Brother
Professional
- Messages
- 2,590
- Reaction score
- 544
- Points
- 113
Esports Gym opened in Tokyo in May 2021. In it, gamers can play under the guidance of professionals by purchasing a subscription for a month or paying for a one-time three-hour workout.
Alexander Morkovchin, head of the group of the consulting department of the information security center of Jet Infosystems
Esports Gym opened in Tokyo in May 2021. In it, gamers can play under the guidance of professionals by purchasing a subscription for a month or paying for a one-time three-hour workout.
Similar gyms, only for security personnel - cyber polygons - have begun to gain popularity in Russia since 2018. And these projects are not only commercial, but also at the state level. In particular, Rostelecom plans to deploy a national cyber landfill until 2024. At the same time, according to the Gartner report, already in 2022, 15% of large companies will use cyber polygons to develop the skills of their information security specialists.
Let's look at the reasons for the rapid growth of interest in such gyms and take a closer look at the model of a modern cyber polygon.
This near-exponential damage growth curve is closely related to digital transformation. As IT becomes the heart of modern business, there is an almost proportional dependence of financial losses on failures in the operation of IT systems. Oftentimes, there is nothing to replace IT systems: there are simply no “manual” options for the functioning of business processes.
Modern cybercriminals understand well how much even a few minutes of downtime costs for a business, especially for continuous-cycle enterprises - large industrial companies, IT companies. They are the ones that most often become targets of attacks, especially with the use of ransomware viruses. Unfortunately, many today are not ready to repel and actively counter such attacks. All they have to do is to deal with the elimination of the consequences of incidents or even pay cybercriminals to restore access to their information. For example, the average ransom cost for restoring virus-encrypted data in 2020 increased by 33% compared to 2019 (according to a Fintech News report). And business expenses for recovery from such incidents have more than doubled.
Why it happens? According to the Jet CSIRT (Security Incident Response Team) analytics, there are three main reasons why companies do not always respond to an incident in a timely manner:
The focus of information security in the industry is shifting from attack prevention to early detection. The prohibitive principle of building a security system remains in the past, when companies created logical fences in the IT infrastructure and hoped for the effectiveness of exclusively preventive methods of protection. GosSOPKA centers and information security incident monitoring centers are being created, commercial SOC services are being developed, and automation and machine learning are being used in modern solutions to quickly detect and prevent the consequences of attacks.
Cyber polygons are a logical response to the development of the industry. The number of attacks will only increase in the future, and the main task of a modern information security service is to learn how to respond to threats in a timely manner, preventing them from causing serious damage to business.
However, hardware is only one component of the polygon. The main value of such a "gym" is the methodological base: attack scenarios, training materials and laboratory work, experienced trainers who can tell you how to act in a given situation.
Modern commercial cyber polygons have sufficient flexibility: depending on the needs for training, different sets of information security systems can be used, scenarios or infrastructure adapted.
Cyber training for information security specialists Trainings that include theory, various laboratory work, and development of scenarios for preventing or investigating hacks Testing information security tools Every year, new solutions for information protection appear on the cyber security market. You can choose the most suitable one or evaluate the effectiveness just in the test environment provided by the cyber polygon infrastructure Threat research Cyber polygons are an ideal research environment where you can safely test exploits, new vulnerabilities and check the security of new technologies without fear of stopping production processes Competency assessment Cyber polygons can be used to assess the skills of workers IB, in this case, the resulting score consists of the successful completion of practical tasks or observation of the behavior of a specialist during an attack investigation Competitions allow you to master practical information security skills in a playful way. Cyber polygon use model: on-premise, cloud, etc.
When is it worth building your own cyber landfill, and when is it better to use the services of platforms that are on the market? Below are the modern models of cyber polygons, as well as their pros and cons.
1) Building your own cyber polygon
Large companies, as a rule, follow the path of creating their own cyber polygon. At the same time, to build such a "gym", external expert teams are involved, which have in their staff pentesters, engineers, and consultants. It is such a team that can build an effective platform (after all, as noted earlier, a cyber landfill is not only hardware, but also all the necessary methodology: attack scenarios, training materials, correctly built processes). The plus of this model is obvious: the information security service can work out emergency situations in an environment as close as possible to a "combat" one 365 days a year.
