Proactive Security Capabilities Significantly Cut Costs

Security For When The Outer Defense Fails

Regardless of its primary mission, today, every company is essentially an IT company. “You may be a shipping company, but really, you’re an IT company that does shipping,” says Ben Cotton, Founder, and CTO at CyFIR. “Technology is now the competitive differentiator in all industries, so if you’re not thinking in terms of protecting your IT, you should be.”

It’s important to protect your IT infrastructure for many reasons. Hackers could be planting malware. A competitor or disgruntled employee could try to steal intellectual property (IP). “It’s not just enough to prepare to defend your infrastructure; it’s critical that you prepare for when the defense fails,” Cotton asserts. “From a planning standpoint, you can’t count on keeping them out. You have to have a plan for when they get in.”

The rise of the cloud has only made security more challenging. “Ten years ago, you knew where your perimeter as—it was in your data center,” says Andy Ward, Chairman at CyFIR. “Where is your perimeter now? It’s in the cloud. What if you have a bring-your-own-device to work? How do you protect your intellectual property in that situation?”

To help businesses stay on top of all these issues, CyFIR wanted to develop a more proactive approach to threat detection and mitigation. “We weren’t satisfied with just looking at things post-breach, with being reactive,” says Ward.

Remote Agent Deployment And Investigation

By combining the CyFIR platform with BigFix, the time required to investigate an incident has reduced significantly. With BigFix’s ability to deploy the CyFIR agent quickly and CyFIR’s ability to create a forensically sound disk image remotely, forensic personnel were able to rapidly produce images of workstations and minimize response time.

By eliminating travel and working remotely to preparing a forensic “go bag,” productivity has skyrocketed, and costs have plummeted. A large financial institution, for example, reduced costs by 90 percent per security incident investigation, which amounted to a savings of USD 450,000 annually.

Additionally, CyFIR uses BigFix to help customers with issues beyond traditional security. Specifically, performing a risk assessment prior to a merger or acquisition is fast. By simply adding a BigFix relay into the environment, we can immediately begin discovering, scanning, and remediating devices before the new devices are allowed on the enterprise network.

Automated Remediation

CyFIR maintains a catalog of known malware and can easily identify objects that have been seen before. However, new vulnerabilities are constantly being developed, and identifying them is more challenging. The CyFIR solution forensically interrogates multiple endpoints simultaneously across vast networks, looking for known malware along with unknown objects.

When a potential problem is detected, CyFIR uses BigFix to automate the necessary analytics, acquire the affected memory or hard drive, and put the affected areas into an automated workflow for remediation. “What BigFix does extremely well is perform various actions on a set of affected systems,” says Cotton. “BigFix can also quarantine those systems from the network and perform complete remediation to reduce the risk of malware spreading.”

“By integrating BigFix with CyFIR, we created a superior threat detection and remediation solution that drastically reduces the costs associated with a security incident.”