THREAT RESPONSE UNIT

Prevent the Most Advanced Cyberattacks from Ever Breaking Through

Stay ahead of sophisticated known and unknown cyber threats with proactive threat intelligence, original threat research, and a world-class team of seasoned industry veterans.

GET STARTED
GET STARTED
×
 

Reclaim the Advantage Over Sophisticated Cybercriminals with Expert Threat Response

Modern threat response requires the ability to collect unstructured data from disparate sources associated with attacker tactics, techniques, and procedures (TTPs) and operationalize global protections – all in a timely manner.

Unfortunately, many in-house security teams don’t have the bandwidth or expertise to perform proactive threat hunting, conduct original threat research, and develop or deploy new threat detection rules.

The eSentire Threat Response Unit (TRU) is an industry-leading threat research team committed to helping your organization become more resilient. This is an elite team of threat hunters and researchers that supports our 24/7 Security Operations Centers (SOCs), builds threat detection models across the eSentire XDR Cloud Platform, and works as an extension of your security team to continuously improve our Managed Detection and Response service.

By providing complete visibility across your attack surface and performing global threat sweeps and proactive hypothesis-driven threat hunts augmented by original threat research, we are laser-focused on defending your organization against known and unknown threats.

We prioritize creating and updating our detection rules and machine learning (ML) models regularly, so your security posture is hardened against the evolving threat landscape. Our content development is built upon the MITRE ATT&CK Framework® and is constantly fine-tuned for efficacy to reduce false positives.

Why Choose eSentire's Threat Response Unit (TRU)

TRU acts as an extension of your security team to build your cyber resilience and prevent business disruption. With TRU by your side, you can rest easy knowing that you’re protected by an MDR provider that law enforcement agencies rely on to identify threat actors and collaborate on threat intelligence.

Prepare and react to emerging, unknown cyber threats to prevent business disruption

TRU continuously monitors the threat landscape, publishes regular threat advisories, security bulletins, and threat intelligence reports, and conducts proactive real-time threat hunts so you can stay ahead of the latest emerging threats and prevent business disruption.

Harden your toolkit with novel threat detection rules and advanced ML models

As a foundational component of the eSentire MDR service, TRU constantly builds and updates new threat detection rules and ML models across our eSentire XDR platform. These detections are further strengthened by robust investigative runbooks to support our SOC Cyber Analysts in their investigation and containment actions – on your behalf.

Go into battle with a team of industry veterans with real-world experience

TRU has discovered dangerous cyber threats and nation-state attacks (e.g., the Kaseya MSP breach and identities of hackers behind the more_eggs malware). With a 95% employee retention rate, TRU consists of highly certified, seasoned industry veterans who regularly hold threat briefings, share their expertise with industry publications, and have proven to be trusted sources for global law enforcement agencies.

Advanced Threat Intelligence That Outpaces Cyberattacks

×
 
×
 

Notable Threat Detections

WE STOP THREAT ACTORS IN THEIR TRACKS.
OTHERS CLAIM IT, WE PROVE IT.

Our Threat Response Unit (TRU) collects and processes threat intelligence from 54 commercial threat feeds and 10+ proprietary intel sources, the Dark Web, social media, security reports, positive SOC-driven threat investigations, and various third-party tools to conduct further investigations and identify potential Indicators of Compromise (IOCs).

Once a threat is discovered, eSentire TRU publishes regular threat advisories, security bulletins, and threat intelligence reports, and conducts proactive real-time threat hunts so you can stay ahead of the latest emerging threats and prevent business disruption.

eSentire TRU has discovered some of the most dangerous cyber threats and nation-state attacks in our space. Last year, TRU built 500+ new detectors to protect our customers and circulated 35 Security Advisories. We broke the news on the Kaseya MSP breach, the malicious more_eggs malware and more.

35%

Of threats are identified by TRU before they appear on commercial threat feeds.

12%

Of threats identified by TRU are never seen in the commercial feeds we manage.

Original nation-state attacks and threats discovered by eSentire TRU:

1. The Kaseya Crypto-mining Attack

2. Hackers Spearphish Professionals on LinkedIn with Fake Job Offers, Infecting them with more_eggs Malware

3. Malicious Google Ads to Lure Computer Users to Spoofed "Signal" and "Telegram" Websites

4. Hackers Flood the Web with 100,000+ Malicious Pages to Deliver Malware

5. Gootloader Hackers Poison Websites Globally to Infect Business Professionals with Ransomware

Read the Latest Security Advisories and TRU Positives

eSentire TRU regularly publishes Security Advisories, TRU Positives, and Malware Analyses on emerging cyber threats to arm you with the latest intel so you can make informed decisions that evolve with the threat landscape. TRU’s research routinely supports law enforcement agencies in their mission to unmask threat actors and stop cybercrime.

