Tabletop Exercises: Reasons to Work with Sleuth Kit Labs

There are a plethora of cybersecurity firms and incident response products and services on the market. It’s understandable that folks might wonder why they should work with Sleuth Kit Labs or use our tooling in particular. In this post, I’ll build on my last blog about Table Top exercises and write about our differentiators.

For tabletop exercises, there are four reasons why our team delivers practical, productive, and impactful training.

These reasons are:

  • Experienced team
  • Realistic simulations
  • Advanced tool integration
  • Simulated datasets

Experienced team

At Sleuth Kit Labs, we’re not just another cybersecurity startup. We’re a team of seasoned veterans, each with a track record of success in entrepreneurship, product development, and DFIR. Brian Carrier, one of the original pioneers in the DFIR field, steers our ship with wisdom gleaned from decades of working and developing in the field. His experience developing DFIR products, such as The Sleuth Kit and Autopsy, and leading teams sets the tone for our innovative approach. In fact, the majority of our product team has been together for the past 10 years building The Sleuth Kit, Autopsy, and CyberTriage.

Joining him is Mike Wilkinson, who is a maestro at conducting complex investigations and a mentor in the art of leadership and business acumen. With over 20 years under his belt, Mike brings a depth of knowledge that is rare and invaluable. And then there’s me (Lee Sult), with my own journey of successes as an investigator in large multinational cases and a seasoned cybersecurity start-up founder with an exit.

Together, we form a powerhouse of customer-focused expertise, and we are ready to work with our customers and community to continue our life-long commitment to service.

Realistic simulations

One of our key differentiators at Sleuth Kit Labs is our in-house research team, which allows us to keep up with the latest attack trends. We use the research gathered to inform our product development and to educate our customers about the evolving threat landscape. This research also allows us to offer timely and relevant tabletop exercises.

Advanced tool integration

We also integrate technical components into our tabletop exercises, utilizing tools like Cyber Triage, Endpoint Detection and Response (EDR) tools, and anything specific to your tech stack that would matter during a real attack. This approach tests an organization’s ability to deploy tools at scale and assesses their capacity to rapidly collect and analyze critical data. We recognize that attackers often find footholds outside of a victim’s existing tooling and visibility. Therefore, we create scenarios with simulated data that mirror real-world complexities, allowing customers to gain hands-on experience with the challenges seen in real-world cases. It provides an invaluable opportunity to learn what to do when encountering these scenarios, ensuring a well-rounded and comprehensive preparedness experience.

Simulated Datasets

We build custom simulated datasets for each exercise, which help organizations become familiar with spotting things such as anomalous logon activity, persistence malware, or stolen data files. This enhances the realness of the experience for everyone involved and helps to identify where the team might have a knowledge gap, missing skillset, or simply needs more tooling.

Since we are constantly improving our own tools, we are confident that our simulated data or datasets will be as close as possible to what your team will experience during an active attack.

To Recap, Sleuth Kit Labs Advantages:

  • Experienced Team: Our team’s decade-long collaboration means we’ve honed our skills in unison, understanding each other’s strengths and how to best leverage them for our clients.
  • Realistic Simulations: We don’t just talk the talk; we walk the walk. Our exercises are grounded in the reality of cyber threats, ensuring your team faces scenarios that they’re likely to encounter. Our in-house research team ensures that our case files are up-to-date and relevant.
  • Advanced Tool Integration: By incorporating tools like Cyber Triage and EDRs, we add realism and technical depth to our exercises, making them more than just theoretical discussions.
  • Simulated Datasets: We use simulated datasets in our exercises that help organizations become familiar with spotting threats.

Ready to take your cybersecurity preparedness to the next level? Reach out to us and let’s make your organization cyber resilient.

Sleuth Kit Labs Services

Stay safe, stay prepared, and remember, we’re in this together.

Lee Sult, Sleuth Kit Labs.