INCIDENT RESPONSE NEW APPROACH vs OLD APPROACH Quickly determine the scope of an attack, immediately start remediation, and resume business operations faster Don’t leave the door open for additional data loss by spending months of time conducting forensics and analysis. CrowdStrike’s approach leverages endpoint technology and threat intelligence to pinpoint the cause and source of an attack quickly, significantly decreasing time to remediation. GET BACK TO BUSINESS FASTER Begin remediation planning on day one – don’t wait for equipment to get to work GAIN COMPLETE VISIBILITY Quickly gain visibility into the full incident, lock down credentials, and limit access LEVERAGE THREAT INTELLIGENCE Understand who is on your network to better inform your security efforts WHY CROWDSTRIKE SERVICES? Considering Mandiant? CrowdStrike’s next-generation IR approach, coupled with leading endpoint technology, and integrated threat intelligence provides better protection and faster remediation. Four Reasons to Choose CrowdStrike Over Mandiant Lower Total Risk for the Customer We resolve incidents more quickly, lowering cost significantly: half the time, half the cost, and half the risk. We work with our clients rather than telling them how they must interact with us: we work as part of your team, and you won’t need to re-architect your technology investments or processes to work with us. Our technology decreases the time and cost of remediation: this enables us to dramatically reduce the amount of time spent in forensic analysis. We are technology-agnostic: we can leverage your current security investments to attain our goals -- identify the adversary, eject him and deny him re-entry. We focus on all phases of an incident: past, present and future. The Falcon Breach Prevention Platform Was Built from the Ground Up to Stop Breaches We did not adapt old, pre-existing technology We do not just offer a detection system: prevention was included from the beginning. We did not build a point solution: the entire Falcon Breach Prevention Platform was built around detecting and stopping the adversary. Incident response is more than blocking an attacker’s access and assessing the damage: you want to ensure adversaries can’t get back in. Our team identifies attackers and ejects them. Falcon Host, our cloud-based endpoint security solution, detects and alerts you when attackers try to regain entry. Expert Knowledge from Decades of Experience Many of our team members defined the incident response market and are among the most respected experts in the industry today. Our experienced team comes from “Big Four” consulting, commercial, security, government and defense sectors. Collectively, our team has worked hundreds of incident response cases -- including many of the world’s largest and most difficult security incidents. Threat Intelligence Powers Everything We Do To identify and attribute attacks, you must understand adversary motivations and patterns of attack: Our Falcon Intelligence team provides the most current, relevant threat actor profiles, methods and patterns of attack. Our intelligence analysts experience comes from tracking 70+ threat actors on a global scale. Empowered by our comprehensive threat intelligence, CrowdStrike Services know what attack patterns to look for during any forensics investigation -- along with what the adversary’s objectives are, and what they’re likely to do next.