What We Do
How we do it
Resources
TRU INTELLIGENCE CENTER
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
View Threat Intelligence Resources →
SECURITY ADVISORIES
Jun 03, 2022
UPDATE: CVE-2022-26134 – Confluence Zero-Day Vulnerability
THE THREAT June 3rd Update: Atlassian has released security patches to address this vulnerability. On June 2nd, 2022, Atlassian disclosed a critical vulnerability impacting the Confluence…
Read More
View all Advisories →
Company
ABOUT ESENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1200+ organizations in 75+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
May 17, 2022
Cybersecurity Leader eSentire Continues Its Commitment to Rigorous Security Standards Earning PCI DSS Certification
Waterloo, ON, May 17, 2022 — eSentire, the Authority in Managed Detection and Response (MDR), maintains one of the most secure and robust IT environments of any MDR provider in the industry. To that end, eSentire today announced that it has received the Payment Card Industry Data Security Standard (PCI DSS) certification, considered one of the most stringent and comprehensive payment card…
Read More
Partners
PARTNER PROGRAM
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
ECOSYSTEM PARTNER RESOURCES
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
Resources
Blog — Jun 17, 2021

CyFIR Internal Investigation: A 6-Hour Human Resources Department Use Case

4 minutes read
Speak With A Security Expert Now
This blog was originally published on CyFIR.com and has been reposted as-is here following eSentire’s acquisition of CyFIR Inc. in June 2021. As of the date of the acquisition, no changes have been made to the content below.

Human Resource Departments are responsible for many company-wide functions, including internal investigations of employee misconduct. In the digital age, these tasks can take considerable resources and pose challenges due to the sensitive nature of many workplace issues. The following scenario demonstrates how CyFIR Internal Investigation Services can assist Human Resources staff by dramatically improving the process for conducting internal investigations.

John’s appointment as CEO came on the heels of a messy (and all too public) discrimination and harassment lawsuit that had resulted in the resignation of his predecessor. For John and the company to succeed, he needed to implement some real change, which is why he hired Brenda as the new Vice President of Human Resources.

Brenda had a reputation for tackling thorny issues like sexual harassment, and after six months, she had made significant progress – the company was now conducting regular supervisor training, a formal non-retaliation policy was on the books, and new procedures for investigating complaints had been rolled out company-wide.

Soon after, an employee approached Human Resources through the company’s open-door policy. Employee A, a worker from the corporate headquarters location, lodged a formal complaint that she had been subject to sexual harassment from Employee B, a senior executive who managed a remote office on the other side of the country. Employee A submitted a written statement that alleged Employee B had been sending her unwanted and unsolicited text messages, inappropriate jokes in company emails, and had made unwanted advances during a corporate retreat last month.

Given the company’s zero-tolerance policy for sexual harassment, Brenda followed protocol to initiate a formal investigation into the matter. However, Brenda knew how much time and effort went into thoroughly investigating each complaint. She also recognized that, given the extreme sensitivity of the matter, she needed to validate the substance of the allegation as discretely as possible to avoid harm to the reputation of either Employee A or Employee B.

With a small HR department and 25,000 employees, a serious investigation would be a significant drain on her limited resources. In previous companies, investigations of this nature had taken months or sometimes years to complete. To understand what tools were at her disposal, she contacted the company’s Chief Information Officer. He advised her to leverage CyFIR – the company’s new digital forensics tool – to conduct the first phase of the investigation.

Operating with complete discretion, the company’s security professional began the investigation by executing a remote, live keyword search of Employee B’s email on both the company Exchange server and on the employee’s company-assigned computer. Using CyFIR, the investigator was able to acquire results in a matter of minutes. The next point of analysis was a remote examination of material on Employee B’s computer. Evidence contained in email and screenshots of his in-progress chats confirmed that there was a foundation to Employee A’s complaint. These findings led to a more in-depth investigation of Employee B’s activities.

Utilizing the ability of CyFIR to remotely investigate live internet history and track user activity, the investigator determined that Employee B was also visiting inappropriate websites, downloading inappropriate pictures, installing unauthorized programs on his company computer, and actively searching for employment with the company’s direct competitors.

Once the investigators identified these artifacts of investigative interest, they leveraged the forensic imaging capabilities of CyFIR to preserve the evidence and produce a report in the event that legal action would be required. Once the evidence was presented to company leadership, Employee B was terminated for cause. The entire investigation was conducted in less than six hours.

Superior Speed and Scalability

In many companies, internal investigations can drag on for weeks or even months, tying up valuable resources and disrupting normal operations no matter the outcome. Brenda’s story demonstrates the value the CyFIR Enterprise Platform can deliver to Human Resources Departments when conducting sensitive internal investigations due to its ability to quickly and comprehensively gather and store evidentiary data.

Some of the key takeaways of this use case include:

Join 100,000+ Security Leaders

Get notified of the latest news, intel and helpful tools & assets. You can unsubscribe anytime.

By clicking the button below I confirm that I have read and agree to the eSentire privacy policy.

View Most Recent Blogs
eSentire
eSentire

eSentire is the Authority in Managed Detection and Response, protecting the critical data and applications of 1200+ organizations in 75+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk, and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts & Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services. For more information, visit www.esentire.com and follow @eSentire.