CrowdStrike Named a Leader in The Forrester Wave™: Cybersecurity Incident Response Services, Q1 2022

CrowdStrike has been recognized as a Leader in the Forrester Wave™ for Cybersecurity Incident Response Services.

When it comes to incident response (IR), time is of the essence. The longer it takes to detect threat activity, investigate an incident and remediate systems across highly distributed environments, the deeper into the threat lifecycle the adversary gets. And when an adversary gets deep into the threat lifecycle, it’s increasingly difficult to recover from the attack without suffering significant disruption to your operations.

While CrowdStrike is well known for our market-leading CrowdStrike Falcon®® technology platform, we leverage more than technology when it comes to the handling of an incident. The approach we use has been adapted over the past decade so that our incident responders, forensic investigators and recovery specialists have immediate visibility to the full threat context of the active threat with the ever-expanding capabilities of the Falcon platform. Once we gain visibility to the attack, we have a view of the malicious actions that were executed by the threat actor. From here, we can quickly gather and preserve the necessary forensic artifacts needed for a thorough investigation, and recover the systems using the real-time response capabilities of our technology to surgically undo what the threat actor has done.

Forrester’s report evaluates Cybersecurity IR Services providers on 24 different criteria, grouped into three main categories: current offering, strategy and market presence. The report also acknowledges that cybersecurity incident response customers should look for providers such as CrowdStrike that:

Prepare for the Worst and Pave the Way for Cyber Insurability

Forrester highlights that organizations need to prepare for the types of highly targeted ransomware and destructive malware attacks that have become commonplace across the globe today. Just last week, in the midst of Russia’s ongoing attack on Ukraine, President Biden told businesses at the Business Roundtable Quarterly Meeting in Washington, D.C., that it’s “a patriotic obligation that you invest as much as you can in making sure that you have built up your technological capacity to deal with cyber attacks.” Simulating these types of attacks requires deep threat intelligence and a detailed understanding of the tactics, techniques and procedures being used by sophisticated threat actors — we track more than 180 daily. 

CrowdStrike helps clients prepare for these advanced attacks with adversary emulation exercises that can be run as either a Tabletop Exercise for management and technical staff, a covert Red Team Exercise where CrowdStrike experts simulate an attack on your environment with the goal of penetrating your network and exposing gaps in your defenses, or a Red Team/Blue Team Exercise where one team attacks while the other team defends so you can identify improvement areas for your cyber defenses.

Once you understand the gaps in your cybersecurity program, you can fortify your cybersecurity controls to detect and prevent such attacks and reduce your cyber risk. The CrowdStrike Falcon® technology platform is recognized across the cyber insurance industry for its ability to stop breaches, which is why many insurance carriers call on CrowdStrike when their clients fall victim to an attack. 

CrowdStrike is approved on more than 30 cyber insurance panels to deliver products and services to help clients reduce the risk of a cyber breach and stop an active attack. Our endpoint security, cloud workload protection, identity protection and IT security operations solutions help pave the way for customers to reduce their cyber risk and improve their ability to obtain a cyber insurance policy.

Understand the Legal and Regulatory Landscape During an Incident

Many of the incident response engagements involving CrowdStrike are delivered under privilege in concert with the victim organization’s outside legal counsel. Privileged engagements require effective communication with key stakeholders including: law firms, PR agencies, insurance carriers, various state and federal law enforcement agencies, the C-suite, board members, third-party recovery partners, and the customers of the victim organization. 

Having the depth of experience to know what needs to be communicated, to whom and when, especially when operating under privilege, is core to a successful response to an incident. CrowdStrike has the expertise to know how to conduct a defensible forensic investigation, working at the direction of legal counsel to outline the relevant findings of the case, and making recommendations for strategic improvements.

While we understand the intricacies of legal and regulatory matters related to a breach, we are not a replacement for experienced legal counsel. We leverage the partnerships we have with industry-leading law firms specializing in cyber matters, PR/communications firms and other supporting organizations to ensure clients get the expertise they need to navigate the evolving regulatory challenges of a cyber breach.

Provide Support for the Long Tail of Incident Response

CrowdStrike Services specializes in incident response and endpoint recovery services using the power of Falcon and its Real Time Response capabilities. In certain scenarios — typically those where the victim organization did not have Falcon deployed or where it leveraged another toolset that lacked visibility, preventions and robust remediation capabilities — threat actors have been able to make it deep into the threat lifecycle and have encrypted data and compromised systems to such an extent that those systems require full enterprise remediation and rebuilds. We partner with IT recovery specialists that benefit from our forensic investigations to focus their efforts on remediation of a subset of high-priority systems needed to get the business back to normal operations. This is the long tail of incident response that can result from not acting fast enough to contain a threat, eject the adversary and stop the breach before the “big boom” happens. 

Once the threat has been contained, the threat actor ejected from the network, systems recovered, and business returned to a normal state, the conversation turns to “How do we stop this from ever happening again?”

Many organizations turn to a fully managed endpoint detection and response (MDR) solution like CrowdStrike Falcon® Complete™ to stop breaches. Others choose to fortify their cybersecurity controls with the full power of the Falcon platform — which includes modern endpoint security, cloud workload security and identity protection — but manage it themselves. Either way, CrowdStrike is ready to help those customers so they never have to invoke our IR hotline again. 

Working Together to Defeat the Adversaries

We would like to thank Forrester for acknowledging us as a leader in this evaluation. We know that all of the vendors in this Forrester Wave report are committed to defeating the adversaries. We will continue to build our partnerships with our peers, working together and arming as many incident responders as possible with the best technology available — the CrowdStrike Falcon® platform.

One Team, One Fight.

Justin Weissert is vice president of professional services at CrowdStrike.

Additional Resources

Related Content