Combine cutting-edge XDR technology, multi-signal threat intelligence and 24/7 Elite Threat Hunters to help you build a world-class security operation.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Cyber risk and advisory programs that identify security gaps and build security strategies to address them.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
XDR with machine learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Seamless integration and threat investigation across your existing tech stack.
Proactive threat intelligence, original threat research and a world-class team of seasoned industry veterans.
Extend your team capabilities and prevent business disruption with expertise from eSentire.
We balance automated blocks with rapid human-led investigations to manage threats.
Guard endpoints by isolating and remediating threats to prevent lateral spread.
Defend brute force attacks, active intrusions and unauthorized scans.
Investigation and threat detection across multi-cloud or hybrid environments.
Remediate misconfigurations, vulnerabilities and policy violations.
Investigate and respond to compromised identities and insider threats.
Stop ransomware before it spreads.
Meet regulatory compliance mandates.
Detect and respond to zero-day exploits.
End misconfigurations and policy violations.
Defend third-party and supply chain risk.
Prevent disruption by outsourcing MDR.
Adopt a risk-based security approach.
Meet insurability requirements with MDR.
Protect your most sensitive data.
Build a proven security program.
Operationalize timely, accurate, and actionable cyber threat intelligence.
THE THREAT In recent weeks, eSentire’s Threat Response Unit (TRU) has traced numerous email account compromise cases to infrastructure hosted on several related hosting…
Dec 10, 2024THE THREATUpdate: Security patches to address this vulnerability were released by Cleo on December 12th. Organizations need to update to Cleo Harmony, VLTrader, and LexiCom versions…
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Multi-Signal MDR with 300+ technology integrations to support your existing investments.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
Three MDR package tiers are available based on per-user pricing and level of risk tolerance.
The latest security advisories, blogs, reports, industry publications and webinars published by TRU.
Compare eSentire to other Managed Detection and Response vendors to see how we stack up against the competition.
See why 2000+ organizations globally have chosen eSentire for their MDR Solution.
2022 has been a particularly challenging year for security leaders and practitioners alike. Although cyber threats like ransomware and zero-day attacks have always been present, the ongoing conflict between Russia and Ukraine has shined a spotlight on the impact that nation state-sponsored attackers can have on our critical infrastructure.
No matter how small or large your organization is, nation state hackers pose a very real threat. What’s more, many of these groups understand that there is incredible value in targeting smaller, local organizations, especially those within critical infrastructure. As these highly targeted cyberattacks continue to happen, we, as an industry, must ask ourselves: “How prepared is my organization really?”
Recently, I had the unique experience of visiting the White House courtesy of eSentire’s CEO, Kerry Bailey. We were invited to discuss our commitment to fight this emerging wave of cybercrime with Amit Mital, the Special Assistant to the President & Senior Director of Cybersecurity. This opportunity was particularly special for me considering my own professional experience with the Canadian Federal government and the fact that Amit Mital was a Board Member for eSentire prior to his role at the White House.
The visit itself was nothing short of incredible, but more importantly, it allowed me to put some real thought to where the cybersecurity industry is heading, and what security leaders need to get right to protect their organizations.
As an industry, we must collaborate closely with the federal government to adequately deal with the cyber threats and risks posed by state-sponsored cybercriminals. Ransomware groups are continuing to target organizations in North America, and that means that organizations are going to need to make sizeable investments in dedicated cybersecurity teams and arming them with the right tools and threat detection capabilities, not just IT teams doing cybersecurity on the side.
We are more than capable of conducting the necessary blue teaming necessary to protect organizations (assuming budget availability) and articulate the business risk to demonstrate the potential financial impact to the organization.
CISOs who can demonstrate the financial consequences of a cyberattack and business downtime to their executive teams are more than likely going to get the budget required to prevent business disruption and protect their customers’ sensitive data.
Cyberattacks launched by state-sponsored actors pose a significant challenge for the government because these attacks can be viewed as acts of war. However, many business leaders, who are beholden to their shareholders, don’t share the same perspective. They will always prioritize business continuity over determining the who, what, why, and how of any cyberattacks. As a result, CISOs are caught in the middle because their priority is getting their network and systems online after eliminating the threat so that they can return to business operations as quickly as possible. The geostrategic consequences are not in the CISO’s purview.
The challenge here is determining ‘true attribution’ and the collection of Digital Forensics and Incident Response data to support attribution. In Threat Intelligence, we are often asked to provide an analysis of the threat actor(s) responsible for an attack. But this is challenging given the ability of one threat actor group to pose as another.
A great example is the 2018 Pyeongchang Olympics – initial assessments indicated that North Korean operators were responsible for the cyberattack that crippled the Olympics IT infrastructure. However, it was later determined that the likely culprit was ‘Sandworm Team’, a Russian Advanced Persistent Threat (APT).
There are three criterial we can use to gain true attribution for any cyberattack:
The highest form of attribution is generally understood as Adversary Admission, and we typically want at least two of the above criteria before being almost certain in our attribution (e.g., Intrusion Analysis + Leak OR Leak + Adversary Admission).
The information collected during a Digital Forensics engagement is what supports Intrusion Analysis, but unfortunately, security leaders who are only concerned about business continuity typically remain unconcerned with these additional details.
Unfortunately, nation-state adversaries have, and will continue to use our data against us, to manipulate our perceptions of reality, deny critical infrastructure, and steal our intellectual property so their organizations can prosper. Remember – the adversaries disrupting our society are no longer kids in their parents’ basement trying to figure out how to access servers and manipulate websites merely out of curiosity.
I think all organizations are going to be challenged over the next period as we continue to shore up our defenses from state sponsored threats. The most successful organizations will be those that have CISOs who are able to explain the financial risk associated with the potential damages of a cyberattack.
I do personally believe that the Canadian and U.S. federal governments are doing their part to create a more cyber resilient society. However, there should be more transparency and collaboration from the respective Federal governments with respect to attribution and the implications of these cyberattacks against our society.
To learn how eSentire can help put your business ahead of disruption and build a robust security operation, book a meeting with one of our cybersecurity specialists now.
As Director, Threat Intelligence, Ryan is responsible for demystifying the Threat Landscape for eSentire's Threat Response Unit. His goal is to detect, and respond to threats before they become risks to eSentire's client base.
Prior to eSentire, Ryan spent three years in Big 4 Consulting, helping build, develop, and establish a Threat Intelligence & Analytics team. Prior to Big 4 Consulting, Ryan was a member of Canada's Federal Public Service for over 5 years, employed by Public Safety Canada in Policy, and in the Canadian Armed Forces working in a variety of roles including Influence Activities and Civil Military Cooperation.
Ryan holds a BA in Political Science & History from Wilfrid Laurier University, a MSc in Counter-Terrorism from the University of Central Lancashire, a Master's degree from the University of Waterloo, and is a GIAC Certified Cyber Threat Intelligence Analyst.