What We Do
How we do it
Resources
SECURITY ADVISORIES
Sep 23, 2021
SolarMarker Malware Activity
THE THREAT eSentire has observed a recent and significant increase in SolarMarker infections delivered through drive-by download attacks. These attacks rely on social engineering techniques to persuade users to execute malware disguised as document templates. SolarMarker is a modular information-stealing malware; infections may result in the theft of sensitive data including user credentials.…
Read More
View all Advisories →
Company
ABOUT eSENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
Aug 25, 2021
eSentire named a Leader in IDC MarketScape for U.S. Managed Detection and Response Services
August 26, 2021 – Waterloo, ON -  eSentire, recognized globally as the Authority in Managed Detection and Response (MDR), announced today that it has been named a Leader in the IDC MarketScape: U.S. Managed Detection and Response Services 2021 Vendor Assessment (doc #US48129921, August 2021). IDC defines the core services an MDR must provide as follows: reduced time for onboarding, 24/7…
Read More
Partners
PARTNER PROGRAM
Partners
Our award-winning partner program offers financial rewards, sales and marketing tools and personalized training. Accelerate your business and grow your revenue by offering our world-class Managed Detection and Response (MDR) services.
Learn about our Partner Program
Search
What we do
WEBINAR

Detecting and Responding to Zero-Day Attacks

VIEW NOW →
THREAT RESPONSE UNIT

An Elite Team of Threat Hunters and Researchers, That Works for You

eSentire’s Threat Response Unit (TRU) is a world-class team of threat researchers that works as an extension of your team, developing sophisticated hunting tools, new detections enriched by original threat intelligence, and new machine learning models that correlate multi-signal data and automate rapid response to advanced threats.

Start Hunting Threats Now
24/7 Threat Hunting
Elite Security Researchers
Sophisticated Threat Hunting Tools
Rapid Threat Detection
Machine Learning Applications

Threat Intelligence

Tactical Threat Response

Advanced Threat Analytics

TRU emblem transparent

Solving for new and emerging threats

Staying ahead of sophisticated threats requires the capacity to collect unstructured data from disparate sources associated to attacker tactics, techniques and procedures (TTPs) and operationalize global protections – all in a timely manner.

Our industry-renowned Threat Response Unit (TRU) has been recognized for its threat hunting, original research and content development capabilities. With eSentire TRU you gain leading threat intelligence and incredible cybersecurity acumen. This is an elite team of threat hunters and researchers, that supports our 24/7 Security Operations Centers (SOCs), builds detection models across our Atlas XDR Cloud Platform, and works as an extension of your security team to continuously improve our Managed Detection and Response service . Our Threat Response Unit (TRU) is strategically organized into cross-functional groups to protect you against advanced and emerging threats.


eSentire’s Threat Response Unit


Threat Intelligence

Correlates, enriches and applies intelligence that enables proactive discovery of existing and emerging threats.

Tactical Threat Response

Develops proprietary detectors and runbooks that identify threats and streamline investigations based on real-world attacks.

Advanced Threat Analytics

Solves challenges in identifying potential threats posed by disparate data sets leveraging data science and machine learning.

Notable Threat Detections

WE STOP THREAT ACTORS IN THEIR TRACKS. OTHERS CLAIM IT, WE PROVE IT.

Our Threat Response Unit (TRU) has discovered some of the most dangerous threats and nation state attacks in our space. Once a threat is discovered, eSentire TRU proactively hardens your defenses and immediately notifies the greater industry through the publication of Security Advisories, Threat Reports and White Papers. From research to response, TRU leverages enriched threat data and innovative methodologies to protect you with rapid detection models, augmenting our Atlas XDR Security Network Effects. Over the last year TRU built over 250 new detectors to protect our customers from advanced threats and circulated 44 Security Advisories. We broke the news on the Kaseya MSP breach, the malicious more_eggs malware and more.

Original Research and Publications

The TRU team publishes reports, industry publications and white papers based on its original research and the insights driven through proactive threat hunts.

RANSOMWARE REPORT

Dissecting Today’s Ransomware Ecosystem

In this report we look at the emergence of Ransomware-as-a-Service, how criminals use ransomware to perform both opportunistic and targeted attacks, and the most popular initial ransomware attack access techniques.

Get Your Copy →

THREAT DISSECTION REPORT

Defending Against Modern Ransomware: Lessons from the SunWalker Incident

In this report, our team looks at recent changes in ransomware attacks and what that means for organizations when they are targeted. We walk through a real ransomware attack than an eSentire customer faced in 2020 and how our team responded.

Download the Report →

Threat Hunting Done Right

Adversaries don’t work 9-5 and neither do we. Our 24/7 SOCs are staffed with Cyber Analysts and Elite Threat Hunters who hunt, drive detections, contain and respond within minutes to contain and remediate advanced persistent threats.

  • Real-Time Threat Intelligence
  • Patented Machine Learning Applications
  • Rapid Threat Detection
  • Elite Security Researchers
  • Artificial Intelligence Pattern Recognition
  • SOC as a Service Model
  • Multi-Signal Correlation
  • Complete Response

Our SOC team, and entire Managed Detection and Response operation are supported by our Threat Response Unit, the heartbeat of our security ecosystem. TRU delivers proactive hunting, original research, threat intelligence analysis and also builds detection models to augment our Atlas XDR platform capabilities, advancing our human-led investigation and containment efforts.

How It Works

Our Threat Response Unit (TRU) is strategically organized into cross-functional groups to protect you against advanced and emerging threats. They include Threat Intelligence, Tactical Threat Response, and Advanced Threat Analytics. Learn how each adds value and enriches your security posture, improving your overall security outcomes.

