentire takes care of all the work! I request what I need and Boom, its done! I check the dashboard regularly just to keep an eye out on things, but i feel safe knowing they have my back.

Verified Customer

Electrical/Electronic Manufacturing


It is a complete system, the support is excellent. I like that they can isolate a resource at 2:00 AM without waking me up.

Verified Customer



Ready to start building a more resilient security operation today?

We're here to help! Submit your information and an eSentire representative will be in touch to demonstrate how eSentire Multi-Signal MDR service stops cyber threats before they impact your business.