Region: North America

Game-Changer

Company Overview



Dark Rhiino is a leading MSSP dedicated to providing comprehensive security services to businesses of all sizes. Its mission is to ensure robust cybersecurity for clients through advanced technology and expert service with a Defense-in-Depth approach.

Founded in 2017, Dark Rhiino has grown to become a trusted partner for businesses seeking reliable and effective security solutions. The company offers a unique insured guarantee of up to $1m for all clients subscribing to its Defense-in-Depth, enabling them to secure a higher deductible on their cyber liability insurance coverage.

Manoj Tandon, Co-Founder and COO at Dark Rhiino, explained: “Plenty of other companies sell security services, but what makes our market claim so strong is that we actually back it up. We’re in the business of selling outcomes.”

Challenges in expanding security operations


As Dark Rhiino pursued an ambitious growth strategy, it faced several challenges as it expanded its operations. When the team took on more customers worldwide, it faced a greater variety of operational needs as well as a greater volume of incidents to address. At the same time, they needed to maintain a high level of security assurance for all customers and meet their $1m security guarantee.

With an increase in scope and demand, the team needed more efficient processes and greater visibility that allowed them to identify and address threats proactively.

Tyler Smith, CTO at Dark Rhiino, explained: “One of our customers operates in literally every country on Earth. So, at that scale, it’s very difficult to monitor user endpoints with traditional SIEM technology or endpoint detection and response tools.”

He elaborated: “There’s also a danger of falling into the ’prevention paradox’ – you focus on what you can easily detect and prevent, and the things outside that scope effectively become invisible. So, we needed to expand both the breadth and depth of our visibility into customer systems.”

Efficiency was another key factor, as existing processes became increasingly resource heavy.

Investigating and clearing security alerts could take as much as a third of the day for Dark Rhiino’s analyst team. Further, with many of those being false positives, all that work could equate to little value.

Tyler explained: “As our client base grew, we needed to find a way to scale our operations without simply adding more manpower. Our existing tool was extremely capable but overly complex and obtuse for our young team to use – it sometimes felt like we were fighting the tool as much as the threats. So, we needed something that was as accessible as it was reliable.”

Maintaining high-quality service while operating efficiently was a critical challenge. Dark Rhiino needed to quickly identify compromises missed by prevention activity and achieve the visibility needed for thorough investigations to mitigate the chances of a full-blown incident.

This required a comprehensive platform that integrated a forensic-level approach, enabled proactive compromise assessments and would be easy and efficient to use. At the same time, the solution would need to provide complete remote system visibility with Dark Rhiino’s broad customer base.

Why Binalyze AIR was the choice for enhanced efficiency

To address these challenges, Dark Rhiino chose Binalyze AIR after evaluating several solutions and finding it to be the most comprehensive and user-friendly. The platform was well- recommended by trusted industry peers, and Dark Rhiino quickly confirmed what it could do through an AIR trial.

Tyler explained: “One important factor was the platform’s ability to integrate seamlessly with our existing workflows. The usability won us over very quickly. With our previous solution, we could solve security alerts in 15 minutes, but it would be a frantic 15 minutes as we battled to get visibility of the situation and make sense of it quickly.”

He continued: “With Binalyze, we could gain situational awareness and skip all the digging and coding. The information we need is quickly available without needing to be a query wiz. This is so valuable for us – the team can act with greater speed and confidence, and achieve more with less supervision, fewer needs to escalate or interruptions to the workflow.”

Binalyze AIR also improved the accuracy of evidence gathering and analysis to add context to alerts. The platform’s advanced capabilities ensured the team had ready access to everything they needed to make informed decisions and respond to threats decisively.

The platform provided a single point for all evidence-related tasks helping to streamline workflows. The in-built analysis capability, DRONE, automatically highlights IoCs and ranks findings by severity to aid in prioritization. Meanwhile, AIR’s remote shell feature, interACT, provides remote, cross-platform access to Windows, Mac, and Linux devices, allowing for a standardized process regardless of operating system.

This end-to-end investigation workflow capability also means that Dark Rhiino’s team could manage a higher volume of incidents without needing to proportionally increase their workforce. The platform’s scalability meant that the company could expand its operations and manage more clients efficiently.

Tyler added: “The accessibility of AIR was a huge benefit from a resource perspective. Anyone who has had to manage cybersecurity salaries knows that the more expertise a tool requires, the more expensive it is to run because of the skills required. Binalyze is so easy to use that I could get an intern, and they would be an absolute rockstar with it in three hours. It means we can uplevel our team and provide a complete security solution to our customers.”

