eSentire CEO Kerry Bailey on teaming up with insurers, cyber resilience, and the "last mile"

“It was a little slow to get started, because they spoke in hard-edged actuarial science data terms. But we have the largest MDR database in the industry so we were able to get back to them and empirically show that we can reduce risk..."

eSentire CEO Kerry Bailey on teaming up with insurers, cyber resilience, and the "last mile"

“Customers are heavily interested in risk right now” says eSentire CEO Kerry Bailey. The Office of Naval Intelligence veteran – who helped raise $325m in 2022 for the Managed Detection and Response (MDR) company – has been busy building relationships with cyber insurance providers to ensure that his company can demonstrate risk reduction for customers in hard, actuarial terms that can drive down customer premiums.

eSentire, founded in 2001 and with a team of around 700, runs two Security Operations Centres (SOCs) – in Waterloo, Canada, and Cork, Ireland – that serve approximately 1,600 customers globally with outsourced 24/7 cybersecurity services, from threat hunting to incident detection, containment, and remediation in the event of a breach.

When it comes to cyber insurance, eSentire is up to 20 insurance partners now, he tells The Stack, adding frankly: “It was a little slow to get started, because they spoke in hard-edged actuarial science data terms. But we do have the largest MDR database in the industry”  – eSentire says it has comprehensive data on over one million expert-led cybersecurity investigations and response actions – “so we were able to get back to them and empirically show that we can reduce risk by a percentage that they then put into their actuarial table. Now we're speaking the same language.”

(What did they want to see? MFA? IR plans? “They just want customers to reduce risk; it’s not about what technology decisions we made.")

Bailey took on the CEO role at the MDR category creator in 2018 and in early 2022 helped it raise $325 million in funding at a $1 billion+ valuation. (PE firm Warburg Pincus remains eSentire’s majority shareholder.)

Revenues sit somewhere north of $200 million/year, he says and the company is looking to expand substantially; eying an opportunity for growth amid product sprawl, skills shortages and a trend towards consolidation among CISOs. eSentire has a genuinely diverse customer base, he says; a 30/30/30 split across enterprise, mid-market and SMEs.

"The company was founded [working for] hedge funds; companies that had high-value assets, mission- critical systems. We started off heavily in financial services, then healthcare, legal, manufacturing... but now we have no one industry that makes up more than 20% of our business. Although heavier in financial services here, we've got aerospace; we've got a little of everything," he says, sitting down with The Stack in London.

(eSentire provides a proprietary network appliance delivered as a continuous managed service, with various capabilities like real-time deep-packet inspection, “human-assisted machine learning”, behaviour-based anomaly detection, signature-based intrusion detection and prevention, and analyst comms that can be tailored to a client’s appetite for alerts...)

A key value of its capabilities, Bailey tells The Stack meanwhile, is “last-mile” expertise. As an MDR provider eSentire can pick up any best-of-breed products it needs to augment its capabilities for customers and take the heavy lifting out of optimising their configuration as its primary task.

“I think we’re in a really unique space, in MDR," he says. "The last mile of cybersecurity investigation requires a specialist; someone that understands cybersecurity at a great detailed level [not just] product companies selling product, which is great, but [effective deployment].”

That said, he acknowledges that it is also often low-hanging fruit that organisations miss, as their IT environments sprawl: "I think the challenges right now, believe it or not, still go back to some of the most basic elements that we've had in cybersecurity for a long time.

"It's almost sad to say. It's misconfigurations that are probably one of the biggest issues. We're used to that in our on-prem environments. But as you get to the cloud, those misconfigurations have even a bigger impact on an organisation. And whether that is user directories, or whether that is your actual application, whatever it may be, I think misconfigurations is still one of the biggest challenges out there... [organisations too often] don't know the assets, they don't know where they've moved to, they don't know how they're being used. And when all of a sudden that complex environment is spread out across your supply chain, your application providers, maybe third parties, you start losing control of where everything is, and one little misconfiguration can cost you."

Amid a burgeoning threat surface and constant attacks, burnout is rife among cybersecurity professionals. With a small army of employees in eSentire's SOCs how does he ensure that they don't burn out, expertise is retained and new talent in a competitive market nurtured?

A big focus on rotation, on training, on bonuses, is one of the answers, he says. "They're typically on for six hours, not 12; with two hours for education. After two years in the SOC we purposefully help people progress their careers. Our churn rate out of the SOC is less than 7%. People are working on complex problems for our customers, they're collaborating with some of the best and the brightest, they're dealing with complex attacks. They're so many career paths and they're getting exposed to some really cool things. With a bunch of recent zero days they found the actual threat adversary, they worked with the FBI on it... they love that!"

Going back to the insurance relationships, the eSentire CEO is keen to clarify that of course the technology does matter and for the insurers too, even if it is codified in risk terms: "You can put an insurance policy in place – and they do – that says you must have endpoint detection; you must have protection on your cloud; you must have identity management... but it's what gets through all of those devices, through the 30, or 40, security tools that somebody has, that we see and catch on the network. That real-world visibility of the data at MDR scale changes the game and the industry."

Join peers following The Stack on LinkedIn