Emre, you’re CEO and Founder of Binalyze. Tell us about how the decision to found Binalyze came about and what your initial goals were for the company.
The idea of Binalyze started more than four years ago while I was still a partner at the previous startup that developed proactive cybersecurity solutions. By the end of my journey in that company, I realized that whatever we do, there will be a breach.
I think that way because while increasing the levels of security and setting the bar high, the attackers do the same. Just like the law of nature – survival of the fittest. You need to adapt, and if you don’t, you get eliminated. So, it is an endless game.
During those times, I also faced many frustrations during some of the incident response engagements that I was personally involved in with our board advisors from Law Enforcement. It took me days to find some critical evidence that could help me understand what happened on a particular machine.
But, if you ask me what was the specific moment I came up with the idea of Binalyze, that was the moment I watched The Evolution of Bacteria video from Harvard Medical School.
Let me tell you something if you ask anyone: Do you know Emre? They will most probably say: Is that the guy who shows the virus video? Yes, that’s me :). I share this video with everyone: my friends, employees, customers, and partners. That video was my EUREKA moment.
If you have time, here is the link; please do watch it.
Everything else is history. Thanks to our advisors and having the opportunity to join some of their investigations, I saw all digital forensics methodologies and approaches. That is when I realized we need to change the existing practices and implement new and agile DFIR methods.
Binalyze’s first product was IREC TACTICAL. What was the goal of this product, and how did you then decide to develop Binalyze AIR?
At Binalyze, we pay great attention to MVPs. Our first product didn’t focus on any financial gain, nor did it include a licensing model. We created something fast, and in 5-6 months, we designed the first version and published it. That product was IREC FREE. Even though it may sound easy, IREC FREE resulted from 10+ years of endpoint security products, R&D serving millions of customers globally. Step by step, we started receiving great feedback globally, including some large organizations from the USA.
Once we started collecting feedback from our users, every month, we released a new version with all the latest improvements, and this is how we came up with the product that is still Binalyze’s trademark-IREC TACTICAL.
The real power behind IREC TACTICAL and all Binalyze solutions is speed. When there is a breach or a potential breach, you are in a race. You need to be the fastest. The relevant information that needs to be collected is relatively small. Still, due to insufficient methods, we had to wait for a full disk image that sometimes took days, and then performing analysis on that image was almost impossible. So, the idea was to speed up and simplify the overall process of collecting digital evidence.
These were the design goals that we implemented:
- A standalone executable
- No installation requirement
- No expertise requirement – one click (everything preconfigured)
- It should be lightning-fast
- It should have a well-organized report
AIR was supposed to be named IREC Enterprise, and since our customers already asked a lot about it, we started developing the enterprise edition of IREC that would be able to run on endpoints remotely.
But while having one of my deep breathing sessions, I just opened my eyes. I thought: why don’t we integrate it with the SIEM/SOAR solutions to make it a fully automated incident response solution?! And that is how the name AIR – Automated Incident Response name came up.
How has Binalyze adapted to the requirements of the pandemic, both in terms of working from home and the increased demand for digital forensic services?
We were among the few lucky ones in this pandemic period. Mainly, it increased the awareness of what we are doing. Before the pandemic, you could go physically to an incident and perform investigations manually, but during pandemic times when you had to do everything remotely, our digital forensics solutions came up as a savior because we make it possible to collect digital evidence in a completely remote and much faster manner.
Your new DRONE product is currently in its beta phase: can you tell us more about its capabilities and what sets it apart in the industry?
The first innovation of Binalyze was decreasing the evidence collection times to minutes from hours, if not days. The second innovation of Binalyze is making the overall acquisition process in fully automated way. DRONE is the last pillar of this innovation series.
By using IREC or AIR, you can take the highest resolution pictures of the crime scene, and the only missing piece is having someone who will make deductions of these pictures. So, DRONE is that expert. It is your 24/7 available DFIR expert who immediately highlights anomalies, rare, suspicious or dangerous events on that picture.
We had this idea initially, but we decided to focus on speeding up and automating the evidence collection time. So now, we have the complete package.
Binalyze has always focused on speed and efficiency, both enticing words in an industry that famously has to deal with huge backlogs. How do Binalyze’s products help to address the challenges of triage and backlogs, and what more do you think we as industry professionals can do to reduce the impact of these challenges?
This industry is full of backlogs because the practices in this industry started with law enforcement years ago. Digital forensics practices were not mainstream at that time. Only law enforcement was using them, so they matured in that area.
Over the last 40 years, the story has become different. If you have a digital asset, you are open to being a victim of cybercrime. So, now it is not just a law enforcement specialty anymore. It has become a mainstream industry.
The challenge with the backlogs is still there because we are still applying law enforcement digital forensics methods to mainstream enterprise digital forensics cases. The invented methods to take incident cases to court in 99% of the time are not required for enterprise digital forensics cases. The priority of an enterprise is finding the security hole, closing it, and increasing the organization’s security posture.
Binalyze is not tied to any of these approaches. Instead, we are a fast-forward solution in a slow-motion industry!
Finally, what can we expect to see next from Binalyze? What do the next few months hold?
Now we have everything in place to speed up the investigations. The only missing piece is integrating the platforms and users, combining the efforts of the cybersecurity industry, and adding further automation into our solutions. Our products are the most capable solutions when it comes to taking pictures of a cyber crime scene. Therefore, we decided to shift our focus on sharing and collaboration to advance the DFIR community further, and for that, we plan to release Binalyze HUB, a real-time IoC sharing platform powered by the community. Stay tuned for that.