Our website uses cookies to enhance your browsing experience.


CrowdStrike Services FAQ

Learn more about our incident response and digital forensics team and our methodology and expertise

How do I engage the CrowdStrike Services team?

CrowdStrike® Services can be reached either by phone or email. For urgent incident response please call 1.855.276.9347. For non-urgent requests, please email services@crowdstrike.com.

If I contact your team, how quickly should I expect to hear back?

The services staff is ready to assist you immediately if you call regarding an urgent matter — for instance, if you think your organization has experienced a breach. If necessary, leave a message and a services team member will call you back as soon as possible. For non-urgent matters, please allow one business day.

What is the skillset and background of the typical CrowdStrike Services consultant?

CrowdStrike Services consultants have an average of more than 10 years in preparing for and responding to targeted threats, working on many of the biggest breaches around the world.  Many team members come from a background steeped in cybersecurity from government or law enforcement agencies, the military, Fortune 500 companies and other high-profile cybersecurity consulting firms. CrowdStrike consultants have earned the advanced credentials and certifications expected of experienced security practitioners including:

  • GIAC: Global Information Assurance Certifications, such as Certified Forensics Analyst, Reverse Engineering Malware, Certified Incident Handler, Certified Forensic Analyst and Certified Forensic Examiner
  • CEH: Certified Evidence Handler
  • CISSP: Certified Information Systems Security Professional
  • CISA: Certified Information Systems Auditor

How can I be confident in CrowdStrike's forensics process?

CrowdStrike’s experience stands on its own. We have assisted thousands of organizations with their forensics and incident response requirements over the last several years. Companies across the Fortune 500 trust their environments to our forensics process and come out on the other side better off because of it.

Additionally, CrowdStrike has achieved several forensics certifications and accreditations that can only be obtained by passing stringent standards. These certifications include:

  • PFI: PCI Forensics Investigators:
    • PCI Forensic Investigators are certified by the PCI Standards Council to help organizations determine when and how a cardholder data compromise may have occurred. The CrowdStrike Services team can perform investigations within the financial industry using proven forensic methodologies and tools. CrowdStrike also maintains relationships with law enforcement to support stakeholders should a criminal investigation be required.
    • CrowdStrike was formerly PFI-certified by the PCI Security Standards Council, but made a decision in 2018 to forgo this certification based on business objectives.
    • This accreditation from the National Security Agency (NSA) signifies that CrowdStrike has been evaluated and certified in critical focus areas derived from industry and government best practices for cybersecurity investigation.
    • CrowdStrike is one of only 20 organizations accredited by the NSA for National Security Cyber Assistance Program (NSCAP), Cyber Incident Response Assistance (CIRA).

What does CrowdStrike's technology stack consist of?

CrowdStrike uses the award-winning CrowdStrike Falcon® platform for endpoint and network visibility, including Falcon Intelligence™ to automatically incorporate the latest cyber threat intelligence. This breach prevention platform is cloud-based, so it’s always on, always available and up-to-date. CrowdStrike can also leverage tools clients have already invested in, such as network IDS/IPS and other host-based visibility solutions, SIEMs, and forensic and system administration tools. The team also uses the Falcon Forensics Collector to harvest artifacts and metadata for complete rear-view assessments of past activity across endpoints.

Do you offer incident response retainers?

Yes, certain retainers can be used for both proactive and reactive services. CrowdStrike offers IR retainers with varying SLAs. A CrowdStrike sales representative can help you determine the retainer that is best suited for your organization’s needs.

Do you conduct your services on-site, remotely or a combination of the two?

The location for a CrowdStrike investigation is usually determined by client preference.  Because the CrowdStrike team leverages the cloud-based Falcon platform, which can be deployed remotely, the investigation and remediation work can begin on Day One of any engagement.

While conducting work remotely reduces travel costs, the Crowdstrike team can collaborate on-site with client teams during incident response cases. Proactive work such as the cybersecurity maturity assessments and tabletop exercises also lend themselves to an on-site presence that enables direct collaboration with your staff and management teams.

How does CrowdStrike Services use cyber threat intelligence?

The team leverages CrowdStrike Falcon Intelligence combined with publicly available open source information to inform all service offerings. Using the latest threat intelligence helps CrowdStrike attribute attacks to specific threat actors within an incident response engagement. This provides clients with a better understanding of who may be targeting them, and why. During proactive engagements and exercises, cyber threat intelligence is used to identify which adversaries and attack methods are most likely to target your industry and organization, helping you prioritize security controls and better prepare to stop the next attack.

Does CrowdStrike provide other blue team services such as security program assessments, response readiness assessments, and tabletop exercise development?

Yes, CrowdStrike specializes in both reactive incident response and proactive defender activities, and your retainer may be used for either. CrowdStrike Proactive Services include cybersecurity maturity assessment, compromise assessmentincident response policies and playbooks, red team assessments and blue team training, tabletop exercises, staff training, and more.

Does CrowdStrike provide red team services?

Yes, CrowdStrike Red Team members come from the intelligence community as well as firms performing commercial penetration services. They provide a full suite of services and incident simulations to test your organization’s ability to defend against and respond to targeted attacks. They will help uncover the unseen gaps in your security posture that can allow an adversary to compromise your data, diminish your brand and impact your bottom line.

Do you offer ongoing managed services?

Yes, CrowdStrike offers a proactive threat hunting service, Falcon OverWatch, and also offers managed services through managed services partners.


Try CrowdStrike Free for 15 Days Get Started with A Free Trial