eSentire
eSentire, Inc. · EFROS US AI Vendor Governance Index entry
Composite governance score
C = mixed posture. Acceptable for non-regulated use; requires meaningful additional controls in regulated workloads.
About this vendor
Enterprise MDR with proprietary threat hunting depth and the most explicit AI-platform branding (Atlas AI) in the MDR category. Threat hunt depth is the differentiator over breadth-first competitors.
- Enterprise tier
- MDR for Endpoint, Network, Cloud, Identity; eSentire Atlas AI platform
- Vendor homepage
- https://www.esentire.com
- Trust center
- https://www.esentire.com/about-us/trust-center
Twelve-axis governance scoring
Each axis is scored Yes / Partial / No / N/A against public evidence — vendor trust portals, BAAs/DPAs, SOC 2 report cover pages, published methodology documents. N/A applies when the axis is structurally inapplicable (foundation models, for example, defer Section 1557 to the downstream healthcare deployer).
| Axis | Status | EFROS note | Source |
|---|---|---|---|
| BAA / DPA available | Yes | eSentire signs BAAs for healthcare customers; PHI scope addressed within MDR engagement. | eSentire Trust Center |
| Training-data opt-out | Yes | Customer telemetry not used for cross-customer model training within Atlas AI; tenant-scoped pipelines. | eSentire Trust Center |
| US data residency option | Yes | US data residency available; multi-region architecture with customer configuration. | eSentire Trust Center |
| SOC 2 Type II report | Yes | SOC 2 Type II, ISO 27001, HIPAA, PCI, and FedRAMP-aligned posture documented via Trust Center. | eSentire Trust Center |
| ISO/IEC 42001 attestation | No | No ISO/IEC 42001 attestation for the Atlas AI platform as of May 2026. | Public posture review |
| NIST AI RMF self-attestation | Partial | Atlas AI platform documented with model governance materials but no formal NIST AI RMF self-attestation published. | eSentire Atlas AI documentation |
| Colorado AI Act readiness | No | No Colorado AI Act SB 24-205 readiness statement. | Public posture review |
| HHS-OCR Section 1557 readiness | N/A | MSSP — Section 1557 obligation sits with the healthcare customer. | eSentire positioning |
| FRB SR 11-7 readiness | N/A | MSSP — SR 11-7 obligation sits with the financial institution customer. | eSentire positioning |
| ABA Formal Op 512 readiness | N/A | MSSP — ABA Formal Opinion 512 obligation sits with the law firm customer. | eSentire positioning |
| Subprocessor list public | Yes | Subprocessor list public via Trust Center. | eSentire Trust Center |
Trust-center maturity
Mature trust center with full attestation stack and FedRAMP-aligned posture. Atlas AI platform branding is the most explicit AI-MDR positioning in the category, though formal AI governance attestation (ISO 42001) is absent.
Source: eSentire Trust Center
Deep dive
Overview
eSentire's Atlas AI is the most explicit AI-platform branding in the MDR category and threat hunt depth is the operational differentiator. The TRU (Threat Response Unit) does proprietary detection engineering paired with AI augmentation. Best fit for enterprises that prioritize hunt depth over coverage breadth.
Strengths
- Full attestation stack — SOC 2, ISO 27001, HIPAA, PCI, FedRAMP-aligned
- Atlas AI platform with explicit AI-MDR positioning
- Threat Response Unit (TRU) proprietary detection engineering
- Subprocessor transparency via Trust Center
Weaknesses
- No ISO/IEC 42001 attestation for Atlas AI
- No Colorado AI Act readiness statement
- Premium pricing tier vs. SMB-focused MDR alternatives
- AI governance posture lighter than platform compliance maturity
Best-fit use case
Enterprises that prioritize threat hunt depth over breadth — particularly those needing proprietary detection engineering against targeted threat actors rather than commodity malware coverage.
Avoid when
Cost-sensitive SMBs where Huntress-tier coverage is sufficient, or organizations that need explicit ISO 42001 AI governance attestation as a procurement requirement.
Operator's take
Deploy eSentire when enterprises that prioritize threat hunt depth over breadth — particularly those needing proprietary detection engineering against targeted threat actors rather than commodity malware coverage. The composite score of 69 (grade C) reflects a mixed posture for regulated US workloads. Skip the vendor when cost-sensitive SMBs where Huntress-tier coverage is sufficient, or organizations that need explicit ISO 42001 AI governance attestation as a procurement requirement. In every deployment, treat the cells above as a snapshot — the acquisition that gets to production safely is the one that re-verifies the trust-center posture before contract signature and rebuilds the matrix at renewal.
How this scoring is computed
The composite score blends eleven scoreable axes (BAA, training opt-out, US data residency, SOC 2, ISO/IEC 42001, NIST AI RMF, Colorado AI Act, Section 1557, SR 11-7, ABA Op 512, subprocessor transparency) with the trust-center maturity score. Axes marked N/A are excluded from the denominator so vendors are not penalized for sector-inapplicable axes. The vendor's primary sector amplifies the most relevant axes — healthcare vendors weight Section 1557 ×2, legal vendors weight ABA Op 512 ×2, banking vendors weight SR 11-7 ×2 — so the composite reflects what matters in the actual buying context.
Read the full methodology →Disagree with this scoring?
EFROS publishes scoring rationale per cell with a public source. If you have evidence that a specific axis should score differently — a new BAA, a new certification, a documented policy change — submit a formal challenge below. We re-score and publish the result with the next quarterly edition (or as a mid-quarter changelog entry if the change is material).
Disagree with a score?
Every cell in the EFROS Index is source-cited. If you have a public source that contradicts a score for eSentire, submit a formal challenge — we re-verify against the source and respond within 14 days.
Other vendors in security-mssp
Same category, scored on the same twelve axes. Useful for head-to-head shortlisting.
Take the scoring into production
The Index tells you the posture. These engagements turn the posture into a deployable program — vendor selection, governance policy, sector overlay, audit-ready evidence.