Cyber  Security  Simula/on  

Michael  Garvin  Senior  Manager,  Product  Management  

Security  Organiza/ons  are  Figh/ng  an  Asymmetric  Ba=le  

Copyright  ©  2015  Symantec  Corpora;on  2  

Cybersecurity  top  IT  skills  shortage  for  4th  

year  in  a  row*  

Staff  unproven—lack  of  hands-­‐on  

experience  with  a  breach    

Organiza;ons  are  never  certain  of    cyber-­‐readiness  

 

Seemingly  limitless  resources  

Sophis;cated,  mul;-­‐stage  aMacks  

AMacker  tac;cs  constantly  morphing  

•  *  ESG’s  annual  global  IT  Spending  Inten6ons  survey  has  shown  a  ’problema6c  shortage’  of  cybersecurity  experts  as  the  top  IT  skills  shortage  for  four  years  in  a  row.      •  hBp://www.esg-­‐global.com/research-­‐reports/2015-­‐it-­‐spending-­‐inten6ons-­‐survey/  

Security  Simula/on  Strengthens  Cyber  Readiness  

•  Cloud-­‐based,  virtual  training  experience  •  Live-­‐fire  simula;on  of  mul;-­‐staged,  advanced  targeted  aMack  scenarios  

•  Players  assume  the  iden;ty  of  their  adversaries  to  learn  mo;ves,  tac;cs  and  tools  

Engaging,  immersive  security  training  through  gamifica/on    

Copyright  ©  2015  Symantec  Corpora;on  3  

Simula/on  Concept  Tested  and  Proven  Worldwide  

Copyright  ©  2015  Symantec  Corpora;on  4  

Annual  company-­‐wide  war  games  

A  culture  of    Educa/on,  Innova/on  and  Passion  

Currently  ac/ve  in  30+  countries  

Now  in  4th  Year  of  Ac/ve  Deployment  

80+  Cyber  Readiness  events  worldwide   Focused  on  Security  Awareness    and  thought  leadership   Global  customer  &  partner  events  

Largest  event  -­‐  1500  registrants   Largest  compe//on  -­‐  400  teams  

Innova/on  Model  for  Achieving  Cyber  Readiness  

Copyright  ©  2015  Symantec  Corpora;on  5  

•  Cloud-­‐based,  virtual  training  experience  simulates  mul;-­‐staged  aMack  scenarios  allowing    players  to  take  on  the  iden;fy  of  their  adversaries    

•  Gamifica;on  provides  a  more  engaging,  immersive  educa;onal  experience    

•  Frequent  content  updates  ensure  team  stays  current  on  latest  adversaries,  mo;ves  and  techniques  

•  Scenarios  impart  knowledge  gleaned  from  Symantec  security  experts,  threat  analysis  and  current  threat  landscape  

THINK  LIKE  AN  ATTACKER  

•  Leaders  and  par;cipants  receive  in-­‐depth  security  skill  assessments  

•  Provides  structured  recommenda;ons  for  cybersecurity  skill  development  

•  Iden;fy  gaps  in  team  coverage  and  assess  skills  of  new-­‐hire  candidates  

ASSESS  AND  ADVANCE    YOUR  TEAM  

Security  Simula;on  strengthens  cyber-­‐readiness  through  live-­‐fire  simula;on  of  today’s  most  sophis;cated  advanced  targeted  aMacks  

Think  Like  Your  A=acker  

Copyright  ©  2015  Symantec  Corpora;on  6  

Hack/vist  wants  notoriety,  a=en/on  

Cyber  Criminal  mo/vated  by  money  

Cyber  Espionage  seeking  Intellectual  Property  for  profit  

 Cyber  War  Crimes  

poli/cally  mo/vated,    na/on  states,    

looking  to  gain  advantage    

What  They’re  Trying  to  Steal  

How  They    Stole  It  

The  A=acker  

Reconnaissance  

Incursion  

Discovery  

Capture  

Exfiltra/on  

Real-­‐world  A=ack  Scenarios  

Copyright  ©  2015  Symantec  Corpora;on  7  

Scenario  1:  The  EDC  and  RKI  

 Scenario  2:  

The  Coffee  Shop  Hack    

Scenario  3:  EDC  and  the  Lost  Laptop  

 

Scenario  4:  Forensics  Examiner    

Mishandles  Evidence      

Skills:  

•  Ethical  hacking  •  Penetra;on  Tes;ng  •  Forensics    •  Data  exfiltra;on  

Methods:  

•  Iden;fy  targets    •  Compromise  network  and  

systems  •  Blend  aMacks    •  Exfiltrate  data    

Mission:  Breach  &  Steal  Informa/on  

Scenario  Storyboard  

Scenario  Map  

Target  &  Content  Crea/on  

QA  Tes/ng  

Scenarios  and  Content  Updated  as  New  A=ackers  and  Techniques  Emerge  

Copyright  ©  2015  Symantec  Corpora;on  8  

Symantec  Security  Experience   Global  Threat  Intelligence   Real  World  A=acks  

