CyFIR: Thwarting Cyber Threat with Advanced Forensic Technology

Ben Cotton, CEO
Technology evolution continues at an unabated pace, posing challenges for enterprises in protecting their vulnerable infrastructures and intellectual property. As their existing security technologies fail to respond quickly to malware attacks within their networks, companies find themselves in need of a forensic solution that is able to quickly trace cyber breaches and mitigate them. Manassas, Virginia based CyFIR offers an enterprise network forensic platform that not only proactively scans all running processes on computers in an organization, but also has the ability to find malicious and unknown processes residing in the network and remediate them accordingly. “Our platform assists cyber security personnel to drastically shorten the time in identifying, isolating, remediating, and removing hostile cyber threats from their IT networks,” says Ben Cotton, CEO, CyFIR.

“The jeopardy of using 'stone age' tools is that they can take an average of 281 days before an event is detected, and that’s where CyFIR is focused,” says Cotton. Aligned to the mantra of “turning incident response into instant response”, CyFIR counters any cyber incident with a measurable, quantifiable metric—“Speed to Resolution”. It shortens the discovery and identification timing of malware, which conventionally takes a long time to detect, and provides immediate investigation and remediation capabilities. The firm provides a comprehensive network forensic investigation tool, CyFIR Enterprise, which is ideal for performing live breach investigations across any organization, as it allows security personnel to search simultaneously across all endpoints in a network. However, identifying malware or advanced persistent threat is not enough. CyFIR Enterprise extensively analyzes live RAM and all hard drives on the endpoints and employs sophisticated techniques to mitigate and preserve evidence of the breach promptly. “CyFIR’s abilities of instant detection, rapid forensic investigation, and swift resolution enable us to serve the present market place in a better way,” says Cotton.

Built on top of a distributed forensic processing architecture, CyFIR’s forensic-grade investigative module, the CyFIR Smart Agent, allows companies to perform daily work in an uninterrupted manner while simultaneously performing end-to-end breach identification and remediation tasks remotely with its “Instant Response” capability. “While incident response teams using traditional tools take weeks or months to perform these tasks on a customer site, CyFIR’s ‘Instant Response’ can search an entire enterprise within seconds,” articulates Cotton.

Our platform assists cyber security personnel to drastically shorten the time of identifying, isolating, remediating, and removing hostile cyber threats in an IT network

Designed by experienced computer forensic practitioners serving the highest levels of Federal Government and Fortune 500 companies, CyFIR allows security personnel to forensically analyze Microsoft Windows-based workstations and servers for both government and commercial customers. For instance, a major financial institution sought CyFIR’s assistance as it had been notified of external breaches on its network. “Within five minutes of installing CyFIR agents into their architecture, we had verified every affected system in the network and identified the malware that their traditional security mechanisms had missed,” expresses Cotton. Following this rapid identification process, CyFIR removed malicious code from the system in seconds and helped the client return to a normal operating environment quickly.

Observing the technology evolution in the enterprise security domain, Cotton aims to speedily incorporate new capabilities and new techniques into CyFIR’s extensive breach detection functionality on a continual basis. For the coming years, the company is planning to extend its platform into the mobile space. “We are responding to the changes in the landscape and envision delivering the same level of protection that we offer the desktop environment to smartphones and tablets as well,” says Cotton. “Furthermore, in the era of the ‘Internet of Things,’ when technology is becoming more and more pervasive with modern lives, we ensure scalability of our platform across huge networks that may consist of 10,000 endpoints or even a million in the future,” he concluded.


Manassas, VA

Ben Cotton, CEO

Delivering enterprise level comprehensive endpoint forensic investigation and incident response tool for rapidly thwarting cyber attacks