Tag: Cyber Incident Response

Binalyze Launches Magellan to Bring Investigative e-Discovery to the SOC

New capability enables security teams to proactively search file contents across endpoints, whilst also enabling faster, more accurate investigation and response

London, UK – March 26th, 2026 : Binalyze, the cybersecurity company delivering AIR, Automated Investigation and Response, today announced the launch of Magellan, a new capability that brings ‘e-discovery’ of file contents directly into the Security Operations Center (SOC) to help close the ‘content blind spot’ for organizations.

Despite years of investment in detection technologies such as EDR, XDR, and SIEM, most SOCs investigate incidents without direct visibility into file contents. This reliance on metadata such as filenames, hashes, and access logs blinds investigators to crucial context such as what actual data was involved; how it was misused; and what the potential consequences are.

Magellan introduces investigative e-discovery capabilities at the endpoint, allowing teams to go beyond detecting suspicious activity to determine the true potential impact of an incident without affecting the speed of an investigation. In contrast to legacy e-discovery solutions, Magellan removes the need to centrally index and create copies of data that already exists. This enables security teams to search and examine the contents of files across endpoints and hybrid environments in real-time. This results in a clear understanding of what’s in a file, where it’s stored, who has access, and whether it’s being used appropriately.

Embedded within the Binalyze AIR platform, Magellan enables distributed full-text search directly on the device where the data resides. By removing the need to export files or wait for centralized indexing, security teams can quickly examine file contents across large environments, giving a full picture of the extent of a breach and what data is at risk. Moreover, it also helps security teams to proactively spot issues before breaches occur, especially when confidential files are being accessed by users whom wouldn’t usually have authorization to access them.

“When triaging and responding to a potential incident, context is everything,” said Emre Tinaztepe, Founder and CEO of Binalyze. “Detection tools are excellent at telling teams that something suspicious happened. What they rarely show is what data was actually involved. By bringing e-discovery-like capabilities directly into the investigation workflow, Magellan allows analysts to search inside files and quickly understand what information may have been exposed or misused.”

Closing the Visibility Gap in Cyber Investigations

Magellan addresses a broader shift in cybersecurity priorities. As attacks become more complex and regulatory expectations increase, organizations need deeper investigative capabilities to understand exactly what happened during an incident.

Yet these organizations also have to deal with rapidly growing data volumes across their endpoints – from both cloud services, and remote environments – alongside rising insider threats and accidental data exposure. Security teams can easily study indirect indicators such as metadata or access logs, but deeper inspection requires involvement from forensic specialists, IT teams, or legal workflows. These delays can extend investigations and increase uncertainty around the scope of an incident.

Magellan gives security teams the capability to search across their entire infrastructure; investigate insider threats and data exposure directly at the source; and provide evidence-based answers to key stakeholders and regulators.

“Security teams do not need more alerts and new dashboards telling them they ‘might’ have something they need to deal with,” continued Tinaztepe. “What they need is clarity about what data is involved. By bringing e-discovery directly into the investigation process, Magellan gives analysts the confidence to answer even the most granular and complex questions about data. Most importantly, by seeing the content behind the signals, investigators can address the critical fact of any incident: what actually happened?”

Availability

Magellan is available immediately as a new module within the Binalyze AIR platform.

 

Binalyze bolsters leadership team as company advances global growth and innovation in cyber investigations

London, UK – December 10th, 2025 – Binalyze, the cybersecurity company delivering AIR – Automated Investigation and Response, has announced three strategic leadership appointments to drive its next phase of global growth. Brian D. Owen has been named Chairman of the Board, Jonathan Rees joins as Chief Operating Officer, and Jim Hansen, a founding executive of Mandiant, joins the Board of Directors.

These appointments reflect growing global demand for solutions that help security teams go beyond alerts – delivering the visibility and context needed to act faster and with greater certainty. Binalyze AIR connects with existing security tooling to automate evidence collection and deliver rich, investigation-ready context across endpoints, cloud, and hybrid environments enabling teams to respond decisively to both proactive and reactive threats.

Brian Owen brings more than three decades of experience leading and scaling enterprise SaaS and infrastructure companies. A seven-time CEO and advisor to over two dozen technology firms, he has guided 17 successful exits and driven significant investor returns, including a 300% IRR for Greylock’s MapInfo IPO and a tenfold return for Viola following the sale of Decalog to SunGard.

“Binalyze is solving one of the biggest gaps in cybersecurity – helping teams close the space between detection and understanding,” said Owen. “AIR delivers context where other tools stop. That shift from guesswork to evidence-driven action is game-changing.”

Joining as Chief Operating Officer, Jonathan Rees brings extensive international experience in scaling high-growth technology businesses. Having led operations, go-to-market execution, and organizational transformation, most recently at Nuix, Rees will oversee Binalyze’s global business operations and execute the company’s next phase of commercial expansion.

“Security teams are overwhelmed by alerts but lack the context to act confidently,” said Rees. “Binalyze flips that dynamic by giving analysts what they really need – speed, clarity, and control. That’s why demand is accelerating, and why we’re scaling to meet it.”

