Combine cutting-edge XDR technology, multi-signal threat intelligence and 24/7 Elite Threat Hunters to help you build a world-class security operation.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Cyber risk and advisory programs that identify security gaps and build security strategies to address them.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
XDR with machine learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Seamless integration and threat investigation across your existing tech stack.
Proactive threat intelligence, original threat research and a world-class team of seasoned industry veterans.
Extend your team capabilities and prevent business disruption with expertise from eSentire.
We balance automated blocks with rapid human-led investigations to manage threats.
Guard endpoints by isolating and remediating threats to prevent lateral spread.
Defend brute force attacks, active intrusions and unauthorized scans.
Investigation and threat detection across multi-cloud or hybrid environments.
Remediate misconfigurations, vulnerabilities and policy violations.
Investigate and respond to compromised identities and insider threats.
Stop ransomware before it spreads.
Meet regulatory compliance mandates.
Detect and respond to zero-day exploits.
End misconfigurations and policy violations.
Defend third-party and supply chain risk.
Prevent disruption by outsourcing MDR.
Adopt a risk-based security approach.
Meet insurability requirements with MDR.
Protect your most sensitive data.
Build a proven security program.
Operationalize timely, accurate, and actionable cyber threat intelligence.
THE THREAT In recent weeks, eSentire’s Threat Response Unit (TRU) has traced numerous email account compromise cases to infrastructure hosted on several related hosting…
Dec 10, 2024THE THREATUpdate: Security patches to address this vulnerability were released by Cleo on December 12th. Organizations need to update to Cleo Harmony, VLTrader, and LexiCom versions…
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Multi-Signal MDR with 300+ technology integrations to support your existing investments.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
Three MDR package tiers are available based on per-user pricing and level of risk tolerance.
The latest security advisories, blogs, reports, industry publications and webinars published by TRU.
Compare eSentire to other Managed Detection and Response vendors to see how we stack up against the competition.
See why 2000+ organizations globally have chosen eSentire for their MDR Solution.
You’ve probably heard of phishing (and the damage its wreaking worldwide), but have you heard of whaling? In this blog, we discuss everything you need to know about whaling and how it can impact you.
Simply put, whaling is the targeted phishing of high value clients, such as executives or C-level employees, with access to sensitive information.
With regular phishing emails, cybercriminals will cast a wide net hoping to catch anyone, or anything, with no specific goal in mind. These phishing emails are typically easier to spot because they’re less professional, and consequently look more suspicious.
Whaling, on the other hand, is highly customized and personalized. Whaling attempts often include the target’s name and job title, as well as any other relevant information that will help prove credibility.
A whaling email will look like it’s coming from an authority figure or someone you work with and will usually be marked critical or urgent. Attackers are looking to garner a quick reaction from their target, so the content will include a request to perform a task that is typical for the target, such as reviewing a document, approving a wire transfer or installing software.
Much like regular phishing attacks, whaling is on the rise. Of course, whaling is uniquely popular because of the huge rewards that can be gained from a successful attack. These rewards typically come in the form of a quick and sizable payout, or access to a company’s internal network and highly-privileged information.
According to a recent report from PhishMe, 91% of cyberattacks start with a phishing email.[1] As individuals become more aware of phishing attempts, cybercriminals become more creative, which is likely why phishing and whaling remain consistently effective. It is important that individuals stay one step ahead of their attackers and pay close attention to any trends.
eSentire runs simulated phishing campaigns for companies to help employees prepare for inevitable real-world phishing and whaling attacks. These phishing tests are sent company wide with the intent of tricking users into opening a malicious document or clicking a link and entering credentials into a fake website.
The campaign will track the number of people who viewed the email, opened attachments or clicked on any links. These tests help companies understand the security awareness of their employees and the vulnerabilities they face. Employers can then use this information to assess the training needs of their employees and provide that training.
These tests allow us to see how many people on average are susceptible to phishing attempts, and more specifically, which types of phishing emails perform best, thus indicating how dangerous they could be in a real-world setting. Clients are often very surprised to see how many of their employees click on malicious links and enter credentials into a spoofed website.
Of the tests run in 2016, we discovered an average open rate of 20% (that’s 1 in 5!) and a click rate of 18%.
These tests demonstrate that phishing is still a relatively successful way to gather confidential information. No matter how prepared employees seem to think they are, there are still always people that fall for the tests.
Executives can protect themselves in the same way employees should. When you, as an employee (C-suite or otherwise), receive an email instructing you to perform an action—especially anything to do with money or software installation—you should start by verifying that the sender of the email is legitimate. The quickest way to do this is to give the sender a phone call to confirm that they sent both the email and request. If possible, avoid responding to the email—if the email account has been compromised, the attacker can provide false verification.
Secondly, always verify any link before clicking on it. If you’re ever instructed to go to a specific website, open a browser instead and find the actual site through a search engine, or manually enter the correct URL. Similarly, if you receive an unexpected document, be very cautious about opening it and never enable or authorize executable code (like macros).
Finally, if you suspect a phishing email, immediately report it to your company’s security team. This holds true even if you already fell for the attack. You’re not expected to be invincible, but the quicker your security team learns about the situation, the more likely it is that they can limit or reduce any damage.
When it comes to cybersecurity, everyone is at risk. The best way to avoid falling for a phishing/whaling attack is constant diligence. Don’t take unnecessary risks online and consider your actions carefully before committing them. If you are in a position of leadership at your company, your responsibility is two-fold: protect the highly-confidential data you have access to and set a good example for the people reporting to you. The phishers are out there; don’t let them catch a whale.