Back to Resources

CYGNVS: When do I use it?
By Alex Waintraub, DFIR Expert Evangelist
July 5, 2023
CYGNVS: When do I use it?

While many organizations know the CYGNVS platform can be used in ransomware incident response, its value extends far beyond that. CYGNVS serves as a secure guided crisis response platform for diverse incident scenarios, including data breaches and improper access incidents. With its comprehensive incident management, streamlined communication, robust security features, centralized documentation, and proactive planning capabilities, CYGNVS empowers organizations to respond effectively and mitigate damages across various incident types.


CYGNVS is your plan and your team in your pocket.


  1. Executive tabletop exercise: One CISO we spoke with told us a time when, after a recent executive tabletop exercise, the CEO of the company told the CISO that while he didn’t mind doing tabletops, and found them interesting, he was pretty sure he wouldn’t remember how to actually respond during a real crisis. CYGNVS offers your executives to follow along during your response and offers role-based guidance on what to do – and what not to do.
  2. Purple team/ Red team: During purple/red team exercises, SOC and IR teams can use CYGNVS’ secure war room capability to confidentially communicate, collaborate, and document incident activities with internal and external teams without alerting the purple/red team of the ongoing investigation. The platform offers granular access controls and restricted workstreams, allowing only authorized participants to have visibility into specific investigation workstreams. CYGNVS’ stress on security controls and confidentiality ensures the incident findings, reporting, and discussions remain protected and accessible only to the designated participants, while also being able to invite the red team/purple team into a war room workstream to validate their work without giving them full access into the investigation activity. CYGNVS’ stress on security controls and confidentiality ensures the incident findings, reporting, and discussions remain protected and accessible only to the designated participants, enhancing the overall effectiveness of the purple/red team exercise.
  3. Insider Threat: Insider threats pose unique challenges as they involve internal actors with authorized access to sensitive internal knowledge external threats might not be aware of. CYGNVS enables organizations to respond to and mitigate the risk of compromising the investigation by leveraging CYGNVS’ robust security features, including end-to-end encryption, granular user access controls, and strictly enforced MFA mechanism. These security features ensure that incident-related information remains confidential and protected from unauthorized access safely and confidentially.
  4. Active Directory compromised or unavailable: When AD is down or unavailable, CYGNVS becomes even more evident as a valuable resource. CYGNVS will serve as the centralized platform for the incident communication, allowing the incident response team to share updates and collaborate seamlessly with stakeholders and external teams. CYGNVS offers a robust incident management capability that isn’t reliant on AD. All your IR plans, sensitive documents/critical asset lists would be stored in the platform and available when your network is down.
  5. SSO / Federation unavailable: With CYGNVS, all incident-related information is centralized within the platform, independent of external authentication systems. This means that even without SSO or federation, incident workflows, sensitive data, relevant documentation, evidence, and updates are readily accessible within CYGNVS. During legal proceedings, having all relevant incident information stored and easily retrievable within the platform simplifies the documentation process and strengthens the organization's case. Similarly, in regulatory audits, the comprehensive incident-related data stored within CYGNVS enables organizations to demonstrate compliance and provide accurate information to auditors.
  6. Proactive Incident Response Planning: CYGNVS offers proactive incident response planning capabilities and can conduct simulations to replicate various incident scenarios in a controlled environment, which enables your organization to prepare in advance for potential incidents. CYGNVS empowers organizations to take a proactive approach to incident response planning. By utilizing simulations, tabletop exercises, and incident playbooks, organizations can strengthen their readiness, improve their response capabilities, and effectively address security challenges before they occur.
  7. Access to Incident Data: During a cyber incident, legal teams need access to incident data to make informed decisions regarding regulatory compliance, risk management, and legal action. The CYGNVS platform provides a centralized location for all incident data, including forensic data, network logs, and system logs, enabling legal teams to access and analyze the data they need to make informed decisions.
  8. Regulatory or Customer Reporting: CYGNVS enables legal teams to generate comprehensive compliance reports that include incident timelines, risk assessments, and other critical data points. These reports serve as documented evidence of the organization's adherence to legal and regulatory requirements. By leveraging CYGNVS, legal teams can easily compile and present the necessary information to regulatory bodies, auditors, or customers, demonstrating the organization's commitment to compliance.
  9. Any SEV-3 or higher: CYGNVS plays a crucial role in facilitating seamless communication and collaboration between legal counsel and other incident response team members, including DFIR and SOC analysts. During high-severity incidents, it is essential for legal teams to have access to accurate and timely information to provide informed legal advice to advise on strategic decisions. CYGNVS serves as a centralized hub where incident-related information, updates, and analysis can be shared among teams, ensuring legal counsel can collaborate effectively with the technical teams, gaining insights into the incident's technical details, impact, and potential legal ramifications.
  10. Documentation and Evidence Preservation for Legal and Insurance: It is crucial for legal teams to thoroughly document all incident-related activities and preserve relevant evidence. CYGNVS serves as a centralized platform where all incident data, including the detailed incident report/s can be stored and accessed.

CYGNVS is your incident response plan and your team in your pocket. Use CYGNVS anytime you’d use your incident response plan.