LightCyber has launched an online training environment for security and IT professionals, dubbed the Cyber Attack Training System, or “C.A.T.S.”
Making C.A.T.S. broadly available is part of a three-staged educational initiative to provide greater knowledge of poorly understood techniques used by attackers to successfully perpetrate a targeted breach or insider attack.
“The skilled security teams that avoid or minimize business damages due to cyber-breaches are invariably the ones that understand attackers’ tactics,” said John Pescatore, director at the SANS Institute. “Attacks continue to evolve, and by understanding their tactics and indicators, critical security controls can be deployed, monitored and automated to successfully defend businesses even when attacks succeed at initial penetration.”
While focusing on blocking the installation of malware is an important piece of security strategy, so is training security professionals how to find the bad guys that are already operating within their network. C.A.T.S. is designed to provide professionals a live environment to learn the broader activities an attacker performs once they have circumvented preventative security and have begun to expand their foothold and establish control. The system can be used to simulate an external targeted attack, the actions of internal rogue employee or partner or an opportunistic breach.
LightCyber will also host a hacker challenge to test the abilities of security professionals in cyber-attack techniques. The contest shows how most breaches initially start from a simple compromised user account or computer and then escalate to gain further access to any other resources on the network.
Scheduled for November 10, the challenge is meant to demonstrate how an attacker who has gained access to a user account or computer can commandeer any other resource on the network and exfiltrate data.
The challenge is based on an isolated corporate network environment LightCyber has created that is representative of a small healthcare company. The network features fabricated medical records of 10,000 patients with Personally Identifiable Information (PII). The object for each challenger is to learn about network, find the data and tweet the last record from the database on the fabricated network. The challenge will be open for 12 hours, although actual breaches tend to occur over many weeks and months.
“Cyber-attacks leading up to breaches have been wildly successful, largely because most organizations lack the understanding and means to detect them until it is far too late,” said Jason Matlof, executive vice president at LightCyber. “Given the focus on blocking malware by legacy tools, network intruders that are sophisticated enough to circumvent those systems can gain unfettered access to operate on the network for months without detection.”