Cybersecurity Training, Military Style

USAF cyberwarriors of the 328th weapons squadron, Nellis, Nevada.

Cybersecurity-training programs modeled on military tactics are making their way to the private sector.

Similar to how the armed forces stage war games to test the readiness of their troops for battle, these “hands on” training programs put companies through simulated breaches designed to test the effectiveness of the security tools, policies and teams they’ve put in place to defend themselves.

Insufficient planning and preparedness is the most significant barrier to achieving a high level of cyber-resilience within an organisation, 65% of IT professionals said in a recent survey released by the Ponemon Institute, a Michigan-based security-policy research center.

And as highly publicized hacks on organisations such as Sony Corp., J.P. Morgan Chase & Co. and the Internal Revenue Service have shown, even large, well-funded organisations can easily fall victim to cybercriminals, whose attacks are growing more sophisticated as the security industry struggles to keep up.

Identifying Gaps

Lance Hayden, a former Cisco Systems Inc. security manager and now Berkeley Research Group LLC managing director, says practicing cybersecurity skills in a safe, controlled environment before a breach ever happens is a smart thing to do. “You can only go so far with book knowledge before you need to try these things in a lab environment,” he says.

Among the cybersecurity firms championing military-style preparedness training is iSight Partners, which was acquired by FireEye Inc. earlier this year. The company’s ThreatSpace training program, run by retired Adm. Patrick Walsh, uses data collected by iSight’s intelligence agents around the world to create simulations that mirror the latest emerging security threats. ThreatSpace then puts a company’s IT security team through a multiday exercise to practice how it would respond to the various threat scenarios if they were actually happening.

Done on a company’s home turf, the ThreatSpace training is designed to help organizations identify vulnerabilities not only in their networks, but in their employee training and corporate security policies, as well, says Adm. Walsh, who spent more than 30 years in the Navy. “We want to energize and pressurize a team to evaluate their readiness,” he says, adding that the cybersecurity industry needs to learn what the Navy learned long ago—that having a training environment that mimics the fighting environment is the best way to improve preparedness.

Think like a Hacker

Whereas iSight’s product is focused on identifying gaps and weaknesses in a company’s defenses, other training programs want to help companies come at the issue from the mind-set of a hacker.

The SANS Institute, a nonprofit computer-security training organization, says companies are expressing increased interest in its Netwar training program in the wake of the many corporate breaches reported in 2014 and 2015.

Netwar was inspired by DEF CON, one of the world’s largest hacking conventions, held annually in Las Vegas. The conference holds a tournament every year where some of the world’s best hackers attempt to attack each other.

Tim Medin, a SANS Institute instructor and self-proclaimed hacker, says Netwar training involves two teams competing in a virtual version of the playground game King of the Hill. Each team has what Netwar calls a castle, and they have to defend their own castle while trying to attack the opposing team’s.

Although they are engaged in a game, the cybersecurity professionals are using the same equipment a security team would actually use in a typical company, including Web servers and Linux software. Mr. Medin says SANS updates the game every year to include recently identified threats, and the training can be done on-site at a company or at an off-site location.

The purpose of Netwar, he says, is to help security and IT professionals think creatively and engage in hacking behavior they typically wouldn’t be able to experiment with at work. “You can sit someone in front of a book or a class, and it’s good to learn but it loses some of the excitement,” Mr. Medin says.

Inspiring employees

Though their training programs come at the issue of cybersecurity preparedness from two different angles, both Adm. Walsh and Mr. Medin say the hands-on experiences inspire employees to stay later and learn more. Mr. Medin says it isn’t uncommon to see employees strategizing until 3 a.m.

Adm. Walsh says it is important that companies see how well their security systems and teams perform in the heat of the moment, before a real breach happens. It helps them understand their “level of readiness in a way they’re not going to see unless there’s an actual breach,” he says. “It is one of those triple plays where you feel like you’re really helping people get ahead.”

WSJ: http://on.wsj.com/1RYQTdg

« North Korea Denies Cyber Attacks On South Korea
Big Data: The 4 Layers Everyone Must Know »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Ixia

Ixia

Ixia provides testing, visibility, and security solutions to strengthen applications across physical and virtual networks.

International Conference on Information Systems Security & Privacy (ICISSP)

International Conference on Information Systems Security & Privacy (ICISSP)

The ICISSP event is a meeting point for researchers and practitioners to address security and privacy challenges concerning information systems.

S2 Grupo

S2 Grupo

S2 Grupo is the benchmark company in Europe and Latin America, for Cyber Intelligence and mission critical systems operations.

Cyber London (CyLon)

Cyber London (CyLon)

CyLon is a leading cyber security accelerator and seed investment programme. We help entrepreneurs from across the globe to build cyber security businesses, raise investment, and develop partnerships.

Banshie

Banshie

Banshie is an independent cyber security company with a small team of recognized specialist that are among the best in their field.

ShorePoint

ShorePoint

ShorePoint is an elite cybersecurity firm dedicated to improving the cyber resilience of Federal agencies and their missions.

Yoti

Yoti

Yoti offer a suite of business solutions that span identity verification, age estimation, e-signing and AI anti-spoofing technologies.

Devolutions

Devolutions

Devolutions make best-in-class Privileged Access Management, Password Management, and Remote Connection Management solutions available to ALL organizations — including SMBs.

Unit 42

Unit 42

Unit 42 brings together world-renowned threat researchers, incident responders and security consultants to create an intelligence-driven, response-ready organization.

Entro Security

Entro Security

Entro is the first holistic secrets security platform that detects, safeguards, and enriches with context your secrets across code, vaults, chats, and platforms.

Modern Networks

Modern Networks

Modern Networks is a leading provider of IT managed services to the UK’s commercial property sector and medium sized enterprises.

CyFlare

CyFlare

CyFlare’s security platform integrates your tools with ours – delivering true positives, automated remediation, and interactive analytics built for security management teams.

InfoTrust

InfoTrust

InfoTrust is a leading specialised cybersecurity practice that combines a customer-first consulting approach with next-generation security solutions.

Entitle

Entitle

Entitle's SaaS-based platform automates how permissions are managed, enabling organizations to eliminate bottlenecks and implement robust cloud least privilege access.

NOYB

NOYB

NOYB is a non-profit organization aiming to close the gap between privacy laws and the reality of corporate practice.

Secure Cyber Management

Secure Cyber Management

Secure Cyber Management provides industry-leading cloud security advice, guidance and services.