Combine cutting-edge XDR technology, multi-signal threat intelligence and 24/7 Elite Threat Hunters to help you build a world-class security operation.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Cyber risk and advisory programs that identify security gaps and build security strategies to address them.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
XDR with machine learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Seamless integration and threat investigation across your existing tech stack.
Proactive threat intelligence, original threat research and a world-class team of seasoned industry veterans.
Extend your team capabilities and prevent business disruption with expertise from eSentire.
We balance automated blocks with rapid human-led investigations to manage threats.
Guard endpoints by isolating and remediating threats to prevent lateral spread.
Defend brute force attacks, active intrusions and unauthorized scans.
Investigation and threat detection across multi-cloud or hybrid environments.
Remediate misconfigurations, vulnerabilities and policy violations.
Investigate and respond to compromised identities and insider threats.
Stop ransomware before it spreads.
Meet regulatory compliance mandates.
Detect and respond to zero-day exploits.
End misconfigurations and policy violations.
Defend third-party and supply chain risk.
Prevent disruption by outsourcing MDR.
Adopt a risk-based security approach.
Meet insurability requirements with MDR.
Protect your most sensitive data.
Build a proven security program.
Operationalize timely, accurate, and actionable cyber threat intelligence.
THE THREAT In recent weeks, eSentire’s Threat Response Unit (TRU) has traced numerous email account compromise cases to infrastructure hosted on several related hosting…
Dec 10, 2024THE THREATUpdate: Security patches to address this vulnerability were released by Cleo on December 12th. Organizations need to update to Cleo Harmony, VLTrader, and LexiCom versions…
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Multi-Signal MDR with 300+ technology integrations to support your existing investments.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
Three MDR package tiers are available based on per-user pricing and level of risk tolerance.
The latest security advisories, blogs, reports, industry publications and webinars published by TRU.
Compare eSentire to other Managed Detection and Response vendors to see how we stack up against the competition.
See why 2000+ organizations globally have chosen eSentire for their MDR Solution.
There are steps that organizations can take to prevent Trickbot infections. Regular security awareness training and promoting a culture of caution when it comes to email communications can help mitigate some human-error related risk.
Maintaining a consistent vulnerability and patch management program to ensure that none of your IT assets have critical known vulnerabilities that can be easily exploited by malware like Trickbot is another fundamental preventative step.
Confirming your antivirus and/or endpoint protection products are properly tuned and updated is important. Particularly in the case of Microsoft Windows Defender, confirming that tamper protection features are enabled can mitigate Trickbot’s ability to disable and bypass endpoint security measures.5
It is worth repeating that the sophisticated resources behind the development of malware like Trickbot are specifically designed to bypass common preventative measures, meaning today’s threat prevention strategies could be ineffective tomorrow. Furthermore, no amount of awareness training and security culture can change the fact that human error is inevitable. Prevention is ultimately an impossible task unless it is tied to a robust threat detection and response capability.
The programs are designed to identify blind spots and harden your posture against known threats. Services within include Phishing and Security Awareness Training, Technical Testing and Virtual CISO services.
Dedicated eSentire experts act as an extension of your team to execute timely scanning and tracking of known vulnerabilities among your IT assets.
In January 2020, an eSentire manufacturing customer was initially alerted to suspicious network activity, which prompted further investigation by analysts from eSentire’s Security Operations Center (SOC). Nine minutes later, a host was observed sending unusual outbound communications, at which point SOC analysts took action and placed TCP disruptions on both the internal host and the IP it was communicating with in order to halt the activity via eSentire MDR for Network. The host itself was isolated from the rest of the network as well via eSentire MDR for Endpoint. The SOC updated the customer with the latest development in the incident.
At this point, the threat appeared to be limited to a single compromised workstation with no observed indicators of compromise on the rest of the customer network. Furthermore, there was no risk of lateral movement with the host quarantined, which was fortunate because deeper forensic endpoint investigation revealed that the host was attempting to spread via the known EternalBlue exploit less than 20 minutes following the SOC’s actions to isolate the threat.
Trickbot was identified as the malware responsible for the activity with the initial infection traced back to human error from an employee who clicked on a link from a malspam email. Further investigation did reveal that a limited amount of the employee’s personal information (saved passwords and shipping address from a web browser auto-fill function) was exfiltrated before eSentire blocked the connection. We recommended to the customer that the end user change their passwords and their workstation be completely reimaged to ensure no traces of malware remained.
Swift investigation and response within less than 10 minutes of the initial threat detection was critical in containing this particular Trickbot incident. If reaction to the threat was slower by just 17 minutes, (a relative blink of an eye in the context of the typical workday in the average IT organization) there is a good chance this Trickbot infection would have been able to spread throughout the network. This underscores the speed security teams must operate at to stop advanced threats. Success is measured in seconds and minutes, but unfortunately, most organizations are lagging far behind with the mean time to contain a data breach at 73 days.6 Multi-signal Managed Detection and Response closes this gap for 1500+ customers with a 15 mean time to contain threats.
Security Primer TrickBot, Center for Internet Security: https://www.cisecurity.org/white-papers/security-primer-trickbot/
Stealthy TrickBot Malware Has Compromised 250 Million Email Accounts And Is Still Going Strong,Forbes: https://www.forbes.com/sites/leemathews/2019/07/14/stealthy-trickbotmalware-has-compromised-250-million-email-accounts-and-is-still-going-strong/#1976b2c74884
TrickBot, MITRE ATT&CK Framework: https://attack.mitre.org/software/S0266/
The Unholy Alliance of Emotet, TrickBot and the Ryuk Ransomware,Decipher:
https://duo.com/decipher/the-unholy-alliance-of-emotet-trickbot-and-the-ryuk-ransomware
We’re here to help! Submit your information and an eSentire representative will be in touch to help you build a more resilient security operation today.