You may have noticed a recent post on LinkedIn where I announced our company’s release of CyFIR Investigator on the Amazon Web Services Marketplace. I am truly proud of what we have accomplished in bringing CyFIR’s capabilities to the digital forensics and incident response (#DFIR) market with by-the-hour pricing.
Please note that this is my personal blog and that this is not a corporate pitch. It hasn’t been approved by Marketing, and I’m doing this on my own, but I’m so passionate about a particular part of our product launch that I wanted to write about it here.
For small and mid-sized digital forensics or incident response providers, the entry cost of adequate tools can be overwhelming, especially if a provider wants to be able to take on larger jobs or needs to work remotely. Some of the industry standard digital forensics platforms can cost north of $10,000 for a single remote connection to one endpoint. With the price of tools at scale running well into the hundreds of thousands of dollars, there is no way that a small, independent provider can compete with larger companies and their resources.
With CyFIR Investigator in the AWS Marketplace, a sole proprietor can not only have immediate access to a fully remote, scalable forensic investigation platform, but they can pay for only what they use—by the hour—with no up-front costs. This means that the barriers to entry into a larger market are completely eliminated for smaller providers, as there are no up-front hardware or software costs by virtue of the AWS Marketplace and the AWS infrastructure beneath it.
Not only can small business now bid against jobs that only the big incident response companies could previously entertain, but now they can handle multiple jobs simply by spinning-up a new, appropriately-sized CyFIR platform in their AWS account. This means that the restrictions of forensic tool licensing is no longer an issue. You get a job, you spin up a CyFIR instance. You get another job, you spin up another one. Each one is billed hourly by Amazon at the end of the month, so a small provider isn’t forced to come up with tens or hundreds of thousands of dollars in licensing fees before responding to their customers.
With CyFIR platform sizing as small as five concurrent agents and as low as $5 per hour, small businesses can include the cost of the analysis platform in their hourly billing rates to their customers, essentially being able to perform large, remote incident response or digital forensic investigation jobs without sinking money into the tools to do the work. It’s like a mechanic using a brand new set of wrenches with each car, completely paid for by the customer. Bigger job? Spin-up a larger stack to fit your needs. It takes all of eleven minutes.
I’m excited about this product launch because of what it means for the DFIR community and for those who might be thinking about striking out on their own, but couldn’t due to the price of enterprise-level tools. The stranglehold that large incident response practices have on bigger engagements (at even bigger hourly rates) can end today with rapidly deployable remote toolsets without up-front costs, and small providers have the opportunity to double or triple their revenues without an initial investment.