Reports Flashcards
Who are the IR leaders according to Forrester?
Fire eye, crowdstrike, Deloitte, ibm
Who are the strong performers in IR according to Forrester?
Aon cylance secureworks PwC Booz Allen Hamilton Verizon
What are the advantages of Fireye?
Focused on providing road map of proactive services
Offers training as intermediary step between tabletop exercises and purple teaming
Good client references
What are the advantages of Deloitte?
Deep understanding of requirements for successful IR
Let’s you manage high impact events with confidence
Broad spectrum of services (tho references indicate challenges during incident triage and response)
Onsite and ready to begin triage when breach occurs
What is so great about Crowdstrike?
Threat intelligence and response expertise
Combination of TI, endpoint protection and IR that complement each other well are are supported by service offerings
Has partnership with Dragos to provide in house capabilities for responding in ICS environments
Mantra: am I breached? Am i mature? Am I ready?
What are the advantages of IBM?
People products and services it delivers
Combines x-force threat intelligence analysts to its IR teams to ensure full situational awareness
Incident prep services, including IF training and red teaming
What is good about Aon?
Plan for cyber insurance brokerage and the mid market
Oil and gas companies
Works to assess cyber security posture to facilitate negotiation of insurance deductibles and premiums
Good for those who want IR and cyber insurance advocate
What’s good with Verizon?
Forensics labs worldwide + broad range of services
Reviews legal and regulator matters to defend its clients from litigation that follows an incident
Rapid response retainer
Expertise in forensic investigations
What is good with cylance?
Partnerships with law firms and week as insurance brokers/ carriers
IR expertise
Investing ics environments
Not great when it comes to compliance reviews
Why choose Booz Allen?
Broad range of services that covers all points of an investigation
Helps respond to incidents and build prevention/prep capabilities
Strong ICS capability
Why PwC?
Talent management, diversity in the workplace
Strong retainer strategy + proactive service offerings for unused hours
Good about roadmaps for IR preparedness
Why secureworks?
Post-IR reporting
College program that ensure stream of talent
Roadmap for prep services based on customer maturity and need
Key takeaways from Forrester report
Fire eye Deloitte crowdstrike and IBM lead the pack
Cyber ranges and actionable deliverables are key differentiators - vendors that can provide cyber ranges and actionable deliverables position themselves to deliver strong incident prep and IR
What are the 5 SOC models?
Virtual, multifunction, hybrid, dedicated, command
What are the attributes and benefits for a virtual SOC?
No dedicated facility
Part time and geographically distributed team
Reactive, activated when a critical alert or incident occurs
Primary model when filled delegated to an MSSP
Small to upper mid market orgs
