Piers Morgan – GM Sales EMEA, eSentire and Amit Kumar, Managing Director, MMA InfoSec, speak to Anita Joseph, Editor, Security Advisor Middle East, about tapping into the potential of MDR in the region and the partnership between both companies for a comprehensive and cutting-edge approach to risk.
What’s the role of MMA Infosec in harnessing the potential of MDR?
Amit: According to Gartner, “security and risk management leaders responsible for security operations should use MDR services to obtain 24/7, remotely delivered modern security operations centre capabilities when there are no existing internal capabilities, or when the organisation needs to accelerate or augment existing security operations capabilities.”
MMA Infosec, with its partnership with eSentire is at the heart of it. With many years of experience in the cyber security & IT industry, the team at MMA Infosec is well equipped in addressing the agile needs of customers today & helping them plan better for tomorrow. MDR is the future indeed and with our perseverance, our aim is to educate customers to be ready for embracing this technology well in advance with their trusted MDR providers, MMA Infosec.
Can you outline MMA’s plans for 2022?
Our aim is to be a $2 million company by end of 2022 by not just adding value for more & more customers across all industries, but also adding niche vendors to our portfolio, with eSentire at the heart of it. Customer retention & customer success are two important values that will fuel this growth, of course, in pursuit of excellence.
Please tell us about the growth and business outlook for eSentire
Piers: Initially, eSentire’s Managed Detection and Response (MDR) business was developed in North America. However, we are currently scaling at 100%+ growth Quarter over Quarter across the UK, EMEA, and the rest of the world, including Asia Pacific and the UAE region specifically. Between eSentire’s MDR business and our new Emergency Incident Response and Digital Forensics services, which makes a 4-hour, remote threat suppression SLA available to organizations globally, eSentire will surpass $100M in Annual Recurring Revenue (ARR) this fiscal year. That’s not all: eSentire protects the critical data and applications of over 1000 customers, in over 70 countries globally. We also have 2 global 24/7 Security Operation Centers (SOCs) operating in Cork Ireland, and Waterloo Canada and we ingest over 20M security signals daily and blocks 3M cyberthreats automatically with our Extended Detection and Response (XDR) platform—Atlas. eSentire’s has a Mean Time to Contain threats of 15 minutes.
What type of commitment will we see from eSentire to the UAE region?
Piers: Partners like MMA Infosec are a critical component of our go- to- market motion. Our partners are an extension of our internal team. MMA InfoSec’s customers look to them as their trusted security advisor. And combining our market-leading MDR services and MMA InfoSec’s proven security solutions, we are able to protect MMA’s customers’ from business-disrupting attacks.
.eSentireworks with the top ISVs in the industry.
As a Microsoft Microsoft Gold Security Partner, eSentire’s MDR services are fully integrated with the Microsoft 365 Defender and Azure Defender Product Suites providing Microsoft customers with 24/7 Threat Detection, Containment and Response
eSentire has been awarded the AWS Level 1 Managed Security Service Provider Competency Status
eSentire has integrated its MDR services with top ISVs including CrowdStrike, Carbon Black, Sumo Logic and Tenable, so our partners have the industry’s best security services available to offer to their customers. eSentire has built its MDR Services to that they are easy to implement and can scale when needed so our partners can protect all size customers, no matter if they are large enterprises or small and mid-size organisations.
What are some of the top cyber threats eSentire is tracking and disrupting on behalf of its global customers:
Piers: Ransomware-as-a-Service – The Balto-Slavic Cybercrime Culture has produced dozens of ransomware groups; however, distinction between them is blurry. You often hear “this threat group has associated with that group, who has associations with this threat group, who has associations with that threat group”. The highly connected nature of Balt-Slavic Cybercrime Culture is an indicator of an evolved cybercrime market. This market specialized in performing and monetizing intrusions, largely through various means of extortion. Ransomware, data theft, and reputation damage are the primary leverage points that these groups apply to their victims. eSentire has been tracking the top ransomware groups since the Fall of 2020, including such infamous groups as REvil/Sodinokibi (disrupted by law enforcement), DarkSide/Black Matter (ceased operations currently), Clop (disrupted by law enforcement) , Conti/Ryuk (one of the leading ransomware groups that continues to operate—has shifted from targeting critical infrastructure organisations in the U.S. to targets in the U.K., Europe, Canada and South America. Some of the top sectors targeted by ransomware threat groups is healthcare, municipalities, manufacturing, organisations serving in critical infrastructure sectors and law firms.
Business Email Compromise – Business Email Compromise (BEC) leverages partnership trust through email communications. In many of the current BEC incidents, many times the attack originates from an email from a business partner. It was often found that the business partner had themselves been the victim of remote exploitation on their Exchange server, and the business partner’s email credentials have been hijacked by the threat actors. This BEC-based approach allows threat actors to bypass email filters and user awareness, given the trusted nature of the business relationship. The lesson here is that even the compromise of one of your partners can provide an initial access vector into your organization.
Remote exploits of vulnerable software applications or tools (Kaseya, SolarWinds)– Used by both financially-motivated cybercriminals and nation-states, remote exploitation is increasingly becoming a regular risk to organisations. As a distributed work force adapts to pandemic policy, organisations are adding more software to their stack. With more software comes more vulnerabilities, and visibility gaps start to form. Meanwhile, the cybercrime market is differentiating and specialists are emerging. Some of these specialists focus on developing exploits and the discovery of zero-day vulnerabilities. In 2021, we have reached an all-time high of 66 zero-day attacks – over double that of previous years. Detecting zero-days is hard – sometimes impossible. But with endpoint monitoring in place, your chance of catching the actions immediately following exploitation are greatly increased, especially if your security defenders are actively developing your rule set for escalating endpoint alerts.