This website requires Javascript for some parts to function propertly. Your experience may vary.

Digital Forensics and Incident Response - Finding the Fingerprints on Cybercrimes | Cisco Investments

We use cookies to improve your site experience and deliver personalized content. By continuing to use this site, you consent to our use of cookies.

Digital Forensics and Incident Response - Finding the Fingerprints on Cybercrimes

Jon Koplin's avatar

Jon Koplin

To say cybercrimes are on the rise would be a complete understatement. In fact, according to Cybersecurity Ventures, if cybercrimes were measured as a country, it would be the third largest economy in the world, behind the United States and China, inflicting damages totaling more than $8 trillion in 2023.

As cybercrimes rise, so does cybersecurity spending. Security operation centers (SOCs) and security analysts have largely focused on trying to prevent cyberattacks from occurring and have invested significantly into the increasing number of tools that provide protection. But inflicting trillions of dollars' worth of damage tells us one thing: not every attack can be prevented, and it is simply a matter of time until a breach occurs.

Knowing that a breach happened does nothing toward solving the vulnerability. It's important to understand how the breach occurred, where the vulnerability in the network lies, and how to fix it. That’s where Digital Forensics and Incident Response (DFIR) comes into play, to focus on the identification, investigation, and remediation of cyberattacks.

And once a breach does occur, the key to survival for enterprises hinges on detecting and remediating the breach as quickly as possible. Security practitioners measure their effectiveness with KPIs like Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR), and any tools that can significantly improve those are game changers.

AIR for Security

Enter Binalyze.

Emre Tinaztepe founded Binalyze in 2018 after helping law enforcement agencies investigate high-profile cybercrimes. What he found was the need for a solution at the intersection of tools that agencies were already using: digital forensics, malware analysis, and incident response.

“Looking at these investigations, they were just taking too much time,” Tinaztepe explains. “We had to wait for a full disc image, which is an electronic copy of a hard drive. Then there was memory forensics which analyzes the data, but there were short comings to that, and we’d find ourselves back to the disc image. They needed something that did all of it.”

What was missing was a forensics technology that could turn weeks into hours.

Binalyze’s cloud-based Automated Incident Response (AIR) platform has the goal to reduce investigations by Security Operations Centers (SOCs) and Managed Security Service Providers (MSSPs) to under four hours. The platform is capable of remotely collecting over 350 evidence types in under 10 minutes, a task that traditional tools might have taken days to perform.

AIR then uses skillful automation techniques to determine the root cause of the breach and zooms in to build out a detailed investigation and assessment that security professionals can then use for further remediation. 

“It is all about visibility,” Tinaztepe says. “You can use that visibility to understand what happened. Endpoint security products are still a must-have, but when it comes time for a deep investigation, these traditional methods can take weeks. That’s what we’re solving: providing ultimate visibility in the shortest possible time.

Shared Security Worldview

It was this combination of unmatched visibility and exceptional speed that got our attention in our first conversations with Binalyze. As we dug deeper, we were also impressed by how easily the product could be integrated into the enterprise stack and used by both large enterprises with highly-skilled in-house teams as well as smaller companies that generally rely on MSSPs for their security needs.

Binalyze originated as a reactive product, allowing enterprises to have visibility over their network and investigate breaches as they happened. However, their ability to integrate with other platforms, including extended detection and response (XDR), creates a solution that gives modern enterprises a strong weapon against cyberattacks.

XDR collects, and correlates data across email, endpoints, servers, cloud workloads, and networks, enabling visibility and context into advanced threats that can be analyzed, prioritized, hunted, and remediated to prevent data loss and security breaches.

Cisco launched its industry-leading XDR platform at RSA 2023, and just this month announced the addition of recovery to its offering, bringing near real-time recovery for business operations following a ransomware attack. 

“Cisco’s purpose is to power an inclusive future for all – that future has to be safe,” says AJ Shipley, Cisco’s Vice President of Threat Detection and Response. “With so many connected endpoints in today’s modern world, having solutions that prevent, but also remediate cyberattacks are crucial in securing the safety and privacy of enterprises and general public.” 

Tinaztepe agrees.

“Our products sit next to each other, essentially fully automating the process in the event of a cyberattack. When the alert first comes through, no one needs to do anything. Our AIR could be integrated with Cisco’s XDR, who takes the lead and connects to the machine, collects the evidence, analyzes it, and presents a report to investigators. It’s a great match – one that really enhances the overall quality of cybersecurity.”

What’s Next?

Binalyze continues to look at the big picture, continuing to innovate on top of their already industry changing solutions.

“Integration, Collaboration, Automation, Visibility and Response. That’s the goal,” Tinaztepe says. “We already provide the ultimate visibility. Now include full text search capabilities, e-discovery functionality, file content level visibility, which is the deepest layer, and response capabilities. We see it as a cyber resilience tree.”

We live in times where cyberattacks threaten to be an everyday occurrence, and Binalyze is well-positioned to be part of an infrastructure layer that puts a dent in cybercrime. Cisco is excited to support the Binalyze team in this round and be able to partner with lead investor Molten Ventures and the other investors. AIR has all the makings of becoming a go-to tool in the ongoing fight against attackers.

For more information about Cisco Investments click here.

For more information about Binalyze and how its AIR platform can help your enterprise more quickly solve cyberattacks, please visit their website.