eSentire leading the way in enterprise network security
By: Aileen Ormoc

From humble beginnings to an ever-growing list of clientele, eSentire has not only managed to differentiate themselves from the competition, but has also made their mark in Canada’s emerging network security market.

Founded in 2001, eSentire was a classic technology company driven by a number of technologists from University of Waterloo.

When current Chief Executive Officer, J. Paul Haynes joined the team nine years later, the company underwent some drastic changes. Haynes says that the founders of eSentire brought him on board to help the company shift their focus from a technology-based organization to one driven by sales and marketing.

He says the company’s expanding list of customers is a testament to their overall success.

“In two and a half years, we went from 23 customers to about 95 right now,” he says. “And with the business partners, we probably have another 150 clients.”

Unlike other security technologies on the market, eSentire’s main focus is protecting an organization’s network from the inside out. By initially assuming that the network has been compromised, they turn their focus to behaviors that may suggest foul play.

There are four threat categories used in catching an attack—insiders, criminals, nation states, and hackers. Insiders are employees working alongside criminals to retrieve crucial information like bank account information. Nation states are oftentimes there to acquire information, and include national governments. And the hackers’ main mission is to shut down and disrupt business.

Haynes says there is a simple method to hacking an organization’s network.

“What the [threat actors] have to ensure is that their exploit has never been seen before,” says Haynes. “All you have to do is change it enough so that it has a different DNA-like signature, and it goes straight through.”

The use of social engineering via social networks like Facebook and LinkedIn has made it that much easier for a threat actor to launch an attack. Things like “spoofing an email” are commonplace for these kinds of attacks.

Haynes says, “They will find names on Facebook or the company website and deliver an email into your inbox. It will look like it came from a business partner with a file attachment included, and once you click on that file attachment or website that is where the compromise happens.”

According to Haynes, there has been somewhere between a six and tenfold increase in security breaches among large enterprises.

“There are how-to manuals on the Internet, and they tell you how to get these exploits and target a company,” says Haynes.

eSentire performs a Multi-Dimensional Vulnerability Assessment (MDVA) in order to assess a company’s network. The MDVA reveals multiple vulnerabilities to external threats, internal data leakage, as well as analyzing the network’s usual traffic.

“We put our sensors in your network and analyze your traffic for usually thirty to forty five days,” says Haynes. “We will tell you which machines are being exploited, which ones have communication channels established, and we will look at things like network architecture because oftentimes people design networks without taking [security] into account.”

They also perform Continuous Monitoring as a Service (CMaaS) following the MDVA. CMaaS will detect potential threats by running five value lines including the Network Interceptor, Log Sentry, Asset Manager Protect (AMP), Continuous Vulnerability Scanner (CVS), and Continuous Penetration Tester (CPT). The Network Interceptor identifies and eradicates all threats. Log Sentry gathers data like event log messages, and provides compliance-based reporting. Asset Manager Protect (AMP) discovers a threat, analyzes it and puts a block in place for that behavior across the entire customer base. Continuous Vulnerability Scanner (CVS), and Continuous Penetration Tester (CPT) use frequent scanning and patch levels to detect possible threats.

“We monitor the amount of data that travels through the firewall, and we put meters and set thresholds so alerts start to go off when too much data is flowing from one work station,” says Haynes.

eSentire is also compatible with other security technologies in place such as fire walls and anti-viruses. Haynes says, “If you have an anti-virus, and you keep it current, there is no need to throw it out because the one in one hundred times that someone gets infected while they are not connected to the network, the antivirus might be able to help you in that case.”

He explains that eSentire’s specializes in protecting the company network, not catching threats via wireless or mobile networks connected to service providers like Rogers.

Mark Sangster, the director of marketing at eSentire says large companies are spending billions of dollars on network security technologies, and it’s simply not working. He says, “They are realizing they need the approach we are taking which is the unique combination of new technology and human driven analytics which gives it that behavioral-based detection that simple technology just can’t provide.”

Both Haynes and Sangster accredit much of eSentire’s success to their staff as well as their venture investors. “Staff is number one, and following staff are the Toronto based venture investors that have supported our vision and seen the company grow,” says Haynes. “It has almost tripled from when they came in almost two years ago.”

Haynes explains that the company has plans to expand into other parts of the world and several industries. “We are scaling out and building ourselves an organization in Manhattan, New York,” he says. “The other markets we have with the mining, oil and gas industries, and their supply chain which is engineering construction firms, we are targeting three main geographies – Houston, Calgary, and London in the near term. In the longer term, we are going to add Australia.”