Combine cutting-edge XDR technology, multi-signal threat intelligence and 24/7 Elite Threat Hunters to help you build a world-class security operation.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Cyber risk and advisory programs that identify security gaps and build security strategies to address them.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
XDR with machine learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Seamless integration and threat investigation across your existing tech stack.
Proactive threat intelligence, original threat research and a world-class team of seasoned industry veterans.
Extend your team capabilities and prevent business disruption with expertise from eSentire.
We balance automated blocks with rapid human-led investigations to manage threats.
Guard endpoints by isolating and remediating threats to prevent lateral spread.
Defend brute force attacks, active intrusions and unauthorized scans.
Investigation and threat detection across multi-cloud or hybrid environments.
Remediate misconfigurations, vulnerabilities and policy violations.
Investigate and respond to compromised identities and insider threats.
Stop ransomware before it spreads.
Meet regulatory compliance mandates.
Detect and respond to zero-day exploits.
End misconfigurations and policy violations.
Defend third-party and supply chain risk.
Prevent disruption by outsourcing MDR.
Adopt a risk-based security approach.
Meet insurability requirements with MDR.
Protect your most sensitive data.
Build a proven security program.
Operationalize timely, accurate, and actionable cyber threat intelligence.
THE THREAT In recent weeks, eSentire’s Threat Response Unit (TRU) has traced numerous email account compromise cases to infrastructure hosted on several related hosting…
Dec 10, 2024THE THREATUpdate: Security patches to address this vulnerability were released by Cleo on December 12th. Organizations need to update to Cleo Harmony, VLTrader, and LexiCom versions…
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Multi-Signal MDR with 300+ technology integrations to support your existing investments.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
Three MDR package tiers are available based on per-user pricing and level of risk tolerance.
The latest security advisories, blogs, reports, industry publications and webinars published by TRU.
Compare eSentire to other Managed Detection and Response vendors to see how we stack up against the competition.
See why 2000+ organizations globally have chosen eSentire for their MDR Solution.
One of the more disturbing things about a pandemic is the sense of helplessness it creates. Even when we ourselves are not getting sick, isolation and social distancing leave us unable to escape the seriousness of the situation. We find ourselves sitting and worrying when normally we would be out and about, and all we hear are further stories about how this situation is overtaking society - steadily climbing numbers of infected, with more and more extreme measures being taken to try and contain the disease. We know that by isolating we are contributing to making things better in the long run, but actively doing nothing doesn’t feel like we are actively doing anything to help the situation.
As a cybersecurity professional, I am fortunate enough to be working in an industry where it is at least possible to do much of my work remotely. In light of the situation, I wanted to reflect on the meaning of that work, and do something to share what the pandemic looks like from our vantage point. My hope is that this work may help you better understand how cybersecurity can manifest effects and impacts in the real world and the role it can play in protection of your business and clients.
At eSentire, we offer Managed Detection and Response (MDR). Essentially, we monitor for threats that get through automated defenses and then step in to neutralize and contain them. Many of the clients we protect are organizations on the front lines of the battle against COVID-19 today, or delivering critical infrastructure to them. In the background somewhere, our work is helping keep hospitals and medical research labs online, protecting them and critical services they need from cybersecurity attacks that could disrupt or shut them down.
To illustrate visually, the data studio display below shows some of the security incidents we’ve seen from critical service sectors that eSentire MDR has protected over the last year. The various interactive toggles allow drilling down and exploring meta data on real security incidents that have occurred over the period of the pandemic. Keep in mind, to keep these clients anonymized we’ve changed a few things [1]. Using this dashboard, you can drill down and interact with examples of real security incidents that have targeted healthcare services, medical research and critical infrastructure during this pandemic and see what we step in to prevent.
Exploit Attempts | By far, the most frequent type of attack we’ve observed is also the least significant - exploits coming through perimeter security and touching briefly on internal systems. Mostly, this is just background noise of the internet being let through a hole in the perimeter (often one intentionally made in the interests of availability), but we’re working to identify the known bad and act as a second line of active defense where clients have left gaps in their firewalls for whatever reason. |
Suspicious Activity | The next most frequent type of incident we’ve seen is Suspicious Activity, which is when our Security Operations Center (SOC) investigations picked up something out of the ordinary that needed to be raised for additional investigation. These are usually benign, but a fair number of potentially serious problems are caught here and some preventable disasters averted. |
Dangerous Incidents | Our continual investigations also regularly hit upon smaller numbers of other real, serious attacks in progress: events where someone is trying to brute force their way into sensitive systems, scam people into giving up their passwords, or deploying malicious code like ransomware or other payloads onto hospital systems. Our objective here is to contain and disrupt such incursions as we see them before the attacker can expand their toehold into a position where they can threaten to take an entire hospital or infrastructure system offline, and keep the cleanup to a manageable level for on-site IT. |
In cybersecurity, these sorts of situations going undetected until it’s too late are the things we worry about constantly - imagine an already overloaded hospital in the middle of a pandemic suddenly losing computer powered diagnostic machines, test results, patient records, access to research - or even just the software helping with the logistics of organizing doctors to best effect. Today, that nightmare is an ever present possibility and we are all too often finding ourselves as the last line of defense in preventing it. After all, for some attackers, events today are being seen just as an opportunity - who wouldn’t pay up on a ransom if it keeps a hospital’s doors open during a pandemic?
Feel free to use this dashboard to look out on the fight against covid from our vantage point as events develop and get a sense for how we are working to help keep hospitals and infrastructure open and online during this emergency. If you drag over the pandemic timeline at the top, you can restrict the view to just a specific timeline (this will also resize and/or limit the dots shown based on activity), or you can drill down and explore on other properties by interacting with the map, pie charts, and tables.
At the end of the day, cybersecurity is helping to play its part in supporting reliable access to healthcare technologies. And when I consider that doctors and hospitals need those tools as they steer us through this pandemic, the knowledge that what we do helps allow them to focus on what matters makes me feel less helpless in this isolation.
References:
[1] We’ve aggregated and altered things here slightly to avoid disclosing anything that could be used to identify our clients or help attackers: the actual locations attacked are moved and fuzzed to geolocations hundreds of miles away, the data is a cross section rather than a complete set, and we’re not disclosing any specifics about any of the incidents beyond a loose classification of what happened (and only after we've fully handled it)
eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization’s cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world’s most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit: www.esentire.com and follow @eSentire.