Company: CyFIR Industry: IT Products:HCL BigFix, CyFIR Enterprise Partner: None
CyFIR wanted to create a forensic security application that would be more proactive in seeking out and remediating security threats than any other solution in the marketplace. CyFIR wanted to help a large enterprise reduce the time and costs associated with incident identification, containment, and remediation.
CyFIR collaborated with HCL to integrate the capabilities of BigFix with the CyFIR platform. As a result, CyFIR created a comprehensive and effective threat detection and remediation platform that helps customers drastically reduce the costs associated with a security incident. Most importantly, BigFix helped accelerate incident response and resolution time from first alert to ticket closure from weeks to minutes.
Reduced costs by up to 90 percent per security incident investigation
Eliminated travel-related downtime and lost productivity by automating agent deployment and incident investigation
Reduced average incident resolution time from weeks to minutes
One of our major customers -- one of the top Fortune 50 financial firms in the world – was able to reduce their forensic investigator count by about 4 FTE with the combination of CyFIR and BigFix.
Regardless of its primary mission, today, every company is essentially an IT company. “You may be a shipping company, but really, you’re an IT company that does shipping,” says Ben Cotton, Founder, and CTO at CyFIR. “Technology is now the competitive differentiator in all industries, so if you’re not thinking in terms of protecting your IT, you should be.”
It’s important to protect your IT infrastructure for many reasons. Hackers could be planting malware. A competitor or disgruntled employee could try to steal intellectual property (IP). “It’s not just enough to prepare to defend your infrastructure; it’s critical that you prepare for when the defense fails,” Cotton asserts. “From a planning standpoint, you can’t count on keeping them out. You have to have a plan for when they get in.”
The rise of the cloud has only made security more challenging. “Ten years ago, you knew where your perimeter as—it was in your data center,” says Andy Ward, Chairman at CyFIR. “Where is your perimeter now? It’s in the cloud. What if you have a bring-your-own-device to work? How do you protect your intellectual property in that situation?”
To help businesses stay on top of all these issues, CyFIR wanted to develop a more proactive approach to threat detection and mitigation. “We weren’t satisfied with just looking at things post-breach, with being reactive,” says Ward.
Ten years ago, you knew where your perimeter was - it was in your data center. Where is your perimeter now? It’s in the cloud.
- Ben Cotton
Founder and CTO
Remote Agent Deployment And Investigation
By combining the CyFIR platform with BigFix, the time required to investigate an incident has reduced significantly. With BigFix’s ability to deploy the CyFIR agent quickly and CyFIR’s ability to create a forensically sound disk image remotely, forensic personnel were able to rapidly produce images of workstations and minimize response time.
By eliminating travel and working remotely to preparing a forensic “go bag,” productivity has skyrocketed, and costs have plummeted. A large financial institution, for example, reduced costs by 90 percent per security incident investigation, which amounted to a savings of USD 450,000 annually.
Additionally, CyFIR uses BigFix to help customers with issues beyond traditional security. Specifically, performing a risk assessment prior to a merger or acquisition is fast. By simply adding a BigFix relay into the environment, we can immediately begin discovering, scanning, and remediating devices before the new devices are allowed on the enterprise network.
CyFIR maintains a catalog of known malware and can easily identify objects that have been seen before. However, new vulnerabilities are constantly being developed, and identifying them is more challenging. The CyFIR solution forensically interrogates multiple endpoints simultaneously across vast networks, looking for known malware along with unknown objects.
When a potential problem is detected, CyFIR uses BigFix to automate the necessary analytics, acquire the affected memory or hard drive, and put the affected areas into an automated workflow for remediation. “What BigFix does extremely well is perform various actions on a set of affected systems,” says Cotton. “BigFix can also quarantine those systems from the network and perform complete remediation to reduce the risk of malware spreading.”
“By integrating BigFix with CyFIR, we created a superior threat detection and remediation solution that drastically reduces the costs associated with a security incident.”
CyFIR and HCL have partnered to help BigFix clients of all sizes quickly quarantine and remediate security incidents. This dramatically reduces the potential blast radius of a compromised endpoint.
- Ben Cotton
Founder and CTO
About the Company
Headquartered in Ashburn, Virginia, CyFIR provides solutions for incident response, internal investigation, e-discovery, and threat assessment.
CyFIR makes cyber resiliency accessible to enterprises of any size through platform licensing, managed services, and turnkey investigative services.
Explore related stories
Vössing Encourages Efficient, Effective Collaboration in Major Infrastructure Projects