Today, the CrowdStrike Services team is unveiling its first-ever Cyber Intrusion Casebook. In this report, we highlight findings from hundreds of incident response and proactive services investigations and engagements we’ve conducted, and provide correlation of these findings with industry trends.
It’s important for us to share our reasons for creating this Casebook. At CrowdStrike, we are passionate about building our client’s capabilities to detect and respond to targeted attacks. The CrowdStrike Services team strives to improve every client’s security capabilities and processes, mature their team’s ability to detect and respond to breaches, and to ultimately provide them with the solutions and expertise to protect themselves against targeted attacks. We do this by delivering both proactive and reactive work in a collaborative and engaging manner; working side-by-side with client teams to improve defenses of organizations worldwide.
In the past few years, there have been a number of great industry reports written and statistics shared on data breaches and investigations. Many of them focus on investigative findings and detection trends. There has been less focus, however, on what is arguably the most transformative component of an IR engagement – the successful remediation and the maturation of an organization’s ability to detect and respond to attacks moving forward.
We felt it was time for a report that focused on what happened as an outcome of an investigation – i.e. how did the attacker respond to remediation actions, and what distinguishes successful organizations from those that were less successful?
In particular, we provide context and detail on the following:
- The average time for attackers to conduct reinfection attempts after an organization completes initial remediation
- The percentage of organizations impacted by more than one attack group at a time
- The percentage of organizations who are detecting attacks internally versus those that are being notified by third parties
- The factors that influence effective and efficient investigation and remediation
- Why some organizations remediate successfully and efficiently, and why others struggle
We believe you will learn from the real-life examples and our expert insights how to improve your security posture and reduce risk within your organization, and I strongly encourage you to download the report here: https://www.crowdstrike.com/crowdstrike-cyber-intrusion-services-casebook/