Combine cutting-edge XDR technology, multi-signal threat intelligence and 24/7 Elite Threat Hunters to help you build a world-class security operation.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Cyber risk and advisory programs that identify security gaps and build security strategies to address them.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
XDR with machine learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Seamless integration and threat investigation across your existing tech stack.
Proactive threat intelligence, original threat research and a world-class team of seasoned industry veterans.
Extend your team capabilities and prevent business disruption with expertise from eSentire.
We balance automated blocks with rapid human-led investigations to manage threats.
Guard endpoints by isolating and remediating threats to prevent lateral spread.
Defend brute force attacks, active intrusions and unauthorized scans.
Investigation and threat detection across multi-cloud or hybrid environments.
Remediate misconfigurations, vulnerabilities and policy violations.
Investigate and respond to compromised identities and insider threats.
Stop ransomware before it spreads.
Meet regulatory compliance mandates.
Detect and respond to zero-day exploits.
End misconfigurations and policy violations.
Defend third-party and supply chain risk.
Prevent disruption by outsourcing MDR.
Adopt a risk-based security approach.
Meet insurability requirements with MDR.
Protect your most sensitive data.
Build a proven security program.
Operationalize timely, accurate, and actionable cyber threat intelligence.
THE THREAT On November 18th, 2024, Palo Alto disclosed a critical actively exploited authentication bypass zero-day vulnerability impacting Palo Alto Networks PAN-OS. The…
Nov 13, 2024THE THREAT Update: eSentire has observed multiple exploitation attempts targeting CVE-2024-8069. In real-world attacks, threat actors successfully achieved RCE and attempted to…
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Multi-Signal MDR with 300+ technology integrations to support your existing investments.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
Three MDR package tiers are available based on per-user pricing and level of risk tolerance.
The latest security advisories, blogs, reports, industry publications and webinars published by TRU.
Compare eSentire to other Managed Detection and Response vendors to see how we stack up against the competition.
See why 2000+ organizations globally have chosen eSentire for their MDR Solution.
Cyberattacks may seem like relatively minor inconveniences to the average consumer. The reality is that such attacks have a significant, broad cost.
How vulnerable is Canada to cyberattacks, including highly disruptive and damaging ransomware? The short answer is very. The past few months paint a troubling picture.
In November 2022, a major Canadian grocer, Sobeys, was hit with ransomware. The company’s owner, Empire Company, did not confirm either the extent of the incident or its root cause, issuing just one news release at the time of the attack. But judging from publicly available reporting, it appears the incident impacted Sobeys’ business network, including its ability to fill prescriptions and process credit card payments. Almost certainly, the $25 million cost of recovering those systems will be passed on to consumers at a time when inflation has already vastly increased the cost of living. A few weeks after the Sobeys incident, on December 18, cybercriminals struck again, hitting The Hospital for Sick Children (SickKids) in Toronto. This ransomware incident impacted several network systems, resulting in SickKids calling a Code Grey — a system failure — that lasted for weeks while the hospital rebuilt its systems. Then in January 2023, the LCBO (Liquor Control Board of Ontario) was hit with malware designed to harvest individuals’ financial information. Most recently, Canada’s largest bookstore chain, Indigo Books & Music, was breached, halting all website transactions for weeks.
Incidents such as these may seem like mild inconveniences to the average consumer. But the reality is that such attacks have a significant cost to the Canadian economy. In 2021, cyber-enabled fraud resulted in losses of $379 million. That year, there were 235 known ransomware attacks against Canadian industry, each with an average cost of $6.35 million. In 2022, the Waterloo, Ontario-based cybersecurity firm for which I work, eSentire, conducted research on what is commonly known as the “dark web,” which is accessed via software called Tor. We reviewed ransomware name-and-shame sites and identified 232 Canadian companies that had been victims of ransomware attacks; most were launched by Russian-based ransomware gangs.
And these figures only include the attacks we know about, where the company’s information ended up on the dark web. Ransomware gangs extort their victims through a variety of methods, including by sharing the breached company’s information over the dark web. Because some companies pay ransoms to have their systems restored, the actual number of victims is not known. In fact, in a look at the impact of cybercrime in 2021, Statistics Canada estimated 90 percent of such crimes go unreported. The reputational loss organizations can suffer following an attack also can have crippling consequences.
There’s a national security aspect to this, as well. Government agencies across the country at the federal, provincial/territorial and municipal levels are struggling to protect their own networks and information technology (IT) infrastructure.
