FAQs

Frequently Asked Questions

• DFIR: What is Digital Forensics and Incident Response?

  Digital Forensics and Incident Response (DFIR) are essential parts of cybersecurity that are aimed to provide deep understanding of cyber incidents from a forensic perspective. DFIR is based on several processes such as identification, investigation, containment, remediation and potentially legal actions related to cyberattacks. DFIR experts acquire and analyse digital evidence collected from a DFIR platform to fill in gaps of information about cyber attacks, such as who were the attackers, how the incident happened, and how to remediate the security holes. DFIR can also help identify the data lost or exact damage caused.

   

• What is cyber resilience and why is it important?

  Cyber resilience helps businesses defend against cybercrimes, mitigates risks and severity of attacks, and enables business continuity. A cyber-resilient business is well prepared to tackle cybersecurity incidents and can effectively respond to and quickly recover when such events do occur.

  These challenges are driving a trend towards blending traditional cyber security strategies with cyber resilience to ensure that, when a breach occurs, the organisation has the tactical tools in place for a fast and effective incident response.

  Click below to see how Binalyze can help your cyber resilience progress.

  Learn More

• What is Automated Incident Response?

  Automated incident response (IR) refers to the process and management of systemic response to a security breach. This approach allows a security operations center (SOC) to react to critical incidents in real-time and to triage alarms more efficiently.

  Continue Reading

• How to create an Incident Response Plan?

  Developing and implementing an incident response plan will help your business handle a data breach quickly and efficiently while minimizing the damage.

  We have a detailed blog about it where you can have more insights.

  Continue Reading

• What is Binalyze AIR?

  Binalyze AIR is a powerful digital forensics and incident response platform that quickly and remotely collects over 350 types of digital evidence from Windows, Linux, macOS, Chromebook, ESXi, AWS, and Azure systems in 7-10 minutes on average. The platform is fully automated, scalable, and enables forensic teams to work conveniently and efficiently.

  Learn More

• What ports are used by AIR?

  • TCP 80: Default port for AIR Console (web-based management console and endpoint connections),

  • TCP 443: Optional port for enabling SSL,

  • TCP 4222: Optional port for enabling real-time task pushes to endpoints,

  • TCP/UDP 389 and 636: LDAP and LDAPS ports (when Active Directory enabled).

  • TCP/UDP 514: Syslog Port (when Syslog is enabled)

  • TCP/8080: Console Service port (local only)

• How many assets can connect to a single Console instance?

  AIR Assets are passive responders and Console is battle-tested on networks with up to 30.000 endpoints.

  If you are planning to install AIR on a bigger network, please contact support@binalyze.com.

• Can I use AIR with EDR/XDR Products?

  Absolutely! The level of forensic information AIR provides is the biggest differentiator that separates it from the rest of the crowd.

  This fact makes AIR a perfect candidate for using it side-by-side with an EDR/XDR product.

  Here are some EDR/XDR use-case examples:

  • Eliminating false positives by providing analysts with AIR reports,

  • Investigating pre-cursors,

    Enriching an alert,

  • Responding to EDR/XDR alerts automatically.

• Can I integrate AIR with my SOAR/SIEM?

  Yes. AIR can be triggered by your SIEM/SOAR product without human intervention.

  This makes it a perfect match for responding to alerts you receive from these solutions.

  Communication with SIEM products is bi-directional. So, AIR not only receives alerts/triggers from your SIEM but also reports the actions it performed back to it via Syslog Protocol.

• How do I update AIR Console?

  You will see a notification on Console whenever a new version is released.

  Clicking this notification will download the latest version for you to install manually.

  There is no auto-update feature in AIR Console.

• How do I update endpoints?

  You don’t. Assets update themselves automatically.

  Upon installation of a Console update, assets receive an update task in response to their first connection and automatically update themselves.