The IT Nerd

Binalyze today announced the launch of Magellan, a new capability that brings ‘e-discovery’ of file contents directly into the Security Operations Center (SOC) to help close the ‘content blind spot’ for organizations.

Despite years of investment in detection technologies such as EDR, XDR, and SIEM, most SOCs investigate incidents without direct visibility into file contents. This reliance on metadata such as filenames, hashes, and access logs blinds investigators to crucial context such as what actual data was involved; how it was misused; and what the potential consequences are.

Magellan introduces investigative e-discovery capabilities at the endpoint, allowing teams to go beyond detecting suspicious activity to determine the true potential impact of an incident without affecting the speed of an investigation. In contrast to legacy e-discovery solutions, Magellan removes the need to centrally index and create copies of data that already exists. This enables security teams to search and examine the contents of files across endpoints and hybrid environments in real-time. This results in a clear understanding of what’s in a file, where it’s stored, who has access, and whether it’s being used appropriately.

Embedded within the Binalyze AIR platform, Magellan enables distributed full-text search directly on the device where the data resides. By removing the need to export files or wait for centralized indexing, security teams can quickly examine file contents across large environments, giving a full picture of the extent of a breach and what data is at risk. Moreover, it also helps security teams to proactively spot issues before breaches occur, especially when confidential files are being accessed by users whom wouldn’t usually have authorization to access them.

Closing the Visibility Gap in Cyber Investigations

Magellan addresses a broader shift in cybersecurity priorities. As attacks become more complex and regulatory expectations increase, organizations need deeper investigative capabilities to understand exactly what happened during an incident.

Yet these organizations also have to deal with rapidly growing data volumes across their endpoints – from both cloud services, and remote environments – alongside rising insider threats and accidental data exposure. Security teams can easily study indirect indicators such as metadata or access logs, but deeper inspection requires involvement from forensic specialists, IT teams, or legal workflows. These delays can extend investigations and increase uncertainty around the scope of an incident. 

Magellan gives security teams the capability to search across their entire infrastructure; investigate insider threats and data exposure directly at the source; and provide evidence-based answers to key stakeholders and regulators.

Availability

Magellan is available immediately as a new module within the Binalyze AIR platform.

With 2026 around the corner, I’m able to share predictions from Lee Sult, Chief Investigator at Binalyze, who has shared his thoughts on the cybersecurity trends that he thinks will dominate next year.

Security budgets will finally rebalance as leaders accept that attacks are inevitable

“For years, cybersecurity budgets have been heavily skewed towards prevention, with organizations spending on average twice as much on keeping threats out as they do on investigation and response. But recent attacks, like those on Jaguar Land Rover and M&S, have shown the real cost of delayed response and recovery – adding to an estimated $48.1bn in losses for US organizations alone.

“In 2026, we’ll see a major rebalancing in cyber budgeting. With 84% of enterprises saying successful cyberattacks are “inevitable”, they will shift to a 50/50 split in their security spend, opting for more investigation, response and recovery capabilities. When visibility is lost, insight is incomplete and recovery stalls – bringing operations to a grinding halt. The financial and reputational impact of these failings can become more of a disaster than the actual attack.”

Response time will become the defining measure of cyber resilience

“As cyber threats evolve and intensify, especially with the help of AI, organizations, regulators and stakeholders have accepted a hard truth: attacks aren’t just a possibility anymore, they are inevitable. Even organizations with the deepest pockets for cybersecurity find themselves breached. That’s because even the most rigorous controls can’t completely ensure you can keep attackers out. Prevention alone simply isn’t working.

“It’s time we reset the definition of security. Success isn’t “never getting breached” anymore – that ship sailed a long time ago. The real question is: how fast can you detect it, stop the bleeding, and get back on your feet? And can you prove what happened with enough clarity to make regulators and insurers nod instead of dig? Every hour of delay costs $100,000 or more in operational costs – and that’s before legal actions, headlines, or board meetings.

“This is the new standard: resilience over prevention. That’s what your investors care about, what regulators are starting to measure and where security teams are placing their bets.”

Organizations will stop waiting for regulations to drive better behaviour

“In 2026, CISOs will stop waiting for regulation and instead take the lead on security. Regulations move too slowly to keep pace with today’s threat landscape. This year alone we’ve seen CIRCIA delayed and CISA expire, delaying best practice in sharing intelligence.

“By the time rules are updated to meet the status quo, attackers have already forged a new weapon. Recent breaches have shown that following rules and regulations can’t protect organizations from attacks. The ability to investigate incidents, understand what happened and share intelligence is what truly strengthens defense.

“Many organizations will come to the conclusion that compliance is only a starting point and is not going to save them during a major incident. Recognising resilience against attacks depends on internal maturity rather than external rules, they will build their own operational capability for investigation and response.”