Binalyze also welcomes Jim Hansen to its Board of Directors. Hansen, one of the founding executives of Mandiant (acquired by FireEye, Inc.), is widely regarded as one of the pioneers of modern incident response. As Mandiant’s Chief Operating Officer, he helped define the company’s strategy and build its renowned sales and services organization, driving an average of 90% annual revenue growth over four years. Under his leadership, Mandiant became a trusted name in digital forensics and cyber incident management.

With more than two decades in information security, Hansen’s career spans executive roles at Trident Data Systems, Veritect, Foundstone, and Oakley Networks – all later acquired by leading defence and cybersecurity firms. Before entering the private sector, he served as Deputy Director of Computer Crime Investigations for the U.S. Air Force Office of Special Investigations, overseeing global investigations into Department of Defense network intrusions.

“I’ve seen how critical visibility and speed are in cyber investigations,” said Hansen. “Binalyze delivers both – but in a way that scales with today’s hybrid, cloud-driven environments. This is the kind of innovation that resets the standard.”

For Emre Tinaztepe, Binalyze’s Founder and CEO, the appointments represent both an acceleration of the company’s growth and a deepening of its leadership in the emerging category of Cloud Investigation and Response Automation.

“This is about more than growth – it’s about focus, execution, and helping our customers solve a critical challenge: turning detection into decisive action,” said Tinaztepe. “With Brian, Jonathan, and Jim, we’re ready to scale AIR globally and lead this category.”

Recognized by Gartner in the CIRA category, Binalyze AIR is trusted by enterprises, MSSPs, and incident response teams worldwide. By integrating with existing security tooling, AIR automates the evidence collection process and delivers rich, contextual insight – helping analysts cut investigation times from hours to minutes, and act with precision and confidence.

About Binalyze

Lack of Clarity in Cyber Investigations Costs U.S. Enterprises $48.1 Billion

New report from Binalyze reveals $114K-per-hour cost of delayed cyberattack response

London, November 18, 2025: Binalyze, a leader in automated investigation and response, today released a new report that examines enterprises’ approach to cyber incident response. The research reveals that a lack of clarity in cybersecurity investigations costs organizations on average $1.1 million over the last five years – or $48.1 billion across the U.S.A. In addition, every hour of delay in responding to a cyber incident costs on average $114,000.

With 84% of CISOs saying a successful cyberattack is now inevitable, organizations must establish effective and rapid response protocols to stop attackers in their tracks, minimize financial losses, and protect against reputational damage. Yet 79% of organizations favor cyberattack prevention over response, with budgets averaging a 2:1 ratio towards prevention ($3.02 million to $1.54 million).

Binalyze’s report, The State of Cybersecurity Investigations 2025: How Cyber Scene Investigators Can Turn the Tide Against Attackers’ Sense of Impunity, surveyed 200 US CISOs. The report exposes major cracks in enterprise crisis management, showing how repeated missteps responding to cyberattacks are worsening both financial and reputational damage. Key findings show:

  • A clarity gap blocking simple answers: At most 50% of CISOs can answer the most basic cyberattack questions, such as: Does the attacker still have access? How did they get in? Was data stolen? And if so, what? Being able to answer these questions with confidence should be every organization’s priority.
  • Repeating mistakes of the past: 65% of CISOs admit their organizations haven’t always learned the right lessons following cyberattacks. In fact, 75% say once a cyberattack has happened, there’s no guarantee that the exact same attack won’t succeed again.
  • The attack aftermath: 70% of organizations say they struggled to remediate or recover from an attack in the past year. Additionally, 61% have been punished by regulators because of a security breach, and 56% denied cyber insurance payouts, due to being unable to demonstrate, through sufficient insight, that the necessary security controls were in place.

“With cyberattacks now inevitable, the real test for organizations is how fast they can respond and recover,” says Lee Sult, Chief Investigator at Binalyze. “The recent Jaguar Land Rover breach, which halted operations for a month and cost an estimated $2.5 billion, highlights the scale of disruption at stake. Rapid cyber response encompassing in-depth Cyber Scene Investigation is essential to identify, isolate, and eliminate threats while keeping regulators and insurers informed. But this relies on visibility, and 75% of CISOs feel they are missing key information every time there is a breach. With clear, actionable insight into IT environments, organizations can locate attackers, contain damage, and regain control before the impact spirals.”

The Need for Speed in Cyber Investigation

Rapid response is critical when cyber breaches or attacks occur. Every minute gives attackers more time to cause damage or hide their tracks, and organizations less time to understand the breach, update stakeholders, and warn the wider community of new threats.

Yet limited visibility across security frameworks continues to hinder effective incident

Revolutionizing Incident Response and Building True Cyber Resilience

Cyber threats are relentless and constantly evolving. Organizations face an increasingly complex threat landscape, compounded by a persistent shortage of cybersecurity talent, overwhelming alert volumes, and pressure to ensure uninterrupted business operations.