Our Investment in Binalyze — Defining the Future of Enterprise Forensics

Mar 30, 2021

We at Bek Ventures are thrilled to announce that we led the €1.5m seed round of cybersecurity startup Binalyze, the leading Enterprise Forensics provider.

Binalyze’s platform will disrupt the Digital Forensics and Incident Response (DFIR) and Enterprise Forensics market and give security teams the tools they need to thoroughly investigate cyber incidents.

Of the many reasons we backed Binalyze, perhaps the most important was the quality and unique vision of the founding team. Founder Emre Tinaztepe is one of the most talented cybersecurity experts we have ever met. Building on their significant experience in anti-malware technologies, we strongly believe Emre and his team are well-positioned to define the modern standards of digital forensics.

While we were building our investment thesis on Binalyze, we deep-dived into the emerging category of DFIR and realized the disruption potential of the newly emerging Enterprise Forensics solutions.

In this post, we would like to share our learnings on how this space has evolved over the last decade, current challenges faced by the enterprises, and our take on the future of Enterprise Forensics.

A HUGE Gap in Cybersecurity Solutions

Especially in the last year, organizations worldwide accelerated digital transformation, achieving an estimated 5–10 years of digitization in a few months. However, technology use isn’t the only thing to accelerate. As the number of endpoints soared and remote working was normalized, we saw an inevitable surge in the need for cybersecurity, not only for large enterprises but for mid-market and SMEs as well.

While enterprises struggled to secure their infrastructure, hackers launched sophisticated attacks. From organized criminal outfits to state-sponsored groups, enterprises now face a volume and severity of cyberattacks beyond anything we’ve seen before.

To mitigate cyberattacks, enterprises currently use various tools, such as SIEM, EDR, SOAR, and DFIR solutions. Cybersecurity stacks consisting of these tools help enterprises identify and prevent most low-sophistication attacks. However, there are two problems:

  1. Security teams face an overwhelming number of alerts and don’t have the resources to investigate incidents thoroughly
  2. Even market-leading tools lack the granular capabilities that enable security analysts to collect evidence and analyze complex attacks in detail

As a result, breaches are often detected months after the incident, and many are never discovered.

The global average time for identifying and containing a breach was 279 days, according to the Cost of a Data Breach Report 2019, Ponemon Institute, and IBM Security.

Look no further than the SolarWinds hack, which is estimated to have required “at least 1,000 engineers.” Or the compromise of FireEye which announced its systems had been breached by “a nation with top-tier offensive capabilities.” Even these companies that take pride in their extreme levels of cyber readiness were unable to detect these attacks until after it was too late.

Enterprise Forensics is the Future of DFIR

In a world where cyber incidents are increasingly inevitable, what enterprises and Managed Security Service Providers (MSSP) can do is to identify, investigate, and respond with greater speed, efficacy, and consistency.

That’s what DFIR tools are meant to do — help security practitioners collect and analyze evidence so they can respond effectively to cyberattacks. But this is where the problem currently lies.

The field of digital forensics is around 40 years old. In the beginning, if an organization suspected an endpoint (e.g., a PC) had been breached, it had to manually retrieve the infected hard drive, clone it, and take it to a lab to extract any usable information. 40 years ago, this cumbersome process was acceptable.

Fast-forward to today, and we face a major problem. The above process was OK when the average PC hard drive size was 20 megabytes. Today, a hard drive could be 20 terabytes. And once the discussion turns to the cloud and remote container storage, things get exponentially harder.

Today, conducting a forensic examination of a single endpoint could take over 20 hours, plus a further 20 hours for any other affected endpoint. As a result, most organizations don’t investigate security incidents at a forensic level — they simply reformat the endpoint remotely and hope the problem goes away.

What if it doesn’t go away? What if other endpoints are affected, and the organization is unaware? In that case, the attackers could still be inside the network and the organization might never know.

There is a clear need for Enterprise Forensics solutions that handle cyber incidents end-to-end, from the evidence collection phase to forensic analysis. And it was mainly this need in the market (and exceptional customer feedback) that got us excited about Binalyze.

Binalyze — the Emerging Leader in Enterprise Forensics

Binalyze is an Enterprise Forensics platform that collects a much greater depth of forensic data than existing solutions and much faster. Instead of 20 hours per endpoint, security analysts in enterprises, MSSPs, and consulting firms can remotely extract forensic evidence from multiple endpoints in minutes.

Soon, the platform will enable the same level of forensic analysis for cloud environments — including AWS, GCP, Azure, and Microsoft 365 — and remote container storage. These capabilities are essential for today’s enterprises, which overwhelmingly embrace cloud and hybrid-cloud architectures.

Collecting forensic data is one thing, analyzing it is quite another. Binalyze completes much of the intricate forensic analysis work in seconds and highlights rare, relevant, suspicious, and malicious findings. It also incorporates powerful collaboration and automation capabilities and integrates seamlessly with established security technologies like SIEM and SOAR platforms.

Stated simply, Binalyze enables security teams to automate forensic analysis and incident response from end-to-end. It does this without requiring high levels of technical and forensics know-how, which are rare (and expensive) capabilities in the cybersecurity labor market. Investigations that were impossible due to resource constraints now take just a few clicks.

We believe Binalyze’s key differentiators (speed, ease of use, remote and cloud capabilities, and automation) position the platform to disrupt the market.

Recognizing this potential, we are excited to partner with Binalyze and support Emre and the rest of the team to emerge as the category-defining Enterprise Forensics leader.

Learn more on Binalyze or follow them on Twitter.

Share