Want to speed up your cyber investigations?
Learn how CY4 cut analysis time during incident response by 75% with Cyber Triage.
Let’s jump in…
Challenge
CY4 is a Malta-based information security and digital forensics consultancy founded in 2023 dedicated to providing robust and tailored security solutions, including cyber forensics and incident response. The company offers proactive services and reactive services, and its mission is to make clients more secure from one day to the next.
Speed is critical to delivering on their mission — especially in incident response — and CY4 was looking to make 3 improvements on that front:
| Challenge #1 | Challenge #2 | Challenge #3 |
|---|---|---|
| CY4 wanted to speed up investigations without losing quality. | CY4 wanted to be able to give its clients faster visibility into cybersecurity incidents. | CY4 wanted to get new analysts onboarded faster. |
While CY4 leverages other traditional forensic tools like Magnet AXIOM, “The processing time is lengthy, given the granularity of its findings. While traditional forensic tools have their place, we needed a solution that could give us accurate answers immediately,” said the investigations lead at CY4, Gabriel Micallef.
Solution
CY4 uses Cyber Triage Standard Pro on a dedicated Windows Server VM.
“Setting it up was very easy. I would compare it to installing any regular application,” said Gabriel. “The same is true for the official updates, the patches… things just work. There are no surprises.”
“Overall, Cyber Triage is just really easy.”
And CY4 has been able to lean on Cyber Triage support throughout the process, “Not just for answering questions, but teaching us tips and tricks to leverage the tool better.”
How CY4 uses Cyber Triage:
| Step 1 | CY4 gets devices from client and images them. |
| Step 2 | CY4 analyzes images with Cyber Triage, gets a quick overview of what happened. |
| Step 3 | CY4 continues the investigation using Cyber Triage for deeper analysis. |
| Step 4 | CY4 is able to quickly give clients an accurate report of the incident and recommend next steps. |
Results
| Faster Answers |
|---|
| Cyber Triage’s fast forensics significantly improved the incident response team’s ability to get answers to clients, even during complex, higher-pressure investigations. Gabriel: “It’s really useful to have a tool like Cyber Triage where you can process an image, a drive, a memory image, and get really good pivot points and use them to further the investigation and ultimately give the client tangible information to work from. ”
“I’ve had incidents where it’s 40 plus hosts, with the client’s management expecting frequent updates, amongst a lot of confusion, and I’ve used Cyber Triage to process things quickly so we are able to start providing visibility almost immediately.” |
| Faster Investigations |
|---|
| The scoring feature gives Gabriel and his team an immediate breakdown of what they need to focus on during an investigation. He estimated that Cyber Triage cut down the analysis time during incident response by approximately 75%.
“The scoring and UI are so powerful. It speeds things up without diminishing quality.” |
| Faster Onboarding |
|---|
| Cyber Triage’s straightforward UI and scoring mean new analysts can quickly understand the tool and start contributing. Gabriel says this cut onboarding time by around 75%.
“You can take a veteran and a beginner, and they will pick up the tool just as quickly. That’s how easy to use Cyber Triage is.” |
CY4’s favorite features:
| Scoring | Log Analysis | Timelining |
|---|---|---|
| “Having the tool automatically flag things as bad or suspicious in the beginning of the case saves so much time.
For example, one of the worst things in ransomware cases is when you can’t locate the payload, and Cyber Triage has identified those for me right at the beginning of the investigation.” |
“One thing we find very useful about Cyber Triage is how it collects and categorizes inbound and outbound logon data. It allows you to quickly find out if a machine was patient zero or just another machine a threat actor used to move through the network.” | “There are many timeline tools, especially traditional forensics, but they’re not the most user-friendly.
Cyber Triage is. How you can select the events or see the user ID. It gives you the hash of certain files. It gives you the path as well. It will correlate and connect to certain events. The timeline is the feature we use most.” |
Future
CY4 is working on a 24/7 monitoring service, and Cyber Triage will be an essential tool for Tier 3 analysis as part of it.
“Cyber Triage is an awesome tool, and it directly supports our mission. It helps us give clients clarity faster, recover faster, and strengthen their security after an incident,” said Gabriel Micallef.
Try it for yourself free for 7 days.