Legitimate access use-case

During a routine monitoring session, Dark Rhiino identified a client’s employee who had inadvertently connected to a malicious wireless network in Asia, believing it to be a legitimate hotel Wi-Fi. This led to a DNS corruption that redirected all network traffic to a malicious server, which blocked the employee’s ability to use their VPN.

The endpoint was unable to recognize any malicious behaviour, leading to a frustrated employee requesting exceptions to access work tools. Dark Rhiino utilized the Binalyze platform to swiftly investigate the issue. Within 30 minutes, they traced the DNS responses and confirmed the malicious DNS was altering IP addresses, preventing legitimate connections.

Thanks to Binalyze AIR’s forensic-level visibility, Dark Rhiino quickly identified that the employee had connected to a fake network mimicking the hotel’s Wi-Fi. By instructing the employee to connect to a trusted port or a different network, the team mitigated the threat before any significant damage occurred.

Delivering more value and security to clients

The adoption of Binalyze AIR provided several key benefits that enhanced its managed security operations and enabled the team to better meet the security challenges of Dark Rhiino’s clients, and provide more ROI.

As an MSSP heavily involved in cyber liability insurance, capabilities around compliance are critical for Dark Rhiino. The Binalyze platform’s comprehensive data collection, tagging and management, and analysis features helped Dark Rhiino meet compliance standards efficiently and accurately. Binalyze plays a crucial role in a ‘defense-in-depth’ approach, catching threat indicators that may be missed by a traditional prevention- detection approach.

Tyler added: “While we address incidents when they happen, our play revolves very much around prevention. We help enterprises avoid having to go down the costly road of incident response with a very deep level of monitoring beyond what traditional endpoint tools can manage.

“On the occasions where we have an active bad actor, we know AIR will let us see literally everything they’ve done. We can freeze those files, pull them off the machine, delete them, anything we need to do. Binalyze lets us see all the pieces, put them together into a timeline, and deal with it. This is a hugely valuable capability for us.”

Conclusion

”Binalyze AIR has been a huge boost to our ability to proactively identify and stop threats before they do damage,” said Manoj.

“We can easily sort out false positives, quickly initiate a deep dive on genuine threats, and if necessary, contain an incident with a very rapid host isolation.

“Having so many comprehensive features in one place have been instrumental in enhancing our service delivery, enabling our business model and meeting our clients’ needs.”

Dark Rhiino’s experience with Binalyze AIR demonstrates how the platform can empower MSSPs to overcome operational challenges, improve efficiency, and deliver high-quality security services. This partnership highlights the potential for technology to transform security operations and ensure robust protection for clients.

Reduce Your Incident Response Time

Reduce Your Incident Response Time

Operational Forensics

Company Overview

TransAm Trucking is a prominent transportation and logistics company based in North America, employing over 550 staff members. Specializing in freight and logistics services, TransAm operates with a strong focus on efficiency and reliability. The company’s extensive fleet and advanced logistics network enable it to serve various clients across the region.

Facing cybersecurity challenges, including insider threats, data exfiltration, and ransomware attacks, TransAm adopted Binalyze’s AIR to bring in improved forensic capabilities and visibility to enhance threat response abilities.

The need for more efficient security


TransAm faced a complex security landscape characterized by multiple threats, including insider risks and external attacks. As a major player in the transportation and logistics industry, the company had to safeguard sensitive data and ensure continuous operations.

Protecting personally identifiable information (PII) is a top priority for TransAm. Implementing effective Data Loss Prevention (DLP) measures was essential to detect unauthorized data transfers and safeguard customer trust.

Data exfiltration by malicious actors posed a persistent threat. Furthermore, the company also needed to address insider threats where employees could potentially misuse their access to sensitive information.

In addition to data protection, as a logistics company, TransAm also needed to prioritize operational resilience, as a disruptive attack could have a severe impact on its fleet. The organization had experienced a previous ransomware attack that highlighted the vulnerabilities in its security infrastructure.

Dane Zielinski, Information Security Manager at TransAm, explained:

“We have over 500 employees and we have vehicles out over half the country, but our IT and security teams are small. So, it’s absolutely essential for us to have security solutions that can identify threats and let us move quickly before things get out of hand.”

He continued: “Transportation is a slim profit margin industry, and a few days or potential week-long outage and the resulting degradation in operations can have millions of dollars in impact that is difficult and possibly impossible to recover from as a business.”

Why Binalyze AIR was the only choice


As part of on-going efforts to strengthen its security, TransAm brought in various outsourced solutions for endpoint detection and response (EDR) and 24×7 Security Operations Centre (SOC) capabilities. However, Dane also wanted to level up TransAm’s digital forensics and incident response (DFIR) in-house to resolve more issues before calling on external partners for deep-dive investigations.

