Case Study
“Binalyze AIR is like my dream solution. We have completely and remotely collected more than 350 types of evidence at speed and scale. No need to travel to the server or client-side. We are now able to investigate the cases faster with granular visibility.”
Christian Klaus, Head of Threat Detection and Response
Trusted by Organizations Worldwide
IN BRIEF
SOLUTION PARTNER
INDUSTRY
Cybersecurity Incident Response
REGION
UK & Europe
Challenge
DigiFors needed a digital forensic tool that would help them capture evidence and investigate quickly at scale, remotely identify the assets requiring further focus, and accurately report information to their customers.
Success Highlights
- Decreased evidence collection times from days to minutes.
- Improved efficiency with remote evidence collection
and automation. - Collaborate more efficiently and effectively
- 30% faster case investigation times.
DigiFors is a respected German cybersecurity, digital forensics & incident response service provider that offers specially tailored services for public prosecutors, courts and other authorities, law firms and commercial organisations to increase data security or simplify the handling of data in connection with criminal or investigative proceedings.
Whilst delivering their services it is critical that DigiFors is able to investigate an incident, identify the nature of the breach, produce a professional and detailed report and communicate their findings to the customer as quickly and efficiently as possible.
“If it is a small case, just one computer, you call your client and ask them to send the computer for further investigations. But if the case is large, in some cases more than 1000 computers have been involved in a case, it is challenging to do the investigations and solve the case in a timely manner. This is one of the many reasons why we have implemented Binalyze AIR in the heart of our incident response activities.
Binalyze AIR provides us the speed and the granularity that we need in our day-to-day incident response activities at enterprise scale” states Christian Klaus, Head of Threat Detection and Response at DigiFors. Prior to partnering with Binalyze, DigiFors analysts and consultants had to travel to the client’s location to collect forensic disk images and extract data. Using legacy forensic solutions this was an extremely time-consuming, expensive and laborious task. Working in this way slowed down individual investigations and limited the case capacity of the business as a whole.
With Binalyze AIR this process has been streamlined and forensic data can be collected in just a few minutes, remotely from the DigiFors lab in most cases. Another pain point that DigiFors were experiencing was an inability to quickly identify which assets on the customers network have been affected by the breach being investigated. DigiFors ability to provide granular answers about suspicious activity or an active attack to an anxious customer was also being impacted by a lack of fast tools.
Security Operations Center (SOC)
|
Solution
Remote Evidence Acquisition and Triage
Collecting evidence from a high volume of endpoints and finding the footsteps in thousands of artifacts is a challenging task for incident response service providers like Digifors. Thanks to remote evidence acquisition and triage, the Digifors team collected and analyzed more than 260 evidence types quickly and did the necessary triage to eliminate false positives and deep dive into the cases needing further investigation.
Triage at scale
Binalyze AIR also performs triage at scale using YARA, Sigma and OSQuery directly on the endpoint asset. This has allowed DigiFors to easily widen the scope of an investigation and quickly perform compromise assessment to understand which assets are included in a breach, which require a deeper investigation or can be eliminated as a false positive. The remote triage at scale with Binalyze AIR has delivered increased efficiency and allows DigiFors to quickly take control of the investigation and put the customers mind at ease.
Improved Efficiency with Automation and Collaboration
During a case, the most important pressure on incident response teams is time. That is why Digifors is using automation to eliminate repetitive activities. Some cases need collaboration or escalation to more experienced team members. With Binalyze AIR, the Digifors team can work in harmony on the same case to investigate and come to a conclusion much faster than before. With Binalyze AIR’s automation and collaboration capabilities, the Digifors team is now able to investigate and cover cases 30% faster.
Decreased Education and Onboarding Times
Binalyze AIR has an easy-to-use interface that allows incident responders to quickly implement, configure and start using it for forensic and incident response needs in minutes. “I can say that onboarding and learning how to use Binalzye AIR takes less than 30 minutes, which is very important for us, because spending a lot of time learning and configuring a tool, instead of using it for what it is purchased for, is time-consuming and that is something we want to avoid. Our goal is to deliver high-quality service to our clients on time.”