However, creating a separate technological environment and keeping it up to date requires significant investments. The cost and the need for timely updating of the attacker's scripts are the main disadvantages of this model.
2) Periodic exercises on commercial cyber landfills
Suitable for most companies. Commercial landfills contain various infrastructure models typical of a particular industry and have several attack scenarios to choose from. In such gyms, you can not only train individually, but also arrange a competition with another team, where some defend themselves and others attack. Such polygons have sufficient flexibility: depending on the needs for training, different sets of protection equipment can be used, scenarios or infrastructure adapted.
Disadvantages of this model: such a "gym" is not available 24/7, the training itself must be coordinated with the platform provider, and the infrastructure revision can take a significant amount of time.
3) Using the cloud platform
In this model, the company is provided with remote access to the ready-made infrastructure: you only need to press a couple of buttons to start training. Such platforms are primarily aimed at training technical skills, and less attention is paid to the development of organizational interaction and management decisions.
In general, keep yourself in shape, carefully choose a platform for the cyber polygon and constantly try your hand at confronting hackers!
Alexander Morkovchin, head of the group of the consulting department of the information security center of Jet Infosystems
Esports Gym opened in Tokyo in May 2021. In it, gamers can play under the guidance of professionals by purchasing a subscription for a month or paying for a one-time three-hour workout.
Similar gyms, only for security personnel - cyber polygons - have begun to gain popularity in Russia since 2018. And these projects are not only commercial, but also at the state level. In particular, Rostelecom plans to deploy a national cyber landfill until 2024. At the same time, according to the Gartner report, already in 2022, 15% of large companies will use cyber polygons to develop the skills of their information security specialists.
Let's look at the reasons for the rapid growth of interest in such gyms and take a closer look at the model of a modern cyber polygon.
Making mistakes has become expensive for business
According to analysts from the Center for Strategic and International Studies, the number of cyber incidents that have caused damage of more than $ 1 million has grown almost fivefold over the past decade.
This near-exponential damage growth curve is closely related to digital transformation. As IT becomes the heart of modern business, there is an almost proportional dependence of financial losses on failures in the operation of IT systems. Oftentimes, there is nothing to replace IT systems: there are simply no “manual” options for the functioning of business processes.
Modern cybercriminals understand well how much even a few minutes of downtime costs for a business, especially for continuous-cycle enterprises - large industrial companies, IT companies. They are the ones that most often become targets of attacks, especially with the use of ransomware viruses. Unfortunately, many today are not ready to repel and actively counter such attacks. All they have to do is to deal with the elimination of the consequences of incidents or even pay cybercriminals to restore access to their information. For example, the average ransom cost for restoring virus-encrypted data in 2020 increased by 33% compared to 2019 (according to a Fintech News report). And business expenses for recovery from such incidents have more than doubled.
The problem is "little sport" for information security specialists
Our team of pentesters ("white hackers") annually conducts about 50 projects on practical security analysis. More than half of the attacks that our pentesters simulate pass without proper resistance from the customer's IS team. White hackers simply go unnoticed.Why it happens? According to the Jet CSIRT (Security Incident Response Team) analytics, there are three main reasons why companies do not always respond to an incident in a timely manner:
- there is no well-established communication within the response team;
- there is no well-built response process and clear instructions: the response is carried out “on a whim”;
- and third, the main reason is a lack of practical skills, because of which the team often makes mistakes.
How is the industry responding to this? Paradigm shift
Modern security models (for example, Zero Trust) imply that any information can be compromised, and your users' perimeter and passwords can be hacked.The focus of information security in the industry is shifting from attack prevention to early detection. The prohibitive principle of building a security system remains in the past, when companies created logical fences in the IT infrastructure and hoped for the effectiveness of exclusively preventive methods of protection. GosSOPKA centers and information security incident monitoring centers are being created, commercial SOC services are being developed, and automation and machine learning are being used in modern solutions to quickly detect and prevent the consequences of attacks.
