Global Safe Travel
Volt MX State of Ohio
Volt MX Government
Anonymous Retail Customer Story
HCL Resources- Stories

Compromised Endpoints


Response and
Resolution Time

Company: CyFIR
Industry: IT
Products: HCL BigFix, CyFIR Enterprise
Partner: None


CyFIR wanted to create a forensic security application that would be more proactive in seeking out and remediating security threats than any other solution in the marketplace. CyFIR wanted to help a large enterprise reduce the time and costs associated with incident identification, containment, and remediation.


CyFIR collaborated with HCL to integrate the capabilities of BigFix with the CyFIR platform. As a result, CyFIR created a comprehensive and effective threat detection and remediation platform that helps customers drastically reduce the costs associated with a security incident. Most importantly, BigFix helped accelerate incident response and resolution time from first alert to ticket closure from weeks to minutes.


  • Reduced costs by up to 90 percent per security incident investigation
  • Eliminated travel-related downtime and lost productivity by automating agent deployment and incident investigation
  • Reduced average incident resolution time from weeks to minutes

One of our major customers -- one of the top Fortune 50 financial firms in the world – was able to reduce their forensic investigator count by about 4 FTE with the combination of CyFIR and BigFix.

- Ben Cotton
Founder and CTO

Security For When The Outer Defense Fails

Regardless of its primary mission, today, every company is essentially an IT company. “You may be a shipping company, but really, you’re an IT company that does shipping,” says Ben Cotton, Founder, and CTO at CyFIR. “Technology is now the competitive differentiator in all industries, so if you’re not thinking in terms of protecting your IT, you should be.”

It’s important to protect your IT infrastructure for many reasons. Hackers could be planting malware. A competitor or disgruntled employee could try to steal intellectual property (IP). “It’s not just enough to prepare to defend your infrastructure; it’s critical that you prepare for when the defense fails,” Cotton asserts. “From a planning standpoint, you can’t count on keeping them out. You have to have a plan for when they get in.”

The rise of the cloud has only made security more challenging. “Ten years ago, you knew where your perimeter as—it was in your data center,” says Andy Ward, Chairman at CyFIR. “Where is your perimeter now? It’s in the cloud. What if you have a bring-your-own-device to work? How do you protect your intellectual property in that situation?”

To help businesses stay on top of all these issues, CyFIR wanted to develop a more proactive approach to threat detection and mitigation. “We weren’t satisfied with just looking at things post-breach, with being reactive,” says Ward.

Ten years ago, you knew where your perimeter was - it was in your data center. Where is your perimeter now? It’s in the cloud.

- Ben Cotton
Founder and CTO

Remote Agent Deployment And Investigation

By combining the CyFIR platform with BigFix, the time required to investigate an incident has reduced significantly. With BigFix’s ability to deploy the CyFIR agent quickly and CyFIR’s ability to create a forensically sound disk image remotely, forensic personnel were able to rapidly produce images of workstations and minimize response time.

By eliminating travel and working remotely to preparing a forensic “go bag,” productivity has skyrocketed, and costs have plummeted. A large financial institution, for example, reduced costs by 90 percent per security incident investigation, which amounted to a savings of USD 450,000 annually.

Additionally, CyFIR uses BigFix to help customers with issues beyond traditional security. Specifically, performing a risk assessment prior to a merger or acquisition is fast. By simply adding a BigFix relay into the environment, we can immediately begin discovering, scanning, and remediating devices before the new devices are allowed on the enterprise network.

Automated Remediation

CyFIR maintains a catalog of known malware and can easily identify objects that have been seen before. However, new vulnerabilities are constantly being developed, and identifying them is more challenging. The CyFIR solution forensically interrogates multiple endpoints simultaneously across vast networks, looking for known malware along with unknown objects.

When a potential problem is detected, CyFIR uses BigFix to automate the necessary analytics, acquire the affected memory or hard drive, and put the affected areas into an automated workflow for remediation. “What BigFix does extremely well is perform various actions on a set of affected systems,” says Cotton. “BigFix can also quarantine those systems from the network and perform complete remediation to reduce the risk of malware spreading.”

“By integrating BigFix with CyFIR, we created a superior threat detection and remediation solution that drastically reduces the costs associated with a security incident.”

CyFIR and HCL have partnered to help BigFix clients of all sizes quickly quarantine and remediate security incidents. This dramatically reduces the potential blast radius of a compromised endpoint.

- Ben Cotton
Founder and CTO

About the Company

Headquartered in Ashburn, Virginia, CyFIR provides solutions for incident response, internal investigation, e-discovery, and threat assessment.
CyFIR makes cyber resiliency accessible to enterprises of any size through platform licensing, managed services, and turnkey investigative services.


Explore related stories

To learn more about BigFix solutions, please contact the HCL representative or HCL Business Partner and schedule a demo.