Cybersecurity Training, Military Style

USAF cyberwarriors of the 328th weapons squadron, Nellis, Nevada.

Cybersecurity-training programs modeled on military tactics are making their way to the private sector.

Similar to how the armed forces stage war games to test the readiness of their troops for battle, these “hands on” training programs put companies through simulated breaches designed to test the effectiveness of the security tools, policies and teams they’ve put in place to defend themselves.

Insufficient planning and preparedness is the most significant barrier to achieving a high level of cyber-resilience within an organisation, 65% of IT professionals said in a recent survey released by the Ponemon Institute, a Michigan-based security-policy research center.

And as highly publicized hacks on organisations such as Sony Corp., J.P. Morgan Chase & Co. and the Internal Revenue Service have shown, even large, well-funded organisations can easily fall victim to cybercriminals, whose attacks are growing more sophisticated as the security industry struggles to keep up.

Identifying Gaps

Lance Hayden, a former Cisco Systems Inc. security manager and now Berkeley Research Group LLC managing director, says practicing cybersecurity skills in a safe, controlled environment before a breach ever happens is a smart thing to do. “You can only go so far with book knowledge before you need to try these things in a lab environment,” he says.

Among the cybersecurity firms championing military-style preparedness training is iSight Partners, which was acquired by FireEye Inc. earlier this year. The company’s ThreatSpace training program, run by retired Adm. Patrick Walsh, uses data collected by iSight’s intelligence agents around the world to create simulations that mirror the latest emerging security threats. ThreatSpace then puts a company’s IT security team through a multiday exercise to practice how it would respond to the various threat scenarios if they were actually happening.

Done on a company’s home turf, the ThreatSpace training is designed to help organizations identify vulnerabilities not only in their networks, but in their employee training and corporate security policies, as well, says Adm. Walsh, who spent more than 30 years in the Navy. “We want to energize and pressurize a team to evaluate their readiness,” he says, adding that the cybersecurity industry needs to learn what the Navy learned long ago—that having a training environment that mimics the fighting environment is the best way to improve preparedness.

Think like a Hacker

Whereas iSight’s product is focused on identifying gaps and weaknesses in a company’s defenses, other training programs want to help companies come at the issue from the mind-set of a hacker.

The SANS Institute, a nonprofit computer-security training organization, says companies are expressing increased interest in its Netwar training program in the wake of the many corporate breaches reported in 2014 and 2015.

Netwar was inspired by DEF CON, one of the world’s largest hacking conventions, held annually in Las Vegas. The conference holds a tournament every year where some of the world’s best hackers attempt to attack each other.

Tim Medin, a SANS Institute instructor and self-proclaimed hacker, says Netwar training involves two teams competing in a virtual version of the playground game King of the Hill. Each team has what Netwar calls a castle, and they have to defend their own castle while trying to attack the opposing team’s.

Although they are engaged in a game, the cybersecurity professionals are using the same equipment a security team would actually use in a typical company, including Web servers and Linux software. Mr. Medin says SANS updates the game every year to include recently identified threats, and the training can be done on-site at a company or at an off-site location.

The purpose of Netwar, he says, is to help security and IT professionals think creatively and engage in hacking behavior they typically wouldn’t be able to experiment with at work. “You can sit someone in front of a book or a class, and it’s good to learn but it loses some of the excitement,” Mr. Medin says.

Inspiring employees

Though their training programs come at the issue of cybersecurity preparedness from two different angles, both Adm. Walsh and Mr. Medin say the hands-on experiences inspire employees to stay later and learn more. Mr. Medin says it isn’t uncommon to see employees strategizing until 3 a.m.

Adm. Walsh says it is important that companies see how well their security systems and teams perform in the heat of the moment, before a real breach happens. It helps them understand their “level of readiness in a way they’re not going to see unless there’s an actual breach,” he says. “It is one of those triple plays where you feel like you’re really helping people get ahead.”

WSJ: http://on.wsj.com/1RYQTdg

« North Korea Denies Cyber Attacks On South Korea
Big Data: The 4 Layers Everyone Must Know »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Orolia

Orolia

Orolia are experts in deploying high precision GPS time through network infrastructure to synchronize critical operations.

TestFort

TestFort

TestFort QA Lab is a specialized software testing company offering independent quality assurance and software testing services.

Australian Information Security Association (AISA)

Australian Information Security Association (AISA)

AISA champions the development of a robust information security sector by building professional capacity and advancing the cyber security of the public, business and governments in Australia.

BetterCloud

BetterCloud

BetterCloud puts IT in control of the modern workplace through user lifecycle management, data discovery, and IT and security automation purpose-built for SaaS.

aDolus Technology

aDolus Technology

aDolus delivers a robust solution for safeguarding against counterfeit or malicious software and firmware in mission-critical systems.

Drootoo

Drootoo

Drootoo is transforming businesses and making them high performing entities with its unified cloud platform.

ditno

ditno

ditno uses machine learning to help you build a fully governed and micro-segmented network. Dramatically mitigate risk and prevent lateral movement across your organisation – all from one centralised

Dynics

Dynics

The Dynics ICS-Defender is an Industrial Control System Security Appliance for OT or OT/IT convergent environments.

Iron Bow Technologies

Iron Bow Technologies

Iron Bow Technologies is a leading IT solution provider dedicated to successfully transforming technology investments into business capabilities for government, commercial and healthcare clients.

e5 Lab

e5 Lab

e5 Lab seeks to develop solutions to challenges faced by the shipping industry including digital transformation, autonomous technologies and big data in order to promote safe and efficient operations.

Data Protection Commission (DPC)

Data Protection Commission (DPC)

The Data Protection Commission (DPC) is the national independent authority responsible for upholding the fundamental right of individuals in the EU to have their personal data protected.

Pillr

Pillr

Pillr is a cybersecurity operations platform capable of adapting to the demands of your business and team — and the global threat landscape.

Interactive

Interactive

Interactive are a leading Australian IT service provider with services in Cloud, Cyber Security, Data Centres, Business Continuity, Hardware Maintenance, Digital Workplace, and Networks.

CyberMontana

CyberMontana

CyberMontana is a statewide initiative providing cybersecurity awareness, training, and workforce development for businesses and residents of Montana.

Reken

Reken

Reken are building a new type of AI platform and products to protect against generative AI threats.

Frenos

Frenos

The Frenos Platform helps enterprises understand their most probable attack paths while highlighting the most effective risk mitigations to deter and defend against today’s adversaries.