Cisco Cyber Range - s.itho.me · Cisco Cyber Range Service Packages Cyber Range build on customer...
Transcript of Cisco Cyber Range - s.itho.me · Cisco Cyber Range Service Packages Cyber Range build on customer...
Paul Qiu
Senior Solutions Architect
June 2016
Cisco Cyber Range
“What I hear, I forget
What I see, I remember
What I do, I understand”
~ Confucius
Agenda
• Cyber Range Highlights
• Cyber Range Overview & Architecture
• Cyber Range Threat Response Exercise
• Cyber Range Further Investigation
Agenda
4
Cyber Range Highlights
5
Cyber Range Highlights
Defence Organisations
Government Regulatory authorities
Consulting and Auditing firms
Cyber Emergency Response Teams
Information Security and Surveillance teams
Enterprise NOC/SOC Teams.
Oil and Gas Sectors
Large Service Providers
Partners, distributors, value added resellers, and security system integrators
Workshops all over the world
Cyber Range Overview
Cyber Range Service Delivery Platform
• A Platform for ServiceDelivery and Learning
• Deeper understanding of leading security methodologies, operations, and procedures
• Empower customers with the architecture and capability to combat modern cyber threats
• Over 100 Attack Cases for 12 Technology Solutions
• 100+ applications simultaneously merged with 200-500 different Malware types
• Virtual environment accessible from any place in the world
PEOPLE PROCESS DATA THINGS
Cisco Cyber Range Service Packages
Cyber Range build on customer premise with updates via subscription
3 or 5 day intensive real life experience, Rent Cyber Range Services Delivery Platform Including test engineer Local Cisco Services Lab
3 or 5 day intensive real life experience reacting to and defending against rudimentary and Complex Cyber Attacks delivery to any location
• Threat Intelligence Report
• Threat modelling for customers network environment and regular consulting on impact of latest threats to customer’s security posture
Cyber Range Capabilities
… can improve cyber defence operational capabilities, by way of:
• Architecture / Design validation
• Incident response playbook creation / validation
• War game exercises
• Hands-on training for individual technologies
• Threat mitigation process verification
• Simulating advanced threats (zero day / APT)
Cyber Range Architecture
Covering The Entire Attack Continuum
Visibility and Context
Firewall
NGFW
NAC + Identity Services
VPN
UTM
NGIPS
Web Security
Email Security
Advanced Malware Protection
Network Behaviour Analysis
BEFOREDiscover
Enforce
Harden
AFTERScope
Contain
Remediate
Attack Continuum
Detect
Block
Defend
DURING
Foundation
Prevent
Firewall
Anti-Virus
Host IPS
Web proxy
Anti-Spam
Network IPS
Detect
Network IDS
NetFlow anomaly
Advanced Malware
Behavioural anomaly
Collect
NetFlow
Event logs
Web proxy logs
Web firewall
Mitigate
IP blackhole
account
disablement
scalable load balancer device monitoring
Analyse
NetFlow analysis
SIEM analysis
Malware analysis
Cisco CSIRT Protection Model
Cyber Range Network Components Overview
Identity Services Engine
Flow Collector FC
SMCStealthWatch Management Internet
IXIA
Breaking Point Open Source Attack
ToolsInside Host
NetFlow
AVC
TrustSec
Wireless Security
ASA NGFW
Cisco Talos
Web Security Appliance
Email Security Appliance
Cyber Threat
Defence
Sourcefire IPS
Splunk
Cisco
Prime
Fire
SIGHT
Data Analytics
N1KV
ASAv
Virtual Security
Cyber Range Network
1
6
Meet the Teams
AGENDA: Infiltrate networks to steal data and/or cause damage for publicity or gain.
AGENDA: Monitor and defend attacks against “CyberRangeNetworks” and their clients.
AGENDA: Enhance knowledge of attack and defence strategies. Hopes to one day join the red or blue teams.
Red Team Blue Team Green Team
Skill Set: High Skill Set: High Skill Set: Varied
LOCATION: Everywhere LOCATION: Security Operations Centre
LOCATION: This room
Cyber Range Networks’ Biggest Threats?
Cyber RangeThreat Response Exercise
Category Title Description
CAT 0 Exercise / Network Defence Testing Known vulnerability assessments, audits, Q/C incident tests, table-top exercises, etc
CAT 1 Unauthorised AccessLogical or physical access without permission (regardless of awareness) to a network,
system, application, data, or other resource from internal to external
CAT 2 Denial of Service (DoS)
An attack that successfully prevents or impairs the normal authorised functionality of
networks, systems or applications by exhausting resources.
This activity includes being the victim or participating in the DoS.
CAT 3 Malicious CodeSuccessful installation of malicious software (e.g., virus, worm, Trojan horse, or other
code-based malicious entity) that infects an operating system or application.
CAT 4 Improper Usage
Any acceptable-use, lab, minimum host, general insecurity, or other policy violations,
unscheduled vulnerability assessments, external vulnerability notification, etc.
An employee violates acceptable computing use polices.
CAT 5 Scans/Probes/Attempted Access
This category includes any activity that seeks to access or identify a company asset,
including computer, open ports, protocols, service, or any combination for later exploit.
This activity does not directly result in a compromise or denial of service.
CAT 6 Investigation
Unconfirmed incidents where evidence is inconclusive, or when supporting another
team’s investigation. Potentially malicious or anomalous activity deemed by the
reporting entity to warrant further review.
Incident Categories by CERT
Cyber Range Further Investigation
Additional Resources
• Service Overview:
www.GetCyberRange.com
https://www.servicesdiscovery.com/en/article.php?idx=218
• Sales Collateral:
https://cisco.jiveon.com/groups/cisco-cyber-range
• Contact Us:
Additional Resources
“What I hear, I forget
What I see, I remember
What I do, I understand”
~ Confucius