You’ve Been Breached — Now What?

How to Respond to a Worst-Case Scenario

Finding out your organization has been breached can be devastating news — knowing how to deal with an intruder that’s broken through your cyber defenses can be even more challenging.

This white paper, ”You’ve Been Breached — Now What? How to Respond to a Worst-Case Scenario, ”offers practical steps IT and security professionals should take after a cyberattack occurs. You’ll receive guidance for both short-term and long-term strategies to help minimize damage, protect sensitive assets and preserve forensic evidence that can help during the investigation and remediation process. This paper also includes recommendations for strengthening your organization’s defenses against a future breach. They are based on decades of experience from CrowdStrike® incident responders who work on the front lines fighting cyberthreat actors every day.

Download this White Paper to learn:

  • How to collect and preserve data after a breach so that critical forensic information can be retrieved
  • What sort of internal communication and coordination plan should be in place to ensure key players are informed
  • Tips for engaging outside services, scoping and investigating the incident and remediation steps after an attack has occurred
  • Guidance on long-term planning that includes proactive measures to stop the next breach under the pillars of govern, secure and operate


  • OS icon
  • deployment icon
  • installation icon

For technical information on installation, policy configuration and more, please visit the CrowdStrike Tech Center.

Visit the Tech Center