Attack: Best form of defence
Added Monday 04 April 2016
The IT Insider talks to Satisnet about CyberKombat – a brand new experience designed to replicate a serious cyber-attack on an organisation, giving security teams the opportunity to test their abilities in a real life situation.
Are you up to the challenge?
Keeping up to date with the latest threats is a huge challenge for security leaders and one which organisations are failing to address, according to the latest IBM X-Force Threat Intelligence Report. In 2015, failures in security fundamentals put a huge number of businesses at risk, with massive breaches of highly sensitive data, indicating a need to return to basic best practices.
Security teams are often unable to test their plans on a regular basis, meaning that when an incident does occur, it typically takes up to 6 months for the business to fully recover. Recruiting qualified cyber security experts and then keeping them trained on the latest techniques to retain their skills is a major challenge in today’s changing threat landscape.
That’s why Satisnet have worked with IBM to create ‘CyberKombat’ – a real-life experience designed to help train security personnel in the latest skills needed to understand and defend against modern day cyber attacks.
John McCann, Managing Director of Satisnet, talked to The IT Insider to explain how CyberKombat works:
“Typically, a company’s Security Operations team will attend our site and be divided into two teams – the Red Team and the Blue Team. If the teams are not large enough or if additional attacking or defence skills are required, IBM and Satisnet security personnel will bolster specific teams and provide technical assistance and advice. The Red Team is responsible for attacking and compromising a set of hosts, while The Blue Team is responsible for detecting the attacks and protecting the hosts.
The final goal of The Red Team is to obtain a file or other confidential information stored on each victim host. The goal of The Blue Team is to detect the attacks as they come in and execute counter measures that will slow down or confuse the attackers.”
The Red Team will use a range of hacking tools, while The Blue Team use an application stack that includes:
- IBM QRadar SIEM
- Paloalto Networks (next-gen firewalling)
- IBM XForce Threat Intelligence
- IBM Guardium (database activity monitor)
- IBM BigFix (endpoint management)
- Invea Flowmon (flow analysis and packet capture)
- Honeycomb SOC Automation (incident response)
- Bit9 / Carbon Black (forensics)
- Bromium (micro-virtualisation)
- Trend Micro Smart Protection, Deep Security and Deep Discovery
- Balabit Secure Control Box (to video record all the Red and Blue activity)
As John explained, an equally important part of the whole process is ensuring that line of business leaders are also able to participate and benefit from the event. “C-level management experiences are held in parallel with the Red / Blue Team Days – comprising of table top exercises, incident management best practice training, and ‘questions to ask your Security Team’ exercises.”
This is a ground-breaking new service from Satisnet and IBM, which is set to change the face of training for Security Operations Teams across the UK. The experiences take place at Satisnet’s Cyber Training Centre in Luton and run as half day and full day sessions – tailored to the specific needs of each organisation.
Watch the introductory video: