23 Jun eSentire Disrupts IR With 4-hour Remote Threat Suppression

CyFIR acquisition extends government-grade forensics to global customer base

– David Braue

Melbourne, Australia – Jun. 23, 2021

In the race to respond to a cybersecurity incident, time is of the essence — and cybercriminals can do a lot of damage in the 24-hour service level agreement (SLA) window within most incident response firms’ promise to start working on your breach.

Mustering the resources to coordinate the response does take time, but with careful planning and global support — thanks to the normalization of remote working — managed detection and response (MDR) firm eSentire has gone one further by shortening its SLA guarantee to just four hours.

It’s a “truly disruptive” play, chief marketing officer Erin McLean told Cybercrime Magazine, that has been facilitated by the company’s recent acquisition of CyFIR, a digital-forensics company with a portfolio of digital security risk-management tools complementing eSentire’s own Atlas XDR platform.

Cybercrime Radio: Erin McLean, CMO at eSentire

Disrupting incident response

Bringing together the tools will, eSentire said, help the company virtually search and evaluate data across enterprise environments for its incident response (IR) retainer customers anywhere in the world — backed with a four-hour threat-suppression guarantee designed to limit customers’ exposure to cybercriminal disruption.

“Many companies out there offer 24 hours support for boots-on-the-ground,” McLean said, “but we’re taking our response capabilities deeper into the incident response lifecycle, helping organizations prepare for a breach or respond to a breach if they’re already been hit.”

Pandemic-era support

Guaranteeing a four-hour response would have been impossible in the past since most companies have historically kicked off their response by sending incident commanders and incident responders onsite at the customer premises.

Yet the COVID-19 pandemic was instrumental in turning this model on its head, McLean explained: since managed providers can no longer send anybody anywhere, the shift to remote-access over the past year has helped the company pivot to offer a much faster response.

During the pandemic “we all learned and were able to adapt to doing incident IR and forensic investigations remotely,” McLean explained, “but we are taking this a step further by leaning into our people-powered approach and leveraging our 24×7 SOC.”

That response is being complemented with “truly innovative and advanced technologies in network sensors and endpoint tools,” she said, “that are letting us have that remote access to customer sites.”

“Between our people-powered expertise and our incredible tooling, we are able to make four-hour threat suppression possible for those IR customers on a global scale. We want to limit any kind of reputational risk, limit the damage, and just get them back up and running as quickly as possible.”

As one of the key steps in an incident response, threat suppression is both functionally important — containing a breach, isolating the host and remediating the cybercriminal activity — and a critical first step in helping the response team understand what degree of digital forensics, evidence handling, chain-of-custody and other issues must be addressed as part of the larger response.

The addition of CyFIR’s IR and digital-forensics capabilities — which will soon be integrated into eSentire’s Cyber Investigations Portfolio — is yet another quiver in eSentire’s bow, McLean said, noting that CyFIR is one of just two companies certified to handle federal incident response under the DHS Cyber Hunt and Incident Response Teams (HIRT) Act.

CyFIR “is doing some incredible work with sensors and endpoint technology to facilitate remote access for incident response and digital forensics,” she explained.

“When we combine that technology with our overall security operations leadership, it’s really unmatched in terms of our capability to offer speed of response and complete IR lifecycle support.”

eSentire’s push to shake up the market with four-hour response will segue into plans to expand the company’s operations and capabilities throughout the coming year, with new partnerships, new services, and new leadership across the EMEA and APAC regions.

“We’ve evolved the way that our customer success team operates with customers,” McLean said, “and we’re prioritizing the role of a cyber risk advisor to really reduce the risk and drive security outcomes that all of our customers can expect.”

“It’s a really exciting time.”

– David Braue is an award-winning technology writer based in Melbourne, Australia.

Go here to read all of David’s Cybercrime Magazine articles.