Cyber polygons are a logical response to the development of the industry. The number of attacks will only increase in the future, and the main task of a modern information security service is to learn how to respond to threats in a timely manner, preventing them from causing serious damage to business.
What is a cyber polygon
Technically, a cyber polygon is a virtual "multilayer" infrastructure, which is a miniature copy of a typical IT landscape of an enterprise, with its inherent features and vulnerabilities and all the necessary protection means. At the same time, the business processes of the enterprise are simulated in the infrastructure - users check mail, work with systems, watch YouTube and even sit in Odnoklassniki.However, hardware is only one component of the polygon. The main value of such a "gym" is the methodological base: attack scenarios, training materials and laboratory work, experienced trainers who can tell you how to act in a given situation.
Modern commercial cyber polygons have sufficient flexibility: depending on the needs for training, different sets of information security systems can be used, scenarios or infrastructure adapted.
Service model of cyber polygons
The architecture of cyber polygons for the most part ensures the functioning of several services, each of which is formed taking into account the needs of its immediate target consumer (CISO, HR, SOC employees, etc.) and their tasks. The table below shows examples of services that can be deployed on a polygon (the most popular ones are highlighted in color).Cyber training for information security specialists Trainings that include theory, various laboratory work, and development of scenarios for preventing or investigating hacks Testing information security tools Every year, new solutions for information protection appear on the cyber security market. You can choose the most suitable one or evaluate the effectiveness just in the test environment provided by the cyber polygon infrastructure Threat research Cyber polygons are an ideal research environment where you can safely test exploits, new vulnerabilities and check the security of new technologies without fear of stopping production processes Competency assessment Cyber polygons can be used to assess the skills of workers IB, in this case, the resulting score consists of the successful completion of practical tasks or observation of the behavior of a specialist during an attack investigation Competitions allow you to master practical information security skills in a playful way. Cyber polygon use model: on-premise, cloud, etc.
When is it worth building your own cyber landfill, and when is it better to use the services of platforms that are on the market? Below are the modern models of cyber polygons, as well as their pros and cons.
1) Building your own cyber polygon
Large companies, as a rule, follow the path of creating their own cyber polygon. At the same time, to build such a "gym", external expert teams are involved, which have in their staff pentesters, engineers, and consultants. It is such a team that can build an effective platform (after all, as noted earlier, a cyber landfill is not only hardware, but also all the necessary methodology: attack scenarios, training materials, correctly built processes). The plus of this model is obvious: the information security service can work out emergency situations in an environment as close as possible to a "combat" one 365 days a year.
However, creating a separate technological environment and keeping it up to date requires significant investments. The cost and the need for timely updating of the attacker's scripts are the main disadvantages of this model.
2) Periodic exercises on commercial cyber landfills
Suitable for most companies. Commercial landfills contain various infrastructure models typical of a particular industry and have several attack scenarios to choose from. In such gyms, you can not only train individually, but also arrange a competition with another team, where some defend themselves and others attack. Such polygons have sufficient flexibility: depending on the needs for training, different sets of protection equipment can be used, scenarios or infrastructure adapted.
Disadvantages of this model: such a "gym" is not available 24/7, the training itself must be coordinated with the platform provider, and the infrastructure revision can take a significant amount of time.
3) Using the cloud platform
In this model, the company is provided with remote access to the ready-made infrastructure: you only need to press a couple of buttons to start training. Such platforms are primarily aimed at training technical skills, and less attention is paid to the development of organizational interaction and management decisions.
Conclusion
I think that each of you at least once took part in interactive quests, where you need to find clues in the room, work in a team and use your skill to reach the end. This is a whole hour of indescribable emotions. Over the past year, I have participated in cyber training three times on different platforms and with different scenarios. And each such training is similar to a quest, only much more interesting, because it allows you not only to enjoy the game plot, but also to practice practical skills.In general, keep yourself in shape, carefully choose a platform for the cyber polygon and constantly try your hand at confronting hackers!
