A few weeks ago at th4ts3cur1ty.company, we revealed our brand-new DFIR service offering.
A DFIR (or Digital Forensics and Incident Response) service is designed to not only get businesses up and running ASAP in the event of a cyber attack or security breach, it will minimise the effects in the first place. Getting your business back to BAU is so critical and the service not only does this, but looks into how the incident happened in the first place.
Naturally, I wanted to know so much more, so I sat down with TSC Co-Founder and Chief Operating Officer, Stephen Ridgway, to delve deeper into what you can expect from th4ts3cur1ty.company’s DFIR service…and what’s still to come!
What inspired TSC to launch a DFIR service?
In my experience – in fact, maybe as many as three or four times in my career – I’ve been in situations where the big players have been brought in, in order to run digital forensics and incidents. They’re on retainers which tend to be quite hefty, plus you need to pay people their standard consultant rates. Depending on the size of the organisation, you might end up with 15 people, all on £1500 a day. If they are all working for two to three weeks on a project, the costs become astronomical.
The trigger for it was an incident with a customer where they engaged one of these big consultancies, and they really didn’t do a good job. The big consultants were obsessed with the digital forensics but weren’t interested in service restoration, so they weren’t looking at it from a service risk perspective. Given the fact that almost everything was encrypted, it was very difficult to do the forensics. While they actually did discover quite a lot, if it hadn’t been for Eliza (Eliza-May Austin, CEO & Co-Founder of th4ts3cur1ty.company) stepping in and effectively taking over the running of the incident response, they wouldn’t have got anything back up again or working for weeks.
That’s when we thought, “we know we can do this; we can do it better than the big players that everybody goes to. Why don’t we give it a go?” So we created the DFIR service concept. Given that it’s not being done well in the marketplace and there’s a lot of money being spent on second-rate service, we knew the need was there.
What other DFIR services can we expect further down the line?
In addition to maturing the service offering we are also developing a DFIR tool, which will be very lightweight, very stable, and very low resource. Bigger companies make this kind of tooling expensive; priced as premium endpoint protection, it’s become a cash cow for them.
That’s just not what we think this should be. We think people and organisations should be able to do business securely. If they get into trouble, they should be able to afford to get fixed and get sorted and get back to business quickly. Suppliers need to make a reasonable margin on that, which that’s absolutely fine. But nobody should be ripping anybody off. So, off we went to develop the tool we wanted so that we could offer customers something that didn’t involve selling licences on stuff that we didn’t really believe in.
The DFIR tool is being built to be open source. What makes this unique is that – to my knowledge – there’s nothing else in the open source world where you can generate actions or regularly-collected information. So it’ll be something that’s easy to deploy, managed through a cloud interface. You’ll have the ability to create custom dashboards so you understand exactly what’s going on in your environment. And of course, our DFIR service can manage the DFIR tool on your behalf.
Why choose th4ts3cur1ty.company?
We are available 24/7 to ensure that security incidents are responded to quickly to make your business functional again, no matter the time. This means that downtime for critical systems can be reduced exponentially, so that the business can continue to do essential tasks like pay staff or support their own customers.
Additionally, both the service and tool have been built from the ground up to suit what our customers have been asking for, instead of bolting lots of third-party apps together like other companies might do. And most importantly, we’re incredibly transparent. Our motto is “no nonsense, just defence”, and this is something we fully stand by. If our DFIR offerings aren’t the best option for your business, we’ll tell you; our customers’ needs are far more important than making a few extra pounds.
