ANTICIPATE. IMPROVE. PREPARE.
CrowdStrike’s experience conducting incident response against targeted threats for our clients gives us a real-world perspective on the process. Leveraging our experience, we can guide your organization–both executive and technical participants–through a targeted attack scenario in a tabletop exercise. This immersive experience simulates a targeted attack in a time-compressed fashion, but without the risk and time investment of a of a full red team test.
HOW WE DO IT:
CrowdStrike Services reviews your existing infrastructure documentation and standard operating procedures to find opportunities for improvement. We talk with the existing IT team to uncover any undocumented processes and infrastructure intricacies that might not match today’s best practices.
This effort will reveal much about pre-existing security and incident response processes within your organization. For example, you may send us information about your processes and architecture, your people and tools structure, and any penetration test reports or previous assessments your organization may have conducted.
EXAMPLES OF DATA AND DOCUMENTATION WE MAY REVIEW INCLUDE:
- Customer requirements
- Security operating plans
- Team member resumes
- Firewall rule sets
- Network intrusion detection configuration design and installation
- Active Directory, Open Directory or LDAP architecture and object configuration
CrowdStrike Services conducts this review to understand your organization’s defensive posture.
With this knowledge, we construct an agenda of discussions with your personnel. These discussions take one or two consecutive days. We usually interview about six to eight groups–including members of your security team–over the course of two days on site.
We will seek to understand how your people and tools contribute to your current incident detection and response capabilities, what your technical capabilities are, how those capabilities complement or conflict with others in your organization, and other human and technical factors.
THE TABLETOP EXERCISE
CrowdStrike Services presents an incident scenario in an on-site, one-day tabletop exercise with up to 25 members of your staff. The exercise involves cross-functional members of your IT security staff as well as operations executives, business leaders, public relations, legal and other support personnel.
During the exercise, your attendees discuss how they would detect, respond and react to such an occurrence. This scenario is based on an attacker that our intelligence sources determine would be relevant to your organization. During the roundtable, we will proctor the conversation, but your staff will explore the experience: they make decisions, discover gaps in their knowledge and processes, and learn more about the attackers your organization faces today.
ACTIONABLE GUIDANCE AND DELIVERABLES
CrowdStrike Services provides several deliverables during a tabletop exercise.
- An evaluation of your organization’s strengths and weaknesses versus targeted attack. This information can help prioritize your tactical and strategic security investments.
- Insights into how your organization would detect and respond to a variety of attacks, but without suffering the costs of an actual security breach.
WRITTEN DELIVERABLES INCLUDE:
- A copy of the tabletop scenario deck along with “Adversary 101” material to help educate the audience
- A detailed and prioritized list of key takeaways identified during the scenario by both your organization and the CrowdStrike team
- As requested, a summary report with recommendations on how to improve your processes based on the findings identified during the tabletop exercise
Optionally, CrowdStrike Services can provide an on-site executive briefing by one of our senior executives where we present our recommendations.
LEARN HOW CROWDSTRIKE STOPS BREACHES: