Combine cutting-edge XDR technology, multi-signal threat intelligence and 24/7 Elite Threat Hunters to help you build a world-class security operation.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Cyber risk and advisory programs that identify security gaps and build security strategies to address them.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
XDR with machine learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Seamless integration and threat investigation across your existing tech stack.
Proactive threat intelligence, original threat research and a world-class team of seasoned industry veterans.
Extend your team capabilities and prevent business disruption with expertise from eSentire.
We balance automated blocks with rapid human-led investigations to manage threats.
Guard endpoints by isolating and remediating threats to prevent lateral spread.
Defend brute force attacks, active intrusions and unauthorized scans.
Investigation and threat detection across multi-cloud or hybrid environments.
Remediate misconfigurations, vulnerabilities and policy violations.
Investigate and respond to compromised identities and insider threats.
Stop ransomware before it spreads.
Meet regulatory compliance mandates.
Detect and respond to zero-day exploits.
End misconfigurations and policy violations.
Defend third-party and supply chain risk.
Prevent disruption by outsourcing MDR.
Adopt a risk-based security approach.
Meet insurability requirements with MDR.
Protect your most sensitive data.
Build a proven security program.
Operationalize timely, accurate, and actionable cyber threat intelligence.
THE THREAT In recent weeks, eSentire’s Threat Response Unit (TRU) has traced numerous email account compromise cases to infrastructure hosted on several related hosting…
Dec 10, 2024THE THREATUpdate: Security patches to address this vulnerability were released by Cleo on December 12th. Organizations need to update to Cleo Harmony, VLTrader, and LexiCom versions…
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Multi-Signal MDR with 300+ technology integrations to support your existing investments.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
Three MDR package tiers are available based on per-user pricing and level of risk tolerance.
The latest security advisories, blogs, reports, industry publications and webinars published by TRU.
Compare eSentire to other Managed Detection and Response vendors to see how we stack up against the competition.
See why 2000+ organizations globally have chosen eSentire for their MDR Solution.
Cybersecurity is not an IT problem to solve—it's a business risk to manage. In the Managing Cyber Risk podcast series, Mark Sangster, Vice President and Industry Security Strategist at eSentire, and Cybercrime Magazine’s Hillarie McClure lead conversations with cybersecurity experts, using the dollars-and-cents language of the C-suite to expose the issues, challenges and pitfalls which are often obscured by ones and zeroes.
Want to listen to the full episode instead? Click here.
“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”
It’s unlikely that Sun Tzu was writing about cybersecurity, but he might as well havße been.
Today’s adversaries are well-organized, well-funded, and well-equipped, and they operate as structured enterprises—leading Mark Sangster, VP Industry Security Strategy at eSentire, to describe them as the “Misfortune 500.”
Knowing your adversary is an essential element of cyber warfare, which is why Mark and Cybercrime Magazine’s Hillarie McClure spoke to Col. (Ret.) Timothy Evans, SVP, Co-Founder and Chief of Strategy at Adlumin.
During the conversation, they touched on a wide range of topics, such as common misconceptions about cyberattacks, today’s adversaries and their goals, how cyberattacks are conducted, and spotting them before it’s too late.
Early in the conversation, Mark and Tim touch on three dangerous, and stubbornly persistent, misconceptions:
“We’re not a target”: No matter how big, how small, how ‘boring’ or how well-defended your organization is, cybercriminals can and will target you.
“Most cyberattacks are obvious, only a fool would fall for them”: We’re all accustomed to receiving obvious spam emails, and that can trick us into a state of overconfidence. But cyberattacks against corporations are very different. Phishing emails are often personalized, and they increasingly make use of public and private information to look legitimate. Assuming that cyber threats are obvious only increases the odds that an attack against your company will be successful.
“Well, I guess there’s nothing we can do if a sophisticated cybercriminalattacker targets us”: This one is closely related to the after-the-fact outcry of “there were no signs”. But the truth is that cyberattacks aren’t instantaneous and there are always signs. Your cybersecurity team just needs to know what to look for and more importantly, they need to have the security operations capabilities to do so.
Businesses are finally understanding that today’s cyber threat actors aren’t rogue individuals, but run highly sophisticated operations with many of the same functions (e.g., recruitment, R&D, operations, and business development) as modern enterprises. What’s more, they operate in a mature ecosystem complete with specialty services, marketplaces, channel, and affiliate programs, and so on.
