Tabletop 2.0™ — Next-Gen Incident Response Tabletop Exercises Show Whole Picture

In today’s ever-evolving cyber threat landscape, an immersive, holistic, and cross-disciplinary approach to detection, response, and remediation is essential. Recognizing this need, Cloud Range has reimagined traditional tabletop exercises to create Tabletop 2.0 — a cutting-edge, next-generation solution that ensures a comprehensive approach to incident response.

The Shortcomings of Traditional Exercises

Traditional tabletop exercises, while valuable, present a limited view of incident response. These exercises typically rely on theoretical, static scenarios and often assume a breach has already occurred. It is a reactive model that does not provide a comprehensive approach to incident response and or improve decision-making between the security operations center and executive team.

360-Degree Views with Tabletop 2.0

Tabletop 2.0 revolutionizes the exercise by integrating a live-fire cyber attack simulation on Cloud Range’s industry-leading cyber range platform. It pulls in the SOC, DFIR and CSIRT teams and enables all participants to develop more thorough knowledge, understanding, and real, practical experience around incident response. It also enhances communication among technical and non-technical stakeholders – which can be crucial in saving time during a real incident.

Key benefits of Tabletop 2.0:

• Experience what happens as early as when the threat is detected 

• Practice threat detection, analysis, technical response, and remediation in a dynamic, safe environment 

• Follow the entire playbook, from detection through remediation 

• Integrate processes for analysts, technical staff, and executive leadership 

• Coordinate communication and improve soft skills for all participants

• Experience a cohesive approach for the entire timeline of the attack

TableTop 2.0 in Action: A Global Bank's Success Story

To demonstrate the efficacy of our approach, let's look at the case of one of the ten largest banks in the world. They sought out Cloud Range to simulate the entire attack process for their global cybersecurity teams. The organization had been conducting traditional tabletop exercises, but they recognized the inherent limitations — the absence of the cyber attack in action.

To fill this gap, the bank implemented Cloud Range’s cyber range simulation exercises in combination with their traditional tabletop exercises. This unique pairing involved the SOC team, as well as executive leadership, legal and communications teams. Participants engaged in a holistic, dynamic experience, simulating what would happen during an actual cyber attack — from detection to response to remediation.

Twenty-four members of the SOC team logged onto Cloud Range’s virtual cyber range platform, where they each had their own workstation and could work with a variety of technology tools, including Splunk, Palo Alto, Security Onion, Zeek, and a variety of operating systems including various types of Linux and Windows client and servers. Into the full-scale network environment that mimicked their own, a live SQL Injection cyber attack simulation occurred. 

Participants didn’t know what kind of attack they would experience, so they had to determine what was happening and how to respond and remediate it. They also had to understand the materiality of it, keep an ongoing report of what was transpiring, and explain their decisions. 

While the technical response was happening, the security leader was communicating findings to the executive and non-technical stakeholders. Post-attack, a debrief session ensured all participants grasped the intricacies of the attack. The cohesive approach accounted for the entire timeline of the attack, role definitions, playbook alignment and decision process. 

Results: 

• Better understanding of different roles 

• Refined playbook and process 

• More efficient and effective incident response 

The Power of Ongoing Training

This global bank subscribed to Cloud Range’s FlexRange™ program of continuous live-fire training exercises for their SOC team — 12 technical simulations annually, each one featuring a different type of attack. That way, their security analysts can regularly refine their skills and gain hands-on experience defending against a vast array of threat types. Furthermore, it conducts a Tabletop 2.0™ comprehensive cyber attack simulation, involving both technical and non-technical participants, in person twice per year. This comprehensive strategy enables the organization to ensure cyber resilience and reduce exposure to cyber risk.

Ensure your organization is prepared for the next cyber attack with a comprehensive approach to incident response. 

Learn more about the game-changing Tabletop 2.0 and contact us to see a demo.