Workshop Wednesdays

Workshop Wednesday provides direct access to the CrowdStrike Falcon Platform. Multiple workshops introduce different aspects of the platform in 45 - 60 minutes sessions.

Introduction to CrowdStrike Falcon

  • In this 50 minute introductory workshop participants are introduced to the Falcon Platform through an attack scenario.
  • Participants uncover clues and navigate the console while highlighting the features included in Falcon X, Falcon Prevent, and Falcon Insight.

Real Time Response

  • Participants of the real time response workshop are introduced to the Falcon Console through an active detection.
  • The goal is to work through the scenarios and effectively stop a breach.
  • After inspecting the active detection participants will open an RTR console and move from basic tasks in RTR to more advanced capabilities such as running scripts.

Threat Hunting

  • Participants are introduced to some basic principles of threat hunting.
  • Participants are shown the value of using a visual search for indicators of compromise vs standard IOC sweeps and the importance of integrating those search results with CrowdStrike Intelligence.

Exposing Imminent Cyber Attacks With Falcon X Recon

  • In this workshop, participants are challenged to investigate threat actors that advertise malicious tools and services in criminal forums on the dark web.
  • In these scenarios, you will perform an investigation into a ransomware-as-a-service provider, hunt a cybercriminal across the hidden areas of the internet, and learn how to monitor the criminal underground.

Cloud Security Posture Management With Falcon Horizon

  • This workshop will focus on Falcon Horizon, CrowdStrike’s Cloud Security Posture Management solution.
  • With live access to the user interface, participants will experience how the various cloud service policies and assessments can be leveraged to identify misconfigurations, suspect behaviors and indicators of attack across multi-cloud deployments.

Threat Hunt With CrowdStrike’s Overwatch Team

  • During this hands-on session, you will be in the shoes of an OverWatch analyst working to construct queries and hunt malicious behavior.
  • After hunting in the provided lab, the OverWatch team will then discuss these real world scenarios, what tipped them off, what the adversary was trying to accomplish and the actions taken to protect the organization in the future.

Securing Cloud Workloads With CrowdStrike

  • This workshop will take a closer look at how CrowdStrike detects and prevents malicious activities in cloud environments.
  • Participants will launch attacks against vulnerable containers as an adversary before switching roles to defend against the threat as a security analyst.
  • The Falcon user interface will be accessed to identify the threat and experience the level of detail available with CrowdStrike.

Stopping Modern Attacks With Falcon Identity Protection

  • The adversary has evolved. 80% of modern attacks are identity-driven leveraging stolen credentials, and these breaches are incredibly hard to detect, allowing adversaries to lurk around undetected in your environment, moving laterally across systems.
  • Existing EDR-only solutions haven’t kept up with this identity security challenge.
  • This hands-on workshop will illustrate how alcon Identity Protection, fully integrated with the Falcon Platform, can offer real-time protection against identity attacks.

Accelerate Investigations with Threat Intelligence

  • You may think you have a ransomware, identity or cloud security problem, but what you really have is an adversary problem. There is a human being behind these attacks with motivation and intent.
  • The more you know about how they attack and why, the better you can proactively defend your organization.
  • Basic principles of threat intelligence will be introduced such as adversary profiling, malware sandboxing, intelligence led threat hunting, and the value of CrowdStrike finished intelligence reports.