Share this post:
Cybercrime is on the rise, and many companies may have malicious breaches within their network without even knowing it. Breaches can enter and remain dormant for weeks, months, and years. This is just what happened in a Marriott cybersecurity breach, and it has affected other companies as well.
Criminals are evolving and creating new strategies and models to scale cybercrime globally. According to a Ponemon Institute report on the cost of cybercrime, the average cost to an attacked organization is US$11.7 million. Business endpoint protection is increasingly important in today’s environment where persistent threats—such as cyber offensive activities by Iran and other hostile governments—are on the rise.
CyFIR provides another layer of detection defense against this changing landscape and a first line forensic investigative platform. We specifically look for things that have bypassed company antivirus measures and firewalls without detection and for situations that don’t involve malware. These threats may not be active but are lurking and waiting for an optimal time to strike.
CyFIR is helping companies quickly detect and respond to cyber threats to keep data and intellectual property safe. We do this by providing forensics level data at enterprise scale and speed. CyFIR offers the CyFIR Enterprise platform, which is a distributed forensics software; as well as a cloud-hosted managed service for monitoring and threat hunting; and digital forensic investigation services to rapidly investigate risks. For those companies that want to avoid costly overhead and infrastructure costs, CyFIR Investigator is available on demand by the hour.
Deploying cloud-based solutions for clients helps CyFIR find and resolve cybersecurity risks faster. Working on the IBM Cloud, CyFIR can spin up a new client environment or scale an existing environment extremely quickly. This speed of deployment and scale is critical in getting services to clients and service team members for many types of investigations.
Destressing organizations under cyber attack
When an organization is under siege from a cybersecurity threat, there can be a lot of panic within the company. It’s very distracting to have to go through an elongated process to identify and eradicate the threat.
Because CyFIR can see deeply and broadly into a client’s network in a simultaneous fashion, we can identify a breach very quickly and then perform the forensic analysis and remediation, often within hours. Finding and eliminating the threat this quickly destresses the organization and is a considerable improvement over a process that can, traditionally, take 60 days or more. By using technology such as IBM Cloud as a backbone to the CyFIR infrastructure, CyFIR is able to move more quickly, which helps us affect the whole company atmosphere.
The CyFIR ability to get in and help an organization understand whether customer data has been compromised (therefore requiring disclosure of the threat to clients and customers) is quite helpful. Quick understanding of what data has and hasn’t been compromised and removing the need to disclose a security threat publicly is a great relief to company CEOs and boards of directors.
Finding and fixing threats faster with the cloud
The power of the cloud enables CyFIR to move quickly and differentiate from our competition. By leveraging the IBM Cloud, CyFIR can generate a client-specific forensic environment within a few minutes, configure and publish installation files for the endpoints, enroll all of the systems, and quickly connect to the production CyFIR environment. The ability to create the forensics support infrastructure for very large enterprises reduces risk in the midst of challenging incidents and reduces the changes that critical security event data is lost over time.
Because of the distributed nature of the CyFIR platform, made possible by VMware on IBM Cloud, investigators have the ability to remotely search across entire network environments and then quickly look deep into systems or data for specific forensic artifacts to determine the how, what, when and why that is so critical to breach and crisis management. This means threats can be found and fixed, breaches discovered, and investigations completed more quickly. This Speed to Resolution™ capability reduces risk and cost. Legacy forensics platforms that are not powered by the CyFIR Total Dynamic Visibility distributed forensic processing could take months to manually scan through the images of affected endpoints. CyFIR, however, performs the searches across the environment in minutes. By deploying through the IBM Cloud, the creation of forensic capability, investigation, analysis and reporting can be performed entirely remotely, completed often before legacy forensics and incident response teams/capabilities can even get on the plane.
Working on IBM Cloud speeds CyFIR’s ability to provision and manage resources for our digital forensics platform on the fly. From setting up a client environment or an internal demo environment to spinning down the environment as needed, we can get the system up or down in less than 15 minutes.
The CyFIR solution is also strengthened by enhanced resiliency, flexibility, and the native security of IBM Cloud. To achieve this resiliency, CyFIR is using Veeam on IBM Cloud to manage backup and disaster recovery. The CyFIR teams also rely upon native and IBM partner security services, including QRadar and Resilient, that seamlessly work with in the IBM Cloud ecosystem. The IBM Cloud offers a full suite of add-on or cloud-native features, software and services right from within the client interface, allowing the teams to quickly execute from proof of concept to production deployment, all within a model that has been proven to work.
“The IBM Cloud solution allowed us to reinvent how we look at the cloud and how we deploy systems, apps and even security,” shares Brian Herr, Chief Security Officer at CyFIR. “And, because IBM Cloud is part of a larger service ecosystem, we’ve been able to deploy additional necessary business functions, which has enabled us to reinvent ourselves in an unprecedented way. We’ve been able to do this in an exceptionally short period of time because all the other services and software, and everything else that IT and security needs, is already baked into the IBM Cloud.”
CyFIR aims to move further toward becoming cloud native in 2020 and is working with the IBM Garage to expedite development.
Ready to explore how the cloud can enhance your business? Learn more about IBM Cloud solutions and schedule a complimentary visit to the IBM Garage to get started.