New Message Center Improves Response Time by Reducing Friction in MDR Collaboration

CrowdStrike has long emphasized the importance of identifying, triaging and remediating threats in line with our 1-10-60 framework. This framework is designed to provide a benchmark for security teams to aim for in responding to security alerts. It’s based on the notion that today’s adversaries can often get a foothold and move laterally within the first few hours of an intrusion.

If today’s defenders hope to stay ahead of these nimble intruders, they must be ready to act fast. They must be capable of detecting a threat within the first minute of intrusion, investigate and understand the threat within the first 10 minutes, and contain and eradicate the threat within 60 minutes.

The CrowdStrike Falcon Complete™ managed detection and response (MDR) team strives daily to achieve 1-10-60. In the recent CrowdStrike Services Cyber Front Lines Report, we reported an average aggregate response time of 36 minutes, including full surgical remediation. 

This is a fantastic achievement — but we’re not standing still. We’re continuing to whittle down that average. In a proactive effort to stay ahead of our adversaries, the Falcon Complete team conducts ongoing retrospective analysis of stages that stall the response process, and we found something surprising: The No. 1 addressable source of delay in response time involved communication and collaboration with our customers.

This week, we are proud to introduce the new CrowdStrike Message Center. Message Center enables frictionless, transparent, and secure communication between CrowdStrike managed services analysts and customers, delivering real-time insights and collaboration when and where they do the most good.

The core of Message Center is a new secure communication hub within the Falcon console that allows CrowdStrike analysts and customers to share information. Message Center allows CrowdStrike analysts to deliver real-time updates to customers about in-progress attacks and related activity, so customers are always properly informed about intrusion activity and about any actions they need to take to mitigate impact. Communications are bidirectional, allowing CrowdStrike and customer analysts to freely reach out and collaborate within the Falcon console. Having all relevant comms and action items in a central location, enriched with context from the underlying detections, reduces time to understand and recover from intrusions.

Starting a new conversation with the Falcon Complete team is simple. New messages offer pre-populated lists of detections and incidents to expedite linking customer questions to the data. If you have a support issue or just a general question for the Falcon Complete team, Message Center facilitates that, too. Because questions may not always arise from Falcon data, Message Center also supports the secure transmission of attachments such as screenshots and spreadsheets of data.

(Click to enlarge)

Our customers’ workflows are important, and because customer analysts have full access to the underlying detections, incidents and data, they can now reach out directly from those parts of the console. Does an existing detection or incident need more clarification? Do you want to further tune your environment based on new data? Whatever your needs may be, Message Center lets customers pivot directly to our Falcon Complete experts without changing context.

(Click to enlarge)

Saying these new features enhance collaboration is one thing, showing it is another. The Falcon Complete Cybersecurity Dashboard now captures all of the metrics associated with the Falcon Complete service and is updated daily. Some metrics focus on how the team is doing, showing median time to triage, median time to remediate and the number of escalations sent to customers. Other metrics break down what the Falcon Complete team has observed in customer environments to better direct customers on how to improve their overall security posture.

(Click to enlarge)

The new CrowdStrike Message Center and its associated dashboards establish a new medium for CrowdStrike to communicate with customers and continue to improve time-to-respond.  Messages are secure, customers are close to the data, and metrics are summarized to keep everyone accountable and synchronized. These elements are foundational to shaving minutes off of response time, staying ahead of our adversaries and continuing to keep our customers safe from cybercriminals and other adversaries.

Additional Resources

Related Content