Our Difference. Your Results.

THREAT INTELLIGENCE

Our Threat Intelligence practice manages, creates and applies Threat Intelligence learnings across our customer base. Our Threat Intelligence platform correlates and enriches intelligence extracted from daily Security Operations Center (SOC) investigations and multiple third-party sources. Dedicated analysts leverage enriched threat data and new intelligence— ranging from malicious IP addresses, malware hashes, domains and more—to drive hypothesis driven hunts across our global customer base. This integrated threat intelligence and service support is part of our core eSentire Managed Detection and Response offering.

OUR DIFFERENCE Threat Intel Enrichment And Correlation 24/7 Threat Hunting And Complete Response Threat Intel Participation And Contribution
YOUR RESULTS We improve the efficacy of threat intelligence data and efficiently apply it to hypothesis-driven threat hunting to protect your environment. We proactively hunt and build new detection models through the power of artificial intelligence pattern recognition to drive new intelligence, containment and response actions. Our team supports the ongoing fight against cybercrime through participation and sharing in the international counter threat community.

TACTICAL THREAT RESPONSE

Our Tactical Threat Response practice creates proprietary security content, detectors to alert on threats and runbooks to streamline investigations - all of which support our Managed Detection and Response (MDR) service. Our dedicated security experts manage the entire content creation process, which is informed by observations from our Security Operations Center (SOC), outputs from the other teams within the Threat Response Unit (TRU) and the MITRE ATT&CK framework. This modern threat response team manages the security content development roadmap to ensure your service is continuously hardened to keep up with the threat landscape. As is the case with all TRU team outputs, security content development by the Tactical Threat Response team is included as part of eSentire Managed Detection and Response (MDR) at no extra cost.

OUR DIFFERENCE Deep Research And MITRE Mapped Detections eSentire Security Network Effects Measurement And Continuous Improvement Of Detections
YOUR RESULTS We account for the latest threat actor tactics, techniques and procedures on an ongoing basis by leveraging enriched threat intelligence and mappings against the MITRE ATT&CK framework. We provide visibility into emerging attacks and harden your defenses, amplifying hundreds of proprietary detectors across our Atlas XDR Cloud Platform daily, to protect your business. We track all security content for accuracy and efficacy after deployment, implementing adjustments and decommissioning as necessary for optimized operational efficiency.

ADVANCED THREAT ANALYTICS

The Advanced Threat Analytics practice is our innovative threat research and development group. Our expert threat researchers concentrate on solving challenges posed by disparate data sets and expanding attack surfaces. Leveraging data science and machine learning expertise, the Advanced Threat Analytics team creates proprietary and proven models designed to identify threat actor tactics, techniques and procedures that traditional security tools miss. Our innovations, in combination with unique human expertise, accelerate investigations and threat hunts in our Security Operations Center (SOC). As is the case with all modern Threat Response Unit services, eSentire customers benefit from Advanced Threat Analytics expertise and outputs included in our core Managed Detection and Response (MDR) service.

OUR DIFFERENCE Research That Informs Machine Learning 5 Machine Learning Patents For Threat Detection And Data Transfer Threat Hunting Is At The Core Of Our Service
YOUR RESULTS Our research informs development efforts and identifies potential counter-threat use cases that could be accelerated by machine learning and data science. We develop security force multipliers and proprietary machine learning applications that hunt and respond to elusive threats. We are the Authority in Managed Detection and Response – we deliver Response, Remediation, and Results through proactive, hypothesis-driven threat hunting.

Read the TRU Team’s latest Security Advisories outlining new detections and original research.

Security Advisory logo

LATEST POST - Sep 23, 2021

SolarMarker Malware Activity

THE THREAT eSentire has observed a recent and significant increase in SolarMarker infections delivered through drive-by download attacks. These attacks rely on social engineering techniques to persuade users to execute malware disguised as document templates. SolarMarker is a modular information-stealing malware; infections may result in the theft of sensitive data including user…

READ NOW →

TRU Positives

In TRU Positives, eSentire’s Threat Response Unit (TRU) provides a summary of a recent threat investigation. We outline how we responded to the confirmed threat and what recommendations we have going forward.

Read the latest from our TRU Team.

Read Now
Gartnerpeerinsights
Exceptional on-boarding experience, quick and simple. An incredibly great Security Operations Centre at the heart of their product suite. Always developing their product to meet their customers needs. Some of the best customer relationship management I have ever experienced."
Gartner Peer Insights
SVP, Information Technology | in the Finance Industry
Gartnerpeerinsights
The eSentire suite of services for monitoring, detecting and responding to security events, coupled with an extremely high level of customer service, equates to top-notch proactive and reactive security services."
Gartner Peer Insights
Information Security Manager | in the Services Industry
Gartnerpeerinsights
I've been an eSentire costumer from their early days and have implemented their products at a number of firms I've run technology for. Their capabilities have grown over that time dramatically and I consider them to be a trusted partner and extension of my team when it comes to our cybersecurity program."
Gartner Peer Insights
Head of Technology | in the Finance Industry
Gartnerpeerinsights
It has been a few years now since we migrated from one of the big MSSP players to eSentire and their MDR services. It may be the best decision I have ever made in my security career. I was incredibly impressed with their well defined process and talented staff at every level. I continue to praise their customer service, capability and responsiveness. I recommend them without hesitation."
Gartner Peer Insights
VP, Cybersecurity & Network | in the Media Industry

Ready to get started?

We’re here to help! Submit your information and an eSentire representative will be in touch to demonstrate how eSentire Multi-Signal MDR stops threats before they impact your business.