Prosecution for ransomware gangs remain relatively rare, often due to the cross-border nature of the cybercrime. In fact, Tim also noted that he’s seen evidence of ransomware operators installing and maintaining backdoors for possible use in a wartime scenario.
Learning how today’s adversaries operate and their psyche can significantly help your team understand the best way to protect your organization and mitigate your cyber risk.
Cybercriminals are after money—the rewards of a successful cyberattack are high, especially when threat actors introduce multiple revenue streams by combining ransomware attacks with stealing and selling valuable information.
Although adversaries are motivated by stealing a company’s intellectual property or proprietary data, disabling systems and services and making crucial information unavailable continues to generate impressive returns for ransomware operators. The average ransom across all industries reached $570,000 in the first half of 2021, an 83% increase over 2020.
Additionally, cybercriminals routinely use double- and triple-extortion tactics to compel the victim to pay to recover access to systems, prevent the publication of protected health information (PHI) and personally identifiable information (PII), and avoid the potential regulatory fines.
The fact remains, whether the victim pays the ransom or not, ransomware groups may still sell stolen data in cybercrime marketplaces given the specific benefits associated with different types of data:
Financial information is used to compromise bank accounts and commit wire transfer frauds
Employee information can be used for identity theft, to commit fraud, and to engage in longer, more complex operations like business email compromise (BEC) and highly targeted phishing scams
Patient information can be used to blackmail individuals—PHI, in particular, is regarded as being much more valuable than credit card information, with each record worth anywhere from $10 to $1,000
The broad stages of a cyberattack are standardized—initial access is gained, intrusion actions are performed, and then malware is detonated—but the specifics of execution differ.
While staying up to date with the latest tactics, techniques and procedures (TTPs) can be challenging since they’re always evolving, Mark suggests that the corrective action plans (CAPs) prepared by the Office for Civil Rights (OCR) in response to HIPAA violations are a good source. Although they don’t spell out the details, it’s usually straightforward to determine how an organization succumbed to a cyberattack.
Sophisticated threat actors will target your company sooner or later and they’re very adept at gaining access into your environment. But cyberattacks—particularly ransomware attacks—don’t happen instantaneously.
Once inside an environment, cybercriminals engage in ‘intrusion actions’ like domain reconnaissance, creating new accounts, finding backups, exfiltrating data, harvesting credentials, creating backdoors, and identifying the systems and services that should be targeted to inflict maximum pressure on the victim.
These activities take time, and they create Indicators of Compromise (IoCs) that are detectable with the right tools.
“You have to know every time an account is created, and you have to be able to verify that we created that account…which is really hard for large organizations,” Tim stressed.
To underscore the point, Mark shared an example of a recent breach of a healthcare delivery organization (HDO) in which an IT technician noticed some strange account creation and reached out to HR, who subsequently escalated the matter to the IT manager. Unfortunately, it was a long weekend, the IT manager was busy and decided to look at things on Monday—by which point ransomware had shut down the organization.
Similarly, user behavior analytics can recognize strange file transfers, lateral movements and other unusual activities, like a user suddenly running PowerShell for the first time.
Fortunately, organizations don’t have to wait until they’re under attack to recognize and address their own vulnerabilities. At a minimum, Tim recommends looking for compromised accounts on the dark web and using tools like Shodan to understand what cybercriminals see when they look at your network.
You can also adopt a more proactive, risk-based approach to cybersecurity that leverages a comprehensive vulnerability management program, Phishing and Security Awareness Training (PSAT), engaging an Managed Detection and Response (MDR) provider, to identify and contain cyber threats that bypassed existing defenses, and Incident Response (IR).
Doing the basics—strong passwords, multi-factor authentication, controlled and encrypted access, least privilege, and network segmentation—is essential and while these countermeasures might not stop cybercriminals outright, they can slow down adversaries and give you the opportunity to detect their presence.
In fact, Tim reiterates the importance of monitoring for the telltale signs of intrusion: “There are certain things that you absolutely need to monitor. If you’re an organization of CISOs, you have to put this at the top of your agenda. You need to know what you need to be monitoring.”
Listen to the full Learning from the Adversary episode of the Managing Cyber Risk podcast series as Mark Sangster and Hillarie McClure interview Col. (Ret.) Timothy Evans what we can learn from the adversary, the evolution of ransomware, and more.
eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization’s cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world’s most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit: www.esentire.com and follow @eSentire.