The problem is by no means new. For decades, cybersecurity has been a challenge. Important Canadian businesses have been destroyed by cyberattacks that resulted in data breaches, as happened with Nortel. It is widely believed that Chinese hackers breached Nortel Networks in 2000 and went undiscovered until 2004. The hackers stole technical papers, research and development reports, business plans, employee emails and other documents. At its height, the now defunct Canadian tech company employed 90,000 people and had a market value of about $250 billion (equivalent to $367 billion today), and accounted for more than 35 percent of Canada’s benchmark stock market index, the TSE 300.
Inadequate cybersecurity protections clearly put companies at incredible risk. Yet doing cybersecurity right also comes at a cost. For many Canadian businesses, the financial hurdle is high. But it’s not nearly as high as that of a cybersecurity incident that results in business downtime.
The human challenge is further intensified by a continuing cybersecurity skills shortage, organizations’ struggle to retain what cybersecurity skills they have, and the personnel costs of building in-house security programs. These challenges, piled onto already overburdened IT departments, mean more damaging breaches to come unless something is done.
There are solutions, and they are achievable for Canadian organizations. For starters, the federal government needs to look at updating the now decade-old cross-industry minimum standard for cybersecurity programs. We need a new national policy on cybersecurity. Bill C-26, which has passed second reading in the House of Commons, is a start. But the legislation does not identify ways to support organizations that simply cannot afford to build out these programs in-house.
What should the revised standard look like? I argue that it should mandate six controls.
Token-based multi-factor authentication is the most secure multi-factor authentication available. It mitigates risk with respect to what is referred to as SIM swapping, or SIM hijacking, which occurs when attackers take control of your mobile number.
In such cases, the attacker tricks your telecommunications provider into transferring your number to their mobile device. They then use your phone number to access other online accounts that belong to you. By using token-based multi-factor authentication, you remove the ability for a hacker to intercept a two-factor authentication code sent in a phone call, email or text.
A vulnerability management program
A vulnerability management program searches for vulnerabilities in an organization’s network and takes steps to mitigate and patch those vulnerabilities so that threat actors have fewer opportunities to exploit your organization.
Endpoint detection software
Endpoint detection software is designed to monitor for abnormal behaviour and allows cybersecurity professionals to immediately respond to intrusions such as an employee’s click on phishing emails. By reducing the amount of time a threat actor lurks in your network undetected, you greatly increase your chances of preventing a catastrophic outage from ransomware, or the theft of intellectual property.
24/7 monitoring of corporate networks
Endpoint detection and response software should then be leveraged by a trusted third party. For rapidly scaled defences, this software offers the most logical and feasible solution. Very simply, hackers are working around the clock, 365 days a year. Every organization needs 24-7 managed detection and response monitoring of its corporate network to enable it to investigate and respond to cyber incidents in real time.
Incident response plans
Finally, if the worst does happen, and all your controls fail, and bad actors get in and burn your network to the ground, you must have two things: an incident response plan and data backups. An incident response plan will help you bring your business back from the brink.
Data backups
Data backups will allow you to recover at least some of the information that has been destroyed.
While there are dozens more ways to reduce risk, these six controls have the greatest return on investment. They are also financially within reach of most digitally enabled businesses.
These updates would drastically improve our collective defence from malicious state and non-state threat actors and ensure this country’s data, intellectual property and businesses are better protected from increasingly aggressive adversaries. This would also better protect our sovereignty and ensure Canada is safe to conduct digital business. As mentioned, Bill C-26 is a start. But it should point to more explicit standards.
Originally published on cigionline.org
As Sr. Manager, Threat Intelligence, Ryan is responsible for demystifying the Threat Landscape for eSentire's Threat Response Unit. His goal is to detect, and respond to threats before they become risks to eSentire's client base.
Prior to eSentire, Ryan spent three years in Big 4 Consulting, helping build, develop, and establish a Threat Intelligence & Analytics team. Prior to Big 4 Consulting, Ryan was a member of Canada's Federal Public Service for over 5 years, employed by Public Safety Canada in Policy, and in the Canadian Armed Forces working in a variety of roles including Influence Activities and Civil Military Cooperation.
Ryan holds a BA in Political Science & History from Wilfrid Laurier University, a MSc in Counter-Terrorism from the University of Central Lancashire, a Master's degree from the University of Waterloo, and is a GIAC Certified Cyber Threat Intelligence Analyst.