CyFIR Forensic Instant Response

Solution Overview
CyFIR Traps endpoint protection and response stops threats and coordinates enforcement with network and cloud security to prevent successful cyberattacks. Traps blocks known and unknown malware, exploits, and ransomware by observing attack techniques and behaviors. Additionally, it enables organizations to automatically detect and respond to sophisticated attacks by using machine learning (ML) and artificial intelligence (AI) techniques with data collected on the endpoint, network and cloud.  

Goals & Objectives

This scheduled lab provides a safe environment to evaluate the functionality of CyFIR Enterprise on various Windows and Linux endpoints. This is the best starting point for understanding the Forensic Analysis and Instant Response solution and how it can provide the value of cyber resiliency to your organization. 
This lab demonstrates how CyFIR Enterprise uses: 

  • Endpoint inspection and “in memory” data evaluation to detect malicious activity. 
  • Concurrent IoCs and “Malicious Footprint” scans across enterprise to reduce breach scope. 
  • End-user monitoring for authentication and the user process level interactions.
  • Forensic acquisition (eDiscovery) of cyber evidence  both on disk and running “in memory” to court standards.  
  • Silent remote agent install/uninstall. 
  • Remote forensic analysis and endpoint response. 
  • “Intellectual Property” and data exfiltration search across enterprise. 

Hardware & Software

This lab consists of the following hardware and software:

  • CyFIR Enterprise (Current version)

Server Devices
  • 1 x Windows CyFIR Investigator (Windows Server 2012 R2) 
  • 3 x Avi Controllers in Cluster Mode (v17.2.4) 
  • 3 x Avi Service Engines 
  • 1 x CyFIR Server/Proxy/Postgres (CentOS 7) 
  • 1 x VMware vCenter Host (v6.5) 
  • 2 x VMware ESXi Hosts (v6.5) 
  • 1 x Mail Server (Outlook, Thunderbird, etc.) 

Client Devices 
  • 1x Attack Client (Windows 10 Enterprise) 
  • 1x Generic Client (Windows 7 Enterprise) 
  • 1x Attack Host (Kali Linux 2018)