Participated in a cyber range exercise

2017.07.19

0 votes, average: 0.00 / 10
363
X Facebook Hatena Bookmark pocket
Security seminars , monitoring, operation and maintenance

This is Sashihara from the System Solutions Department

Recently, on June 20th, I participated in a cyber range exercise held by Ni Cyber ​​Security Co., Ltd.

I personally learned a lot from this, so I will give a brief summary

What is a Cyber ​​Range?

Cyberbit Range - Cyber ​​Range -
A simulation training platform focused on how to respond to cyber attacks

It is a cyber war simulation platform developed for the Israeli Armed Forces and adopted by over 15 organizations around the world, including the governments of the UK, Switzerland, and Singapore.
The company has one of the world's top share in flight simulators for fighter pilots, and utilizes its know-how to provide simulation education for practical cyber defense.
Source: Cyber ​​Range - Ni Cyber ​​Security

In simple terms

What to do if you are hit by a cyber attack?

What to do after a cyber attack?

This is an exercise where you can learn the following in a practical format

 

Exercise content

We will respond to any incidents that arise during the exercise

The process involves determining the priority and response policy for each incident and then responding to it

The work is generally done in a team setting, with each member assigned to one of three roles

The roles are roughly as follows:

  • Alert Analyst

Monitor incidents and see what happened, when and where

  • Incident Responder

Actual response when an incident occurs

  • Commander

Manage and report incidents and the movements of each employee

 

The first time, I was an incident responder, which is what I do on a regular basis

The second time, I worked as an alert analyst

Impressions of the exercise

It was difficult because they launched a full-scale attack

We were able to determine to some extent how to respond, but because there were so many of them, it happened that while we were checking, another server would be attacked

I realized how important it is to share information, as some members were looking at the same server and some were left feeling bored

This was a very educational experience for me, as attacks like this can actually occur during operations

If you have the opportunity, please try to participate!

If you found this article useful, please click [Like]!
0
Loading...
0 votes, average: 0.00 / 10
363
X Facebook Hatena Bookmark pocket

The person who wrote this article

About the author

Ryosuke Sashihara

I tried out Google Chrome's headless mode, which seemed to allow for detailed external monitoring. [IDCF] A story about tinkering with CloudStack API when building a jmeter execution environment for load testing.