Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert hunting, research and content.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and remediating threats to prevent lateral spread.
Investigation and enhanced threat detection across multi-cloud or hybrid environments.
Configuration escalations, policy and posture management.
Detects malicious insider behavior leveraging Machine Learning models.
Join us for a live security brefing with (ISC)2 members.
Join Tim Segato, Director, Product Management and Ryan Westman, Manager,…
Ask questions and hear from Cybersecurity experts from eSentire,…
This blog was originally published on CyFIR.com and has been reposted as-is here following eSentire’s acquisition of CyFIR Inc. in June 2021. As of the date of the acquisition, no changes have been made to the content below.
Human Resource Departments are responsible for many company-wide functions, including internal investigations of employee misconduct. In the digital age, these tasks can take considerable resources and pose challenges due to the sensitive nature of many workplace issues. The following scenario demonstrates how CyFIR Internal Investigation Services can assist Human Resources staff by dramatically improving the process for conducting internal investigations.
John’s appointment as CEO came on the heels of a messy (and all too public) discrimination and harassment lawsuit that had resulted in the resignation of his predecessor. For John and the company to succeed, he needed to implement some real change, which is why he hired Brenda as the new Vice President of Human Resources.
Brenda had a reputation for tackling thorny issues like sexual harassment, and after six months, she had made significant progress – the company was now conducting regular supervisor training, a formal non-retaliation policy was on the books, and new procedures for investigating complaints had been rolled out company-wide.
Soon after, an employee approached Human Resources through the company’s open-door policy. Employee A, a worker from the corporate headquarters location, lodged a formal complaint that she had been subject to sexual harassment from Employee B, a senior executive who managed a remote office on the other side of the country. Employee A submitted a written statement that alleged Employee B had been sending her unwanted and unsolicited text messages, inappropriate jokes in company emails, and had made unwanted advances during a corporate retreat last month.
Given the company’s zero-tolerance policy for sexual harassment, Brenda followed protocol to initiate a formal investigation into the matter. However, Brenda knew how much time and effort went into thoroughly investigating each complaint. She also recognized that, given the extreme sensitivity of the matter, she needed to validate the substance of the allegation as discretely as possible to avoid harm to the reputation of either Employee A or Employee B.
With a small HR department and 25,000 employees, a serious investigation would be a significant drain on her limited resources. In previous companies, investigations of this nature had taken months or sometimes years to complete. To understand what tools were at her disposal, she contacted the company’s Chief Information Officer. He advised her to leverage CyFIR – the company’s new digital forensics tool – to conduct the first phase of the investigation.
Operating with complete discretion, the company’s security professional began the investigation by executing a remote, live keyword search of Employee B’s email on both the company Exchange server and on the employee’s company-assigned computer. Using CyFIR, the investigator was able to acquire results in a matter of minutes. The next point of analysis was a remote examination of material on Employee B’s computer. Evidence contained in email and screenshots of his in-progress chats confirmed that there was a foundation to Employee A’s complaint. These findings led to a more in-depth investigation of Employee B’s activities.
Utilizing the ability of CyFIR to remotely investigate live internet history and track user activity, the investigator determined that Employee B was also visiting inappropriate websites, downloading inappropriate pictures, installing unauthorized programs on his company computer, and actively searching for employment with the company’s direct competitors.
Once the investigators identified these artifacts of investigative interest, they leveraged the forensic imaging capabilities of CyFIR to preserve the evidence and produce a report in the event that legal action would be required. Once the evidence was presented to company leadership, Employee B was terminated for cause. The entire investigation was conducted in less than six hours.
In many companies, internal investigations can drag on for weeks or even months, tying up valuable resources and disrupting normal operations no matter the outcome. Brenda’s story demonstrates the value the CyFIR Enterprise Platform can deliver to Human Resources Departments when conducting sensitive internal investigations due to its ability to quickly and comprehensively gather and store evidentiary data.
eSentire is the Authority in Managed Detection and Response, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk, and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts & Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services. For more information, visit www.esentire.com and follow @eSentire.