Static TRU logo Image

LATEST POST – Jul 24, 2025

Cisco Vulnerabilities Exploited CVE-2025-20281 & CVE-2025-20337

THE THREATOn July 21st, 2025, Cisco confirmed attempted exploitation of recently disclosed maximum severity vulnerabilities impacting its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC).CVE-2025-20281 (CVSS: 10) and CVE-2023-20337 (CVSS: 10) are vulnerabilities in a specific API of the impacted Cisco products and can allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. Successful exploitation of these…

Jul 21, 2025

CrushFTP Zero-Day Vulnerability CVE-2025-54309

Jul 21, 2025

Microsoft Zero-Day Vulnerabilities CVE-2025-53770 & CVE-2025-53771

Jul 10, 2025

RedDirection Browser Extension Campaign

TRU Positives

Read the summaries of recent threat investigations, how our TRU team responded to confirmed threats, and recommendations on defending your organization from emerging threats.

Read the latest from our
TRU Team.

READ NOW

Cyber Threat Hunting Done Right

Adversaries don’t work 9-5 and neither do we.

By leveraging contextualized human-driven threat intelligence, original content on emerging cyber threats, 24/7 availability of Elite Threat Hunters, and advanced analytics based on the latest TTPs, TRU is committed to delivering the strongest MDR offering from eSentire.

eSentire TRU is foundational to our MDR service – no add-ons or additional costs required. You benefit from:

  • Curated Threat Intelligence
  • Threat Hunting
  • Mitigation Support for Zero-Day Threats
  • Original Threat Research
  • Proactive and Reactive Threat Sweeps
  • Live Defense Against Attackers
  • Updated Detection Rules
  • Monthly TRU Intelligence Briefings

Security Leaders Count on eSentire to Prevent Business Disruption

eSentire has helped us in many situations. They have alerted us of the most simple of threats, and also of bad actors on our network. Before we even have to triage the situation they block the device(s) and keep our environment safe from lateral movement from the bad actors being on the device(s) that were infected.

Charles C.

Security Architect

Mid-Market Company
READ THE FULL REVIEW

There are so many things I like but the best is the complete ecosystem we've built with them for 24x7x365 coverage. We are utilizing Network, Endpoint, Log, Vulnerability Management, Incident Response and Forensics. Oh, also love the quarterly cadence calls to sync up with them about issues, questions or improvements.

Phil M.

Information Security Architect

Mid-market Legal Services Company
READ THE FULL REVIEW

eSentire has an incredibly broad range of platforms that can be used individually or in tandem to protect your infrastructure and your users the way you want them protected. Their network interceptor product and MDR products are top products in the industry. Once installed, the product is absolutely transparent to your users.

David M.

Director of Information Technology

Mid-Market Company
READ THE FULL REVIEW

They have a high skilled technical team and great communication to keep you in the loop. They are very detailed oriented and follow up with any / all requests. They keep us updated with their future plans and prevent us from falling behind!

Thomas K.

IT Manager

Mid-Market Company
READ THE FULL REVIEW

We've been using eSentire for over 5 years. Our experience with them has been great from the very beginning. Implementation is very easy and they are with you every step of the way. They have excellent customer support. Our dedicated customer success manager is always available to help, quick to respond, and loops in other experts when needed to provide expert security guidance. They go above and beyond to make sure we are well-supported, no matter the complexity of the issue. Their threat intelligence briefings and papers are also very helpful. They proactively warn us of current and emerging cyber threats and perform proactive threat hunts which helps us stay a step ahead of potential risks. Overall, eSentire has proven to be a reliable security partner. The ability to send in multiple signals (endpoing, log, network, vulnerability, identity, etc.) truly set them apart.

Verified Customer

Industrial Automation Enterprise Company
READ THE FULL REVIEW

Ready to start building a more resilient security operation today?

We're here to help! Submit your information and an eSentire representative will be in touch to demonstrate how eSentire Multi-Signal MDR service stops cyber threats before they impact your business.