He explained: “Deep-dive analysis for a company like ours, where we don’t have an in-house CSIRT/DFIR team, means spending additional money for the investigation. Also, working with MDR forensics teams isn’t usually quick and efficient, and you’re sometimes sitting and waiting to find out about critical actions – do we isolate, un-isolate, rebuild a system, change service accounts, and so on? This is an important part that forensics answers.”

Binalyze AIR was Dane’s immediate choice for the job, thanks to his positive experience with the platform at his previous position and employer.

“I helped bring in Binalyze at my previous employer,” he explained.

“That was a very different proposition to TransAm, because I was working with a large team there, versus a much smaller security operation here. But I knew from my experience that AIR was highly effective and would be exactly what I needed to get forensic details at the bat of an eye.”

He added: “Binalyze is basically my default for addressing these kinds of needs. If I were to go anywhere and build a new security stack and defensive layer methodology, I know Binalyze AIR is going to be part of it.”

AIR’s advanced evidence acquisition capabilities enable it to collect over 500 types of artifacts with a high level of speed and accuracy. The platform is highly automated, enabling users to combine evidence acquisition and initial analysis into a single process using AIR’s automated compromise assessment capability, DRONE.

Dane explains: “DRONE is an integrated APT (Advanced Persistent Threat) scanner that allows our team to sift through the hundreds of artifacts, putting my team on target – it’s our magnet in finding the needle in the proverbial forensic artifact haystack”.

Leveraging extensive integration capabilities. Binalyze AIR was seamlessly integrated with existing tools and services, including their endpoint protection and MDR provider. This integration streamlined workflows, automating forensic evidence acquisition and analysis in as little as 15 minutes, provided key information and prioritized insights without any manual intervention to speed the start of the investigation.

How Binalyze became a security cornerstone


Implementing Binalyze significantly bolstered TransAm’s security infrastructure. The company saw marked improvements in
its investigation and response capabilities, allowing for rapid identification and mitigation of threats. Before Binalyze, the team had no in-house forensics or ability to YARA hunt, relying on EDR logs, findings provided by their MDR provider and manual virus scanning.

Dane commented: “One of our big priorities was to incorporate standardized forensics as part of our security operations, and this is really what Binalyze does best. It’s very reliable and means we always have that insurance of being able to answer the questions of ‘Who, What, When, Where, Why, and How’ when it comes to an investigation. I’ve called it ‘forensics for the common man’ – it’s very easy for analysts to access and understand the data.”

Binalyze enabled TransAm to quickly conduct thorough forensic investigations, providing detailed insights into security incidents. This capability was crucial in understanding the nature and scope of threats, leading to more effective responses.

Binalyze’s forensic approach, along with its speed and reach, were some of the most beneficial factors for TransAm.

Dane explains: “The ability to pull forensics data on a dime is very useful, but the fact it can even pull over the internet is huge. Right when I implemented Binalyze at my previous company, we had the beginning of COVID. And so of course, we didn’t have a way of forensically pulling data from people’s houses without physically traveling to every location while they were working remotely. This way we also save on huge delays due to shipping and receiving equipment needing a forensic investigation.

But with AIR, we implemented it through the internet and our private network, so as long as the agent has internet connectivity, we can pull forensic data immediately. It was a huge innovation at the time and it’s still extremely useful now.”

The deployment of Binalyze streamlined TransAm’s security operations, including reduced mean time to verify threats, by providing the informed decision support that allowed the team
to get systems back into operational production sooner and with confidence. It also granted the internal team a much greater sense of visibility and control, enabling them to easily verify and follow up on reports coming in from outsourced services like the SOC. As a result, TransAm maintained high oversight while freeing up internal resources for strategic initiatives.

“While I can’t guarantee a breach will never occur, my goal is to ensure that any compromised data is of minimal significance—a security stance many companies currently lack. Forensics visibility plays a crucial role in achieving this.”

– Dane Zielinski,
Information Security Manager

Conclusion


By leveraging Binalyze, TransAm has significantly improved its security posture, achieving faster response times and integrating forensic visibility in their security operation. Binalyze has become an integral part of TransAm’s security strategy, demonstrating its value in helping the company evaluate threats and make informed, complete decisions. Looking ahead, AIR will continue to be a mainstay of TransAm’s security capabilities and Dane is excited to see the platform continue to develop and add new features.

Reduce Your Incident Response Time

Reduce Your Incident Response Time