Triple Your #DFIR Revenues, Free.

You may have noticed a recent post on LinkedIn where I announced our company’s release of CyFIR Investigator on the Amazon Web Services Marketplace. I am truly proud of what we have accomplished in bringing CyFIR’s capabilities to the digital forensics and incident response (#DFIR) market with by-the-hour pricing.

Please note that this is my personal blog and that this is not a corporate pitch. It hasn’t been approved by Marketing, and I’m doing this on my own, but I’m so passionate about a particular part of our product launch that I wanted to write about it here.

For small and mid-sized digital forensics or incident response providers, the entry cost of adequate tools can be overwhelming, especially if a provider wants to be able to take on larger jobs or needs to work remotely. Some of the industry standard digital forensics platforms can cost north of $10,000 for a single remote connection to one endpoint. With the price of tools at scale running well into the hundreds of thousands of dollars, there is no way that a small, independent provider can compete with larger companies and their resources.

Until now.

With CyFIR Investigator in the AWS Marketplace, a sole proprietor can not only have immediate access to a fully remote, scalable forensic investigation platform, but they can pay for only what they use—by the hour—with no up-front costs. This means that the barriers to entry into a larger market are completely eliminated for smaller providers, as there are no up-front hardware or software costs by virtue of the AWS Marketplace and the AWS infrastructure beneath it.

Not only can small business now bid against jobs that only the big incident response companies could previously entertain, but now they can handle multiple jobs simply by spinning-up a new, appropriately-sized CyFIR platform in their AWS account. This means that the restrictions of forensic tool licensing is no longer an issue. You get a job, you spin up a CyFIR instance. You get another job, you spin up another one. Each one is billed hourly by Amazon at the end of the month, so a small provider isn’t forced to come up with tens or hundreds of thousands of dollars in licensing fees before responding to their customers.

With CyFIR platform sizing as small as five concurrent agents and as low as $5 per hour, small businesses can include the cost of the analysis platform in their hourly billing rates to their customers, essentially being able to perform large, remote incident response or digital forensic investigation jobs without sinking money into the tools to do the work. It’s like a mechanic using a brand new set of wrenches with each car, completely paid for by the customer. Bigger job? Spin-up a larger stack to fit your needs. It takes all of eleven minutes.

I’m excited about this product launch because of what it means for the DFIR community and for those who might be thinking about striking out on their own, but couldn’t due to the price of enterprise-level tools. The stranglehold that large incident response practices have on bigger engagements (at even bigger hourly rates) can end today with rapidly deployable remote toolsets without up-front costs, and small providers have the opportunity to double or triple their revenues without an initial investment.

“Nobody wants to pay for safety, son.”

Parallels across industries make this author think a reckoning is coming.

Completely as an aside, I’ve been casually looking at new SUVs, and I’m particularly interested in some of the advanced safety features that recent models have to offer. From automatic braking to lane-crossing warnings, these features make a lot of sense for someone who commutes 35,000 miles a year like I do.

I visited one local dealership, eager to see a unit that had the active safety package in which I was interested. The color was hideous—there’s no way I would have purchased it—but the salesman and I got to talking. He was intent on selling me a less expensive trim level (in the color I wanted) that didn’t have the active safety features I specifically sought.

Once he realized that I wasn’t going to be talked out of the safety package and we could just have a conversation, I asked him why there were so few units available with this particular set of additional features. He looked down at the ground, then up toward the sky, and finally shrugged his shoulders.

“Nobody wants to pay for safety, son,” he said candidly.

Initially, I was surprised. Four years ago I was in a car accident that would have been avoided (or at least mitigated) by the technology I am so eager to buy. I can’t see purchasing my next automobile without it, given the ubiquity of these features today. As I was thinking, “Why wouldn’t people want these kinds of safety features,” it hit me. It’s the same thing I’ve heard over and over again in meetings and when talking to fellow vendors at conferences. Everyone wants safety and security—they just don’t want to pay for it.

At this point, I’ve literally lost count of the number of companies—both big and small—that I’ve spoken with that “don’t have the budget for new tools,” or “already have all the security we need.” Fast forward anywhere from three to twenty-four months, and many of those very same companies have been in the news offering free credit monitoring services to the thousands (or millions) of customers that have been compromised by their cavalier attitudes toward the safeguarding of your personal information. They’re facing extensive fines, loss of stock value, and numerous lawsuits, all of which cost far more than any vendor’s solution.

New stories of compromised companies are in the press weekly, and the public is becoming inured to receiving breach notices. Fines stack up, lawsuits get settled, and companies go about their business of collecting your private information. With the combined loss of data from Facebook, Equifax, and the Office of Personnel Management, there’s almost nothing that hasn’t been uncovered and stolen about yourself, your family, and your friends. Yet, while market reports say the cybersecurity field is booming, no individual customers seem to actually have a budget they can use.

Conversely, security professionals often find that when clients do have money to spend on a platform that the vendor has promised will stop everything from zero-day malcode to termites, the eager purchasers often haven’t implemented the most basic of security hygiene practices first, hoping that an all-inclusive, does-everything package (it doesn’t) will take care of every security issue they might have (it won’t). A solid security plan must be multi-faceted, and it must be well funded. Full stop. Boards of Directors need to start viewing healthy security budgets as a cost of doing business and not as an albatross. The best investments a company can make are in sound cyber security hygiene practices and training, followed by sets of tools for protection and defense, and completed with other tools for investigation and remediation. However, none of this is useful without a capable, trained, and not-intentionally-overworked security staff who keeps the ship afloat.

As CIOs and CISOs, we need to invest in people, training, and tools (in that order), because you can be very sure that our adversaries are doing the same.