Need to speed up client investigations?
Learn how an overburdened IR consulting team improved efficiency to handle their workload with Cyber Triage.
Let’s jump in…
Challenge
A Fortune 100 had a very busy IR consulting team. They were blitzed by client investigations and needed to improve efficiency and effectiveness to handle the case load.
The IR team identified 3 key challenges in their current process:
| Challenge #1 | Challenge #2 | Challenge #3 |
|---|---|---|
| IR team has little knowledge of client environments. | Client’s IT team is often unfamiliar with IR processes. | IR team needed to support collaboration on cases with 10+ investigators. |
To address these issues, the team started looking for an IR tool built for speed and collaboration.
Solution
The search ended with Cyber Triage. Cyber Triage is an automated digital investigations platform designed for cyber first responders who have to move fast, work together, and
make the right call.
How the IR team uses Cyber Triage:
| Step 1 | IR team shares the Cyber Triage Collector with the client’s IT team. The local team easily deploys via RMM, EDR, or manually on hundreds of endpoints simultaneously. |
| Step 2 | Cyber Triage Collector is adaptive. It finds and copies all relevant files, including any tools and malware dropped by the threat actor. |
| Step 3 | The Collector automatically uploads to Amazon S3. As collections are uploaded, they are ingested by Cyber Triage’s server and assigned to investigators. |
| Step 4 | Malware, compromised accounts, significant events, and other IOCs are found and scored. Bad and suspicious items are shown to investigators, who identify + investigate affected systems. |
| Step 5 | Comments and labels are used to provide more context for other investigators, and the incident timeline provides a big-picture view of the investigation. |
Results
| IR Team Understood the Client’s Situation Faster |
|---|
| Cyber Triage helped the IR team get a complete view of the situation and quickly identify significant events and systems. Cyber Triage helped them quickly understand what was normal for an environment by identifying common activity across systems and timelining to determine when different events first occurred. Cyber Triage’s Automated Analysis also showed them what to focus on by flagging bad and suspicious items for review. |
| Client’s IT Team Could Easily Support Investigations |
|---|
| Cyber Triage was easy for the local IT team to use to support the investigation. The IR team would email the Collector to the client to run via their preferred deployment method. The IR team could pre- configure the Collector for encryption and upload, so deployment didn’t require any arguments or settings changes by the local team. After this step, everything is automatic. |
| IR Team Could Collaborate on Large Investigations |
|---|
| Cyber Triage enabled collaboration for teams of 10+ and on cases with 120+ hosts. All investigators could work on the same incident simultaneously, sharing everything as they went: views, data, scores, labels, etc. And when any investigator took a step forward, they all did: When one bad item is discovered on a host, it was added to the built-in “bad” list to be scored appropriately if seen again. |
Empower Your Team
Cyber Triage gives your team everything they need to investigate incidents quickly. You’re not just handing them another tool.
You’re empowering them with a collaborative investigation platform.
Try it today or get a quote if you’re interested in licenses.