Join Trustwave at the 2023 Gartner Security & Risk Management Summit in London, September 26-28. Learn More

Join Trustwave at the 2023 Gartner Security & Risk Management Summit in London, September 26-28. Learn More

Managed Detection & Response

Eradicate cyberthreats with world-class intel and expertise

Managed Security Services

Expand your team’s capabilities and strengthen your security posture

Consulting & Professional Services

Tap into our global team of tenured cybersecurity specialists

Penetration Testing

Subscription- or project-based testing, delivered by global experts

Database Security

Get ahead of database risk, protect data and exceed compliance requirements

Email Security & Management

Catch email threats others miss with layered security & maximum control

Co-Managed SOC (SIEM)

Eliminate alert fatigue, focus your SecOps team, stop threats fast, and reduce cyber risk

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
The Trustwave Approach
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Platform
SpiderLabs Fusion Center
Security Operations Centers
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

5 Reasons Why Tabletop Exercises Can Strengthen Your Incident Response

With the start of another new year, there’s no better time to assess the current state of your incident response (IR) abilities and identify what you should work on to improve.

A convenient way to accomplish this is through tabletop exercises, as it presents a classroom-style discussion in which stakeholders gather to confront a simulated emergency and hone their critical response competencies.

Aside from the obvious – a vastly improved IR program – what makes these practice scenarios so beneficial to the overall security maturity of your organization? Here are five reasons to move your learning to the tabletop.

1) They deliver an excellent return on investment.

Relative to other tactics you could choose to assess security capabilities, a tabletop exercise typically has a lower cost and requires fewer resources while still delivering useful information quickly. If you engage with an outside expert like Trustwave, they’ll develop a customized scenario for you, which means your team can get results from just a few hours of participation.

2) Security processes and team members are tested in a safe environment.

Unless your organization is particularly vulnerable – or unlucky – you’re not responding to incidents all the time. A tabletop exercise lets everyone focus on how they’d respond to a specific cyber incident without the risk and stress of a real-world situation.

3) Team members from all levels and parts of your organization can join.

Security emergencies affect technical team members, business owners, executives and others throughout your organization. A well-written tabletop scenario helps everyone familiarize themselves with their role during an incident. Like an actual emergency, varying team members will participate at different times and have unique responsibilities, but everyone can have an opportunity to engage during the exercise.

4) They identify gaps and can help you improve your IR plan.

Once the tabletop exercise is underway, interactions among participants will uncover whether roles are understood, communication lines are clear, procedures are available and more. All this information will give you a realistic view of the effectiveness of your security processes and procedures, and highlight gaps to fill or areas to improve.

5) You will learn about issues before they happen for real.

Of all the reasons to conduct a tabletop exercise, this is arguably the most important. Tabletop exercises are great at identifying questions that need answers, responsibilities that need owners or processes that need developing. These might be as simple as identifying the team member who is responsible for notifying law enforcement of a breach – or perhaps something more involved, like defining criteria for quarantining versus rebuilding infected systems. Whatever issues are identified, it is better to identify and resolve them in a safe setting during or after an exercise than on the fly while responding to a legitimate security emergency.

In Summary

If you lack the internal resources to stand up a tabletop exercise yourself, our experienced Trustwave SpiderLabs DFIR Consulting team members can help get you up and running. A member of our team starts by working with you to understand your organization’s environment, personnel and objectives. Learn more about Trustwave SpiderLabs DFIR Consulting services.

Diane Garey is a product marketing manager at Trustwave.