Refine  Content  Customer  Feedback  Deploy  Scenario  

Implement  Skill  Assessment  and  Development  Programs  

Iden/fy  Organiza/onal  Gaps  

Assess  and  Advance  Your  Team  

Copyright  ©  2015  Symantec  Corpora;on  9  

•  Iden;fy  skills  requirements  for  individuals  and  organiza;ons  

•  Iden;fy  gaps  in  team  coverage  •  Assess  skills  of  poten;al  job  candidates,  new  hires  and  exis;ng  employees  

•  Focus  on  security  strategy  and  tac;cs,  techniques    and  procedures  (TTP)  

•  Manual  and  automated  skills  assessment  and  performance  analysis  

•  Prescrip;ve  guidance  for  skill  set  development    

•  Conduct  itera;ve  skill  development  programs  for  con;nuous  learning  

Par/cipate  

Assess  skills  

Create  development  

plan  Par/cipate  /  

Learn  

Assess  Progress  

Two  Delivery  Op/ons    

Copyright  ©  2015  Symantec  Corpora;on  10  

Security  Simula/on  Yearly  Subscrip/on  

Security  Simula/on  Exercise  One-­‐/me  Workshop  

Personalize  to  organiza;onal  objec;ves  Delivery  Op;ons:    •  Delivered  either  Onsite  or  Online  •  Facilitated  or  Self-­‐directed  •  One  or  Mul;-­‐day  

•  Contact  your  account  representa;ve  to  determine  schedule  availability  

•  Fully  managed,  cloud-­‐based  service  •  Prac;ce  your  skills  24x7  –  just  like  the  aMackers  •  Includes  all  four  scenarios  as  on-­‐demand  self-­‐paced  training  •  Frequent  content  updates  •  New  scenarios  added  to  address  evolving  threats    

Thank  you!  

SYMANTEC  PROPRIETARY/CONFIDENTIAL  –  INTERNAL  USE  ONLY  Copyright  ©  2015  Symantec  Corpora;on.  All  rights  reserved.  

Michael  Garvin  michael_garvin@symantec.com  (919)  454-­‐9128  

Mul/-­‐Staged  A=ack  Campaigns  

Copyright  ©  2015  Symantec  Corpora;on  12  

1.  Reconnaissance  A=acker  leverages  informa/on  from  a  variety  of  factors  to  understand  their  target.    

2.  Incursion  A=ackers  break  into  network  by  using  social  engineering  to  deliver  targeted  malware  to  vulnerable  systems  and  people.    

3.  Discovery  Once  in,  the  a=ackers  stay  “low  and  slow”  to  avoid  detec/on.  They  then  map  the  organiza/ons  defenses  from  the  inside  and  create  a  ba=le  plan  and  deploy  mul/ple  parallel  kill  chains  to  ensure  success.    

Mul/-­‐Staged  A=ack  Campaigns  

Copyright  ©  2015  Symantec  Corpora;on  13  

4.  Capture  A=ackers  access  unprotected  systems  and  capture  informa/on  over  an  extended  period.  They  may  also  install  malware  to  secretly  acquire  data  or  disrupt  opera/ons    5.  Exfiltra/on  Captured  informa/on  is  sent  back  to  a=ack  team’s  home  base  for  analysis  and  further  exploita/on  fraud  –  or  worse.    

Your  Success  Can  Be  Measured.  

Copyright  ©  2015  Symantec  Corpora;on  14  

-­‐2  

3  

8  

13  

18  

23  

28  

33  

38  

43  

Total  Flag  Captures  per  Event  and  #  of  Hints  used  

Total  Cap  

Hints  Used  

Security  Simula/on:  Soiware  as  a  Service  

Copyright  ©  2015  Symantec  Corpora;on  15  

•  On  demand,  managed  SaaS  offering  

•  Hands-­‐on,  completely  browser-­‐based  

•  Role-­‐based  views  /  scenarios  

•  Scoring  and  repor;ng  

•  Launching  1H  CY15  

Security  Simula/on  Exercise  What  do  they  want,  and  how  will  they  try  to  get  it?  

Copyright  ©  2015  Symantec  Corpora;on  16  

•  On  demand,  managed  SaaS  offering  

•  Hands-­‐on,  completely  browser-­‐based  

•  Role-­‐based  views  /  scenarios  

•  Scoring  and  repor/ng  

•  Launching  1H  CY15  

Guided  Simula/on  

Assess  and  Advance  Your  Team  

Copyright  ©  2015  Symantec  Corpora;on  17  

Assessment  •  Iden/fy  Skills  Requirements  for  Individuals  and  Organiza/ons  •  Structure  Appropriate  Cyclical  Programs  for  Ongoing  Learning  

Training  •  Classroom  and  Online  Training  Op/ons  •  Integra/on  into  SSP  for  Objec/ve  based  Skills  Development    

in  an  Exercise  •  Focused  on  security  strategy  and  tac/cs,  techniques,    

and  procedures  (TTP)  

Evalua/on/Performance  •  Manual  and  Automated  Skills  Assessment  /  

Performance  Analysis  •  Prescrip/ve  guidance  for  exper/se  and  skill  set  

development