Introduction

As an experienced IT consultant based in Hong Kong, I’ve witnessed the increasing frequency of cybersecurity incidents that businesses of all sizes are grappling with. Large corporations often have the resources to hire cybersecurity consultants for investigations, but small and medium-sized enterprises (SMEs) often find themselves in a bind. However, the newly launched eDetector by Jianzhen Digital might just be the solution they need.

The Rising Cybersecurity Threats

According to media surveys, about 23.4% of businesses in Taiwan experienced more than 50 cybersecurity incidents in 2023. This implies that nearly one-fourth of companies face issues every week. The most challenging aspect is not just resolving the problem, but identifying its origin.

The Hacker’s Advantage

With the advent of artificial intelligence tools, malicious hackers can infiltrate businesses more swiftly and effortlessly, significantly reducing their digital footprints. When businesses receive a ransom letter from hackers, the first question that arises is, “Is it guaranteed to be safe after paying the ransom?” Most SMEs, due to budget constraints, cannot afford to hire a cybersecurity investigation team, let alone have dedicated cybersecurity personnel. They often remain clueless about the methods of hacker invasion, the number of hosts penetrated, and the backdoors left.

The eDetector Solution

“Since its launch in 2017, eDetector has been continuously updated. Currently, in response to the trend of AI and cloud SAAS, we have rewritten the core module to become a flexible expansion architecture that can meet the needs of large enterprises and SMEs,” says Huang Jingbo, CEO of Jianzhen Digital. As SMEs cannot afford the high cost of expert cybersecurity services, they designed the new version of eDetector that allows businesses to purchase and download the forensic agent themselves after an incident occurs, quickly completing the basic cybersecurity investigation report.

The Efficiency of eDetector

Jianzhen Digital, with over a decade of cybersecurity forensic experience, claims that the new version of eDetector’s agent can complete evidence collection, analysis, and automatically generate cybersecurity incident reports within 2 days after installation. For experienced cybersecurity personnel, they can customize Indicators of Compromise (IOC) and keywords to help produce more comprehensive reports.

The Speed of eDetector

Interestingly, Jianzhen Digital uses a newly developed data structure mode. When dealing with hundreds of hosts and issuing multiple search keywords simultaneously, their analysis and evidence collection speed can reach 60 times that of traditional evidence collection methods. eDetector can perform memory analysis, connection analysis, trace forensics, and connect to the world’s largest malicious database, VirusTotal, to compare all high-risk targets.

The Cost of eDetector

The most critical issue is still the cost. It is understood that if a cybersecurity company is commissioned to conduct a special investigation, the single cost falls around 1 million New Taiwan dollars. If you seek the assistance of more powerful teams from Microsoft or Google, the cost may start from 2 to 3 million New Taiwan dollars. Jianzhen Digital’s eDetector has not yet announced their pricing for the SME version of Agent, but according to internal news, the single charge may be less than 100,000 New Taiwan dollars.

Conclusion

This is great news for SMEs. Since Taiwan began to strengthen the investigation and control of cybersecurity incidents in 2023, coupled with the amendment of the Personal Information Protection Act, businesses must report to the Executive Yuan within 10 days if a cybersecurity incident occurs. However, most businesses cannot conduct their own investigation and analysis, let alone submit a report with data analysis.

However, cybersecurity forensics is a fairly complex professional knowledge. Whether such seemingly simple tools can play a practical role still requires more empirical case tests. In addition, eDetector is a post-event forensics tool, and the data it can analyze is still limited. If businesses want more complete protection, they will need to carry out pre-event Endpoint Detection and Response (EDR) and other protective work to better combat hacker invasions.