Combine cutting-edge XDR technology, multi-signal threat intelligence and 24/7 Elite Threat Hunters to help you build a world-class security operation.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Cyber risk and advisory programs that identify security gaps and build security strategies to address them.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
XDR with machine learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Seamless integration and threat investigation across your existing tech stack.
Proactive threat intelligence, original threat research and a world-class team of seasoned industry veterans.
Extend your team capabilities and prevent business disruption with expertise from eSentire.
We balance automated blocks with rapid human-led investigations to manage threats.
Guard endpoints by isolating and remediating threats to prevent lateral spread.
Defend brute force attacks, active intrusions and unauthorized scans.
Investigation and threat detection across multi-cloud or hybrid environments.
Remediate misconfigurations, vulnerabilities and policy violations.
Investigate and respond to compromised identities and insider threats.
Stop ransomware before it spreads.
Meet regulatory compliance mandates.
Detect and respond to zero-day exploits.
End misconfigurations and policy violations.
Defend third-party and supply chain risk.
Prevent disruption by outsourcing MDR.
Adopt a risk-based security approach.
Meet insurability requirements with MDR.
Protect your most sensitive data.
Build a proven security program.
Operationalize timely, accurate, and actionable cyber threat intelligence.
THE THREAT In recent weeks, eSentire’s Threat Response Unit (TRU) has traced numerous email account compromise cases to infrastructure hosted on several related hosting…
Dec 10, 2024THE THREATUpdate: Security patches to address this vulnerability were released by Cleo on December 12th. Organizations need to update to Cleo Harmony, VLTrader, and LexiCom versions…
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Multi-Signal MDR with 300+ technology integrations to support your existing investments.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
Three MDR package tiers are available based on per-user pricing and level of risk tolerance.
The latest security advisories, blogs, reports, industry publications and webinars published by TRU.
Compare eSentire to other Managed Detection and Response vendors to see how we stack up against the competition.
See why 2000+ organizations globally have chosen eSentire for their MDR Solution.
Did you know that the entity that deploys ransomware in an environment may not actually be the entity that originally breaks in? In recent years, separate threat actors known as Initial Access brokers have emerged, specializing in obtaining and reselling covert access to their victims. These Initial Access Brokers then sell the access to ransomware-as-a-service (RaaS) threat actor groups and affiliates, who use the access to get into your environment, compromise sensitive data, and deploy ransomware.
Think of it this way – instead of a burglar breaking and entering into a house and rummaging it to steal the valuables, a RaaS operator obtains access through some method (e.g., a window left ajar, a door left unlocked) and then markets and sells that access on the dark web to someone else to burgle.
Once stealthy access is gained, the threat actor maintains connectivity to the victim and publishes their access to potential purchasers. These purchasers can then choose to perform their nefarious tasks, including potentially ransomware deployment, data theft and extortion, and espionage.
How do these Initial Access Brokers even gain initial access in the first place? There are several methods, some requiring subterfuge or misdirection, some being direct attacks against the organization, others using upstream service providers or trusted partners. These include:
While many of these initial access vectors can be minimized or at least better-defended-against with proper cybersecurity defense tactics and rigor (including modern and effective endpoint software, hardened infrastructure, monitoring, and response capabilities) we have discovered that in many instances there are significant gaps or “blind spots” in coverage.
For example, a customer may choose not to install endpoint software on all of their servers, resulting in what’s known as ‘out-of-scope’ endpoints. If a server is externally facing and a vulnerability is discovered by an attacker, that “blind spot” provides a convenient vector of entry. From that single instance, it is considerably more difficult to defend the entire organization once the attacker gains a firm foothold within the blind spot.
These are among the most classic inbound vectors to gain illicit access. An attacker sends emails out to innumerable email addresses with either malicious attachments, URLs, or more recently QR codes. While only a small fraction of the targets will actually click on the links or open the attachments, this is a relatively low-risk method to gain access.
Due to a combination of improved anti-phishing technology, security awareness training and reporting, the proportion of email-based attacks used to gain initial access has fallen in recent months but has been supplanted by browser-based attacks.
Browser-based attacks require the end user to initiate the download of malicious materials intended to gain initial access. There are four primary methods threat actors use to socially engineer employees:
Some attackers will comb through credential caches from websites that have been previously exploited. In situations where two-factor authentication (2FA) is not used, static usernames and passwords can be obtained and reused.
Along with this, brute force password login attempts can yield initial access to attackers. Note that the use of strong 2FA can minimize much of the significance of these attacks but it is not a panacea; attackers have built other attack methods to impersonate legitimate users through 2FA.
All non-trivial software hosts vulnerabilities, and often attackers will probe targets for vulnerabilities in externally facing infrastructure, including weak code or misconfiguration. Websites running unpatched code are a frequent vector, but more concerningly remote access software (including VPN access) has been susceptible to attacks.
Once a remote attacker gains control of the remote access environment, they are generally able to move throughout the organization freely. The ConnectWise/ScreenConnect incidents in the last month are an example of the seriousness of this attack vector. However, there have been many others in the recent past, including Fortinet VPN and Kaseya vulnerabilities.
Attacking a trusted third-party entity that has administrative-level access into hundreds or even thousands of client entities is one particularly effective method by which initial access can be gained. The effort required to gain access to one entity that holds “the keys to a thousand kingdoms” is not generally much more than of a smaller one, and the payoff can be considerably higher. Trusted third-party service providers must be considered possible vectors of attack, and rigor should be used to evaluate third party vendors, and to monitor and secure access accordingly.
Download our 2023 year in review and 2024 threat landscape outlook report to help you reduce your cyber risks, build resilience, and prevent business disruption.
Download NowThe best defense against modern ransomware attacks is to continually defend against the “thin edge of the wedge” – the initial access vector used. These tactics include:
Eldon Sprickerhoff is the original pioneer and inventor of what is now referred to as Managed Detection and Response (MDR). In founding eSentire, he responded to the incipient yet rapidly growing demand for a more proactive approach to preventing and investigating information security breaches. Now with over 20 years of tactical experience, Eldon is acknowledged as a subject matter expert in information security analysis. Eldon holds a Bachelor of Mathematics, Computer Science degree from the University of Waterloo.