Train Like Your Real Enemy – Not the One You Think You Know

Part of the problem is technology-related. Yet an equally significant and often overlooked issue is people, as cybersecurity personnel is too often ill-equipped to go to battle against today’s enemies.

March 1, 2016

In the modern era, hackers assault systems with unprecedented volume, velocity, and intricacy. To respond, organizations attempt to play defense according to what they anticipate as their adversaries’ next moves. For example, they may stage tabletop exercises or drills to simulate intrusion tactics; however, no matter how creative these exercises may appear, they still fail to adequately prepare cybersecurity teams for the real thing. The nature and approaches of threats are constantly shifting. Thus, the true effectiveness of these costly, manual, snapshot-in-time exercises is limited.

Part of the problem is technology-related. Yet an equally significant and often overlooked issue is people, as cybersecurity personnel is too often ill-equipped to go to battle against today’s enemies. According to research from the Enterprise Strategy Group (ESG), two out of five cyber security staff and SOC analysts say they need more training to effectively perform their jobs.

It is worth noting that often the basic duties of deploying and maintaining security products compete with security teams’ ability to hone their craft. A research note from Gartner concludes that “new and impactful threats often drive the adoption of costly point solutions, causing CISOs to add more duties to overburdened staff.” Gartner adds that the threat portion of risk assessments often remains static, acknowledging that in a rush to bulk-up on defenses, it is easy to overlook how technology is configured and what blind spots exist in the security posture.

In a related survey, ResearchNow reported that four of five information security executives believe that their organization would benefit from adopting a “military-style” approach to network protection, including better situational awareness and frequent live-fire simulations to test people, process, and technology. However, only one-of-five say they take this “warrior” stance to cyber defense.

At Verodin, we strongly support “going warrior.” In working with businesses, we frequently speak with Chief Information Security Officers (CISOs) and other managers who say their employees aren’t ready to face the current threat environment. Yes, their incident responders have gone to the right classes and earned the right certifications, but the classroom can’t prepare them for real attacks, or properly tune the tools required to confront them. CISOs have bought the equipment but should not automatically assume their teams know how to fully maximize this investment without extensive testing and configuration.

If we continue with our war analogy, the situation is akin to sending soldiers out to battle after only training them to use rifles, and then giving them a tank to operate against opponents – who are also in tanks, and were trained to use them. You can guess how that scenario will play out. Military approaches like the Navy’s famous “TOPGUN” course for aviators (now part of the Naval Strike and Air Warfare Center) are great examples of how basic training is only the foundation of continuous improvement.

Given this, managers must help train their people to counter threats which actually exist – not the threats that they think are out there based upon what they know about attacks from the past. They need to gain a greater understanding of the incidents which are emerging within their specific industry and environment – their turf and their network. Then they have to develop this awareness within their security teams.

By applying what we call “instrumented security,” organizations can more readily advance to this state. Through instrumented security, realistic attack activity is automatically (not manually) run at Internet-scale, setting up realistic battle drills to expose possible gaps which would leave systems vulnerable. Teams accurately assess whether tests reflecting the latest threats in the news can impact their systems, and then determine if their current security infrastructure will detect, mitigate and otherwise block what it is supposed to be blocking.

In other words, Verodin’s instrumented security helps CISOs and their staff evolve from drills and exercises to a truly effective, holistic approach, one in which existing defensive infrastructures are fooled into responding as if an authentic, live attack was taking place within the network – right now.

As a result, teams will benefit from the kind of simulations and training they could never get in a classroom. After all, nothing prepares someone for battle like the real thing.

Return to Blog

Get new cybersecurity effectiveness podcasts delivered straight to your inbox.

We will never sell or distribute your information.