What We Do
How we do it
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
View Threat Intelligence Resources →
Mar 15, 2023
CVE-2023-23397 - Microsoft Outlook Elevation of Privilege Zero-Day Vulnerability
THE THREAT On March 14th, as part of Microsoft’s monthly Patch Tuesday release, the company disclosed a critical, actively exploited vulnerability impacting Microsoft Office and Outlook. The…
Read More
View all Advisories →
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
Mar 20, 2023
Exertis and eSentire Partner to Deliver 24/7 Multi-Signal MDR, Digital Forensics & IR Services and Exposure Management to Organisations Across the UK, Ireland, and Europe
Basingstoke, UK– 20 March, 2023. Leading technology distributor, Exertis, announced today that it has bolstered its cybersecurity services, adding eSentire, the Authority in Managed Detection and Response (MDR), to its Enterprise portfolio of offerings. eSentire’s award-winning, 24/7 multi-signal MDR, Digital Forensics & Incident Response (IR), and Exposure Management services will be available…
Read More
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Blog — Jun 17, 2021

CyFIR Internal Investigation: A 6-Hour Human Resources Department Use Case

4 minutes read
Speak With A Security Expert Now
This blog was originally published on CyFIR.com and has been reposted as-is here following eSentire’s acquisition of CyFIR Inc. in June 2021. As of the date of the acquisition, no changes have been made to the content below.

Human Resource Departments are responsible for many company-wide functions, including internal investigations of employee misconduct. In the digital age, these tasks can take considerable resources and pose challenges due to the sensitive nature of many workplace issues. The following scenario demonstrates how CyFIR Internal Investigation Services can assist Human Resources staff by dramatically improving the process for conducting internal investigations.

John’s appointment as CEO came on the heels of a messy (and all too public) discrimination and harassment lawsuit that had resulted in the resignation of his predecessor. For John and the company to succeed, he needed to implement some real change, which is why he hired Brenda as the new Vice President of Human Resources.

Brenda had a reputation for tackling thorny issues like sexual harassment, and after six months, she had made significant progress – the company was now conducting regular supervisor training, a formal non-retaliation policy was on the books, and new procedures for investigating complaints had been rolled out company-wide.

Soon after, an employee approached Human Resources through the company’s open-door policy. Employee A, a worker from the corporate headquarters location, lodged a formal complaint that she had been subject to sexual harassment from Employee B, a senior executive who managed a remote office on the other side of the country. Employee A submitted a written statement that alleged Employee B had been sending her unwanted and unsolicited text messages, inappropriate jokes in company emails, and had made unwanted advances during a corporate retreat last month.

Given the company’s zero-tolerance policy for sexual harassment, Brenda followed protocol to initiate a formal investigation into the matter. However, Brenda knew how much time and effort went into thoroughly investigating each complaint. She also recognized that, given the extreme sensitivity of the matter, she needed to validate the substance of the allegation as discretely as possible to avoid harm to the reputation of either Employee A or Employee B.

With a small HR department and 25,000 employees, a serious investigation would be a significant drain on her limited resources. In previous companies, investigations of this nature had taken months or sometimes years to complete. To understand what tools were at her disposal, she contacted the company’s Chief Information Officer. He advised her to leverage CyFIR – the company’s new digital forensics tool – to conduct the first phase of the investigation.

Operating with complete discretion, the company’s security professional began the investigation by executing a remote, live keyword search of Employee B’s email on both the company Exchange server and on the employee’s company-assigned computer. Using CyFIR, the investigator was able to acquire results in a matter of minutes. The next point of analysis was a remote examination of material on Employee B’s computer. Evidence contained in email and screenshots of his in-progress chats confirmed that there was a foundation to Employee A’s complaint. These findings led to a more in-depth investigation of Employee B’s activities.

Utilizing the ability of CyFIR to remotely investigate live internet history and track user activity, the investigator determined that Employee B was also visiting inappropriate websites, downloading inappropriate pictures, installing unauthorized programs on his company computer, and actively searching for employment with the company’s direct competitors.

Once the investigators identified these artifacts of investigative interest, they leveraged the forensic imaging capabilities of CyFIR to preserve the evidence and produce a report in the event that legal action would be required. Once the evidence was presented to company leadership, Employee B was terminated for cause. The entire investigation was conducted in less than six hours.

Superior Speed and Scalability

In many companies, internal investigations can drag on for weeks or even months, tying up valuable resources and disrupting normal operations no matter the outcome. Brenda’s story demonstrates the value the CyFIR Enterprise Platform can deliver to Human Resources Departments when conducting sensitive internal investigations due to its ability to quickly and comprehensively gather and store evidentiary data.

Some of the key takeaways of this use case include:

View Most Recent Blogs

eSentire is the Authority in Managed Detection and Response, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk, and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts & Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services. For more information, visit www.esentire.com and follow @eSentire.