Combine cutting-edge XDR technology, multi-signal threat intelligence and 24/7 Elite Threat Hunters to help you build a world-class security operation.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Cyber risk and advisory programs that identify security gaps and build security strategies to address them.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
XDR with machine learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Seamless integration and threat investigation across your existing tech stack.
Proactive threat intelligence, original threat research and a world-class team of seasoned industry veterans.
Extend your team capabilities and prevent business disruption with expertise from eSentire.
We balance automated blocks with rapid human-led investigations to manage threats.
Guard endpoints by isolating and remediating threats to prevent lateral spread.
Defend brute force attacks, active intrusions and unauthorized scans.
Investigation and threat detection across multi-cloud or hybrid environments.
Remediate misconfigurations, vulnerabilities and policy violations.
Investigate and respond to compromised identities and insider threats.
Stop ransomware before it spreads.
Meet regulatory compliance mandates.
Detect and respond to zero-day exploits.
End misconfigurations and policy violations.
Defend third-party and supply chain risk.
Prevent disruption by outsourcing MDR.
Adopt a risk-based security approach.
Meet insurability requirements with MDR.
Protect your most sensitive data.
Build a proven security program.
Operationalize timely, accurate, and actionable cyber threat intelligence.
THE THREAT In recent weeks, eSentire’s Threat Response Unit (TRU) has traced numerous email account compromise cases to infrastructure hosted on several related hosting…
Dec 10, 2024THE THREATUpdate: Security patches to address this vulnerability were released by Cleo on December 12th. Organizations need to update to Cleo Harmony, VLTrader, and LexiCom versions…
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Multi-Signal MDR with 300+ technology integrations to support your existing investments.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
Three MDR package tiers are available based on per-user pricing and level of risk tolerance.
The latest security advisories, blogs, reports, industry publications and webinars published by TRU.
Compare eSentire to other Managed Detection and Response vendors to see how we stack up against the competition.
See why 2000+ organizations globally have chosen eSentire for their MDR Solution.
RSA Conference 2021, one of the most significant events on the cybersecurity calendar, has come and gone. We know that keeping up with all the news and announcements surrounding RSA can be quite a challenge, so in case you missed it live, we wanted to provide a quick recap of Hooked by Phisherman: Quarterbacking Breach Response with Law Enforcement.
Moderated by our own Mark Sangster, this one-hour session tapped into the experience of a distinguished panel of experts who discussed the important factors that contribute to a resilient breach response.
To be clear, no short blog post can capture the detail and nuance of the session, so we encourage you to set aside some time to watch it (and be ready to take notes!) or to download and read this accompanying resource. To (very) briefly summarize, here are three major topics the experts examined and five ways you can get started to better position yourself to respond to a cybersecurity incident.
When a breach is detected (or, say, when you realize you’ve fallen prey to a Funds Transfer Fraud), everyone is immediately under enormous pressure to make high-impact decisions, quickly and correctly. Plus, while it’s often overlooked, the emotional strain cannot be underestimated and is a major contributor to detrimental delays. The only way you can you use the critical early hours effectively is to have an Incident Response (IR) plan in place ahead of time, capturing likely attack scenarios, defining team roles and responsibilities, prescribing timelines and describing in detail which third parties need to be contacted, how to contact them and when.
The consensus of the panelists is that attackers like to detonate ransomware on weekends, for maximum impact, which can create chaos if it’s difficult to get hold of key personnel. And for those who lack an IR plan, critical time is wasted simply building a team—which is a necessary precursor to actually working the problem (e.g., assessing technical impact, engaging with law enforcement, attempting to recover, etc.).
When you’re looking at how to prepare, be sure to consider how law enforcement (LE) agencies can assist. In many cases, they can help recover stolen funds or even paid crypto ransoms. While many people think of LE as reactive, in reality they are very proactive and agencies can assist with IR planning, conducting tabletop exercises, training, securing executive buy-in and so on. Plus, establishing these relationships ahead of time means you know exactly who to call in the event of an incident.
Another misconception is that LE assistance is limited to Fortune 500s, but that’s not at all the case—LE agencies work extensively with industry associations and chambers of commerce to reach the small and medium business (SMB) community.
Additionally, make sure you have cyber insurance, but also make you understand your cyber insurance coverage and recognize that it’s a tool but not a panacea. The right type of coverage depends upon the specific risks facing your business (tabletops can be a great way to expose these risks!). Cyber insurance is a complex domain in and of itself, so be sure to consult with experts and to update your IR plan with appropriate contact details, policy information, etc.
Finally, take care to understand your regulatory and contractual obligations as they relate to security incidents; at the same time, make sure you understand your vendors’ and suppliers’ obligations (and consider writing notification requirements into your contracts with them).
All the preparation in the world won’t prevent an incident—but it will put you in the best position to respond. One of the first responses should be engaging with law enforcement, ideally within 24 hours and certainly within 72 hours (especially if you want to have any hope of recovering lost funds).
Many LE agencies deal with cybercrime, including the FBI, DHS, and Secret Service—the key is to contact someone and to be prepared with information (i.e., don’t just sent an email that says, “We’ve got ransomware!”). Your IR plan should specify which agency/agencies to contact; ideally, you already worked with them to prepare your plan.
Unfortunately, many victims are hesitant to contact law enforcement out of fear that doing so will have unintended negative consequences. But these fears are misplaced: LE’s interest is in solving the problem, not publicizing the incident. In many cases, they will be able to provide valuable—perhaps vital—technical assistance, and in some ransomware instances they may even have decryptor mechanisms at the ready. LE agencies can also act on your behalf to coordinate with financial institutions to trace and recover funds.
Plus, engaging with LE might be required by your insurance policy and doing so can have a substantial mitigating effect on your own liability.
To underscore the main point, preparation is paramount. And part of preparation means having leaders who are sufficiently versed in cybersecurity concepts in general and who understand their specific responsibilities in the event of an incident.
All too often, part of the response team is speaking in technical and cyber terms, and part is speaking in dollars and cents. A crisis is no time to write a dictionary! When everyone understands the relationship between cyber incidents and business impact ahead of time, it allows the whole team to focus on coordinating and executing an effective response.
As noted above, proactively engaging with law enforcement is an effective way to secure support throughout the organization, but especially within the C-suite.
Additionally, tabletop exercises provide a safe space in which to learn, make mistakes, uncover surprises, assess risk, etc. These can go a long way to changing a perception from “I’m sure we’ll be fine…” to “We need an IR plan!”
Managing a data breach or ransomware attack demands that legal counsel, law enforcement, insurance and data forensics all bring their perspective to the coordinated effort to recover. Unfortunately, most companies are unprepared to deal with a cyber incident and rob themselves of valuable resources available from law enforcement because of perceived risks of public exposure, potential liability or a knock on their door by regulators.
We implore you not to repeat the mistakes already made by so many organizations. Instead, take the time to prepare a detailed incident response plan (we can help!), and proactively engage with law enforcement as well as your insurance carrier. Doing so will go a long way toward mitigating damages and positioning you to return to operations in a fraction of the time of going it alone.
Here’s how you can get started:
At eSentire we believe every business should have an incident response plan and incident response retainer. As the panel discussed, cybersecurity incidents can disrupt operations, and lead to the loss of services, data and assets. How quickly an incident can be contained and remediated is paramount. To learn more about eSentire’s Digital Forensics and Incident Response services, connect with an eSentire Security Specialist.
eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization’s cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world’s most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit: www.esentire.com and follow @eSentire.