Ally’s Beta release includes our Asa Scribe functionality and our instant TTX reporting. Invite Asa to your next exercise for free and see how it improves the value you deliver to clients.

Each client receives a dedicated account, with account-level permissions so you can easily protect access to each client’s data. We then employ end-to-end encryption of all data in transit and at rest. We also apply role-based user authentication to every request in the platform and all events are logged and traceable.

‍

We strive to provide enterprise-grade security across our platform. If you’d like more detailed information about how client data is used, stored, or handled, visit our Security page or inquire directly with security@ally.security.

Running tabletop exercises is the best way to optimize the incident management process. The key? Running them often. (Read: more than annually for compliance, please!)

‍

First, you need an incident response plan (IRP) to test. Once you’ve established your IRP, you need to make sure people understand the plan and their role in it. Ideally, you’ll want to move people from “know there’s a document that exists somewhere” to having a deep understanding of the roles, incident classifications, escalation procedures, and IR playbooks associated with it. 

That way, when a real incident happens, people start to react the right way based on what they’ve been taught or familiarized with.

‍

TTX are a great way to do this - to bring together your various stakeholders who have a role, test your response to different situations, and adjust your plan to account for any findings.

‍

It’s been shown that there’s a direct correlation between response times and the cost of a data breach (thanks IBM), so it’s incredibly important to consistently improve and optimize your processes. You can do this by building a program around tabletops.

Start with the audience and objectives. Who is this for, and what are your goals for the group? For example: Is this a technical group, or is it mainly executives? You can use a template to help you design a TTX (hi CISA!) or ask ChatGPT—either way works as long as it’s customized based on your organization and environment. (Or, if you need a good prompt, just ask us!)

‍

As you design your TTX, find a relevant and engaging attack path. You can use MITRE ATT&CK to find an incident that is plausible for your org, or you can use a recent pentest or internal incident findings to inform your scenario.

‍

After you plan the setting for your TTX, it’s time to set the timeline. For a 90-minute exercise, for example, you may only need 3-4 good injects.

‍

Every good exercise starts with some“hype.” Get people excited for your tabletop exercise by making a teaser video or sharing a relevant breach with the participants so they can read ahead of your main event. 

‍

Don’t forget to invite Asa!

‍

Last but not least, make sure you reserve time at the end of the scenario for a quick after-action summary ahead of your formal report. We recommend giving everyone a 15-minute snack break before coming back to review Asa’s findings and recommendations.

Ally saves you time, enabling you to move beyond the dreaded once-a-year-compliance-exercise. With the time savings our platform brings, you can run exercises more often, provide value faster, and use TTX to mature your incident response program. 

‍

The value of the exercise is partially what happens during the event, but importantly, it’s also what you do after to improve! When you run an exercise with Asa, you get immediate feedback. IR experts like you use the findings to refine their TTX programs, helping participants review the findings and get buy-in for what needs to be done next. 

‍

Ally also helps consultants running a TTX program track their action items over time to show the value your program is delivering. (We’ll have more capabilities to help with that soon!)