Combine cutting-edge XDR technology, multi-signal threat intelligence and 24/7 Elite Threat Hunters to help you build a world-class security operation.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Cyber risk and advisory programs that identify security gaps and build security strategies to address them.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
XDR with machine learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Seamless integration and threat investigation across your existing tech stack.
Proactive threat intelligence, original threat research and a world-class team of seasoned industry veterans.
Extend your team capabilities and prevent business disruption with expertise from eSentire.
We balance automated blocks with rapid human-led investigations to manage threats.
Guard endpoints by isolating and remediating threats to prevent lateral spread.
Defend brute force attacks, active intrusions and unauthorized scans.
Investigation and threat detection across multi-cloud or hybrid environments.
Remediate misconfigurations, vulnerabilities and policy violations.
Investigate and respond to compromised identities and insider threats.
Stop ransomware before it spreads.
Meet regulatory compliance mandates.
Detect and respond to zero-day exploits.
End misconfigurations and policy violations.
Defend third-party and supply chain risk.
Prevent disruption by outsourcing MDR.
Adopt a risk-based security approach.
Meet insurability requirements with MDR.
Protect your most sensitive data.
Build a proven security program.
Operationalize timely, accurate, and actionable cyber threat intelligence.
THE THREAT In recent weeks, eSentire’s Threat Response Unit (TRU) has traced numerous email account compromise cases to infrastructure hosted on several related hosting…
Dec 10, 2024THE THREATUpdate: Security patches to address this vulnerability were released by Cleo on December 12th. Organizations need to update to Cleo Harmony, VLTrader, and LexiCom versions…
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Multi-Signal MDR with 300+ technology integrations to support your existing investments.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
Three MDR package tiers are available based on per-user pricing and level of risk tolerance.
The latest security advisories, blogs, reports, industry publications and webinars published by TRU.
Compare eSentire to other Managed Detection and Response vendors to see how we stack up against the competition.
See why 2000+ organizations globally have chosen eSentire for their MDR Solution.
The last two years have brought significant upheaval in the cybersecurity insurance market, and the vast majority of the blame can be laid at the feet of successful ransomware attacks.
The earliest simple ransomware attacks typically involved a single machine, immediate encryption, and a relatively low ransom (e.g., $500 USD worth of BTC). This simple attack pattern has evolved to employ tactics previously used by Advanced Persistent Threat (APT) actors.
When a single machine obtains a toehold through an exploit, instead of immediately starting the encryption/lockdown process, the attacker immediately reaches out to as many systems in parallel and establishes a firmer beachhead by enlisting as many systems as possible with the same exploit.
By this means, persistent access may be maintained unless all systems are cleaned. When many systems have been exploited, the attacker quietly waits for the appropriate time to encrypt systems en masse. This is usually initiated on the first evening of a long holiday weekend – while support staff may be unable to respond with the same speed as expected during the work week.
Whereas a single exploited machine that’s quickly encrypted may be easily restored with minimal data loss so long as some backup rigor is in evidence, the effort to restore many (conceivably thousands of) systems while an external attacker maintains access and control is difficult.
Even if excellent backup systems exist, it may be difficult to confirm the integrity of the restored data as the attacker lay in hiding during the successive backup cycles. If your Domain Controllers and/or your Backup systems have been exploited, the path is even more difficult. As a result, many times the exploited enterprise ultimately chooses to pay (often after a cycle of negotiation) the ransom. These ransoms could easily sit in the seven-figure zone.
As well, the original authors of the ransomware software itself chose to open marketplaces where they could sell ransomware as a business. No longer did an attacker need to understand how to develop malicious code or find vulnerabilities within operating systems. All that is needed is access to the marketplace.
In the early days of cybersecurity insurance, insurance companies discovered that it was a very profitable product. Before the spectre of ransomware, the financial damage from cyberattacks was generally small. Indeed, there were attacks, sometimes involving the loss of personally identifiable information (PII) but actuaries could build risk models to provide policy guidance that could be successfully underwritten.
Companies in the mid-market concerned about their exposure could easily purchase millions of dollars worth of coverage for as little as fifteen to twenty thousand dollars per year. The insurance company, confident in their models, could be practically guaranteed to make a healthy profit with few payouts and it was this way for well over a decade.
When ransomware evolved from individual systems to higher-profile attacks, that model was upended. Along with the higher ransom payouts, the Advanced Persistent Threat (APT) flavor of ransomware required the enlistment of Incident Response teams, further increasing the price to restore the company to its regular state.
Secondly, insurance companies tend to build models based on geographic and vertical diversity. For example, fires do not occur everywhere simultaneously. Actuarial data can be analyzed to determine the frequency and the severity of occurrence, underlying factors that may increase or decrease probability, and the true cost of recovery.
The new version of APT-styled ransomware forced insurance companies to abandon their old models. It is not possible to hedge cybersecurity insurance based on geographic diversity; on the Internet, we are all neighbors. With the spate of new cybersecurity insurance claims, insurance companies were (as per contract) obliged to pay claims in a manner they had never needed to before. Their profit margin decreased abruptly and significantly. They were forced to review their practices and began to deny claims.
There are three main points that I generally need to point out regarding cybersecurity insurance:
In addition, insurance companies started to perform deeper investigations into the cybersecurity stance of potential policyholders. Due diligence that was previously cursory at best was now considerably more onerous. Insurance companies began to rely more heavily on sources of “external threat intelligence” that had scanned the vulnerabilities of external-facing Internet infrastructure, map it to specific companies and provide a scorecard.
Companies that had previously enjoyed relatively inexpensive cybersecurity insurance discovered that they did not qualify because they fell below a specific “score threshold” as stated by a third-party snapshot.
Some insurance companies have chosen to entirely leave the cybersecurity space.
So, in 2023, given this rather difficult situation, what is a company (i.e., the policyholder) to do? I have several specific recommendations to improve the chances that your organization will be able to obtain improved cost-effective cybersecurity insurance:
When you can document and demonstrate that you are taking reasonable and defensible steps to defend your organization, it should be considerably easier to obtain cybersecurity in this new age.
If you want to receive a more valuable and cost-effective policy, along with strengthening the technical stance of your environment, you will need to enter a deeper relationship with your insurance provider. It will be worth it and in 2023, it is necessary for your mutual benefit.
Eldon Sprickerhoff is the original pioneer and inventor of what is now referred to as Managed Detection and Response (MDR). In founding eSentire, he responded to the incipient yet rapidly growing demand for a more proactive approach to preventing and investigating information security breaches. Now with over 20 years of tactical experience, Eldon is acknowledged as a subject matter expert in information security analysis. Eldon holds a Bachelor of Mathematics, Computer Science degree from the University of Waterloo.