eSentire Threat Intelligence reduces false positive alerts

eSentire launched its first standalone cybersecurity product, eSentire Threat Intelligence, extending eSentire’s protection and automated blocking capability across firewalls, threat intelligence platforms, email services and endpoint agents.

eSentire Threat Intelligence provides mid-market and enterprise organizations with a simple API gateway to access high-fidelity Indicators of Compromise (IOCs), curated from true positive security investigations across eSentire’s global customer base.

Unlike other commercial threat feed providers that use threat intelligence from open source and publicly available feeds, eSentire Threat Intelligence uses a human-driven approach to provide the most timely, relevant and contextually rich high fidelity threat feed from a proven Managed Detection and Response (MDR) leader:

High fidelity intelligence with 99% true positive rate: eSentire Threat Intelligence curates IOCs from true positive SOC investigations across its highly targeted customer base of over 2000 organizations, 65% of which operate in critical infrastructure. The IOCs are thoroughly vetted by eSentire’s SOC analysts and Threat Response Unit (TRU) researchers, and they are refreshed every 24 hours.

STIX format for easy integration and rich context: eSentire Threat Intelligence leverages Structured Threat Information Expression (STIX) format allowing for easy API integration across an organization’s firewalls, threat intelligence platform, email servers and endpoint agents. eSentire’s TRU maximizes this format to go beyond commercial-grade intel products, augmenting eSentire Threat Intelligence IOCs with unique context, including threat actor insights, malware campaigns, targeted assets and attacker tactics, techniques and procedures (TTPs).

Proven MDR leadership extending protection: eSentire’s operationalization of threat intelligence has been praised as best-in-class in evaluative research from Forrester and KuppingerCole. Its Threat Response Unit tracks threats 35% faster than the commercial feeds under its management and identifies threats never witnessed in those feeds 12% of the time. With this new offering, eSentire is extending its automated blocking protection across the enterprise with curated intelligence, including IP addresses, domains, URLs, email addresses and file hashes.

“In today’s world of threat intelligence, more is not better,” confirms Ryan Westman, director, eSentire Threat Response Unit. “Many security leaders make the mistake of adding multiple threat feeds with the goal being coverage, but instead their teams waste valuable time engaging with inaccurate and outdated intelligence. eSentire is proud to extend our high-fidelity protection to unmanaged firewalls, intel platforms, email servers and endpoints. With the launch of eSentire Threat Intelligence, we are setting a new standard in actionable intelligence that will truly help organizations build cyber resilience and prevent business disruption.”

eSentire Threat Intelligence is available now for purchase, as a standalone threat intelligence feed, through eSentire and its e3 ecosystem partners. In Q2 2024, it will be available in AWS and Snowflake marketplaces and will be available through TD SYNNEX distribution in ANZ and Exertis, Kompingo and Brigantia distribution in the UK and Exertis and Portland distribution in Benelux.