LOS ALTOS, Calif. & RAMAT GAN, Israel--(BUSINESS WIRE)--LightCyber, a leading provider of Active Breach Detection solutions, today announced a new online training environment for security and IT professionals it has created called the Cyber Attack Training System (C.A.T.S.). Making C.A.T.S. broadly available is part of a three-staged educational initiative to provide greater knowledge of poorly understood techniques used by attackers to successfully perpetrate a targeted breach or insider attack.
Recognizing the increasing likelihood that even the best-protected organizational networks will be compromised, companies now are asking how they can find an attacker once they have entered their network. While many security vendors continue to promote a flawed security strategy exclusively focused on blocking the installation of malware, this publicly available educational program will train security professionals how to find the bad guys that are already operating within their network.
LightCyber will unveil C.A.T.S. as it co-presents an online seminar with John Pescatore, director, SANS Institute, to discuss and demonstrate cyber attack techniques that lead to external and insider attacks, and to demonstrate how to detect them early. To augment this instruction, LightCyber will host a hacker challenge to test the hacker abilities of security professionals in cyber attack techniques. The contest shows how most breaches initially start from a simple compromised user account or computer then escalate to gain further access to any other resources on the network.
“The skilled security teams that avoid or minimize business damages due to cyber breaches are invariably the ones that understand attackers tactics,” said John Pescatore, director, SANS Institute. “Attacks continue to evolve and by understanding their tactics and indicators, critical security controls can be deployed, monitored and automated to successfully defend businesses even when attacks succeed at initial penetration.”
“Cyber attacks leading up to breaches have been wildly successful largely because most organizations lack the understanding and means to detect them until it is far too late,” said Jason Matlof, executive vice president, LightCyber. “Given the focus on blocking malware by legacy tools, network intruders that are sophisticated enough to circumvent those systems can gain unfettered access to operate on the network for months without detection.”
Cyber Attack Training System (C.A.T.S.) for Instructing Security Professionals
C.A.T.S. is designed to provide professionals a live environment to learn the broader activities an attacker performs once they have circumvented preventative security and have begun to expand their foothold and establish control. It provides security professionals with vitally needed hands-on experience with cyber attacks. This training environment features a broader and multi-use superset of the environment used for the Hacker Simulation Challenge. The system can be used to simulate an external targeted attack, the actions of internal rogue employee or partner or an opportunistic breach. The C.A.T.S. environment will be available to those who have received general training from LightCyber or its partners and want to look at various practices and procedures in greater detail.
Online Seminar: What You Must Know About Targeted Attack Techniques
The online seminar, “What You Must Know About Targeted Attack Techniques,” will reveal many of the operational techniques of a hidden attacker to which most companies are blind. It will utilize live demonstrations from C.A.T.S. The live seminar will be via webcast on November 17, 2015 from 12:00 noon to 1:00 p.m. Pacific with replays available after the initial broadcast. Register for the event on the SANS website: https://www.sans.org/webcasts/101162
From Host Compromise to Data Breach – the Hacker Simulation Challenge
In conjunction with the seminar, LightCyber is holding a hacker simulation challenge on November 10, 2015 to demonstrate how an attacker that has gained access to a user account or computer can commandeer any other resource on the network and exfiltrate data. Contestants register on the LightCyber website: http://info.lightcyber.com/cyber-attack-training-system-reg-pg to take part in the challenge, and the first 100 to exfiltrate the target data win a hoodie sweatshirt.
The challenge is based on an isolated corporate network environment LightCyber has created that is representative of a small healthcare company. The network features fabricated medical records of 10,000 patients with Personally Identifiable Information (PII). The object for each challenger is to learn about network, find the data and tweet the last record from the database on the fabricated network. The challenge will be open for 12 hours, although actual breaches tend to occur over many weeks and months.
Resources
- Register for the Hacker Simulation Challenge
- Register for the online seminar with SANS on understanding cyber attack techniques and how to detect them
- Infographic: Why Most Companies are Sitting Cyber Ducks
- Blog – includes a realistic re-working of the Cyber Kill Chain
About LightCyber
LightCyber is a leading provider of Active Breach Detection solutions that accurately detect active cyber attacks that have circumvented traditional threat prevention systems. The LightCyber Magna platform is the first security product to simultaneously profile both network traffic and endpoint state in order to accurately detect compromised user accounts and devices early in the attack lifecycle, and to enable security operators to remediate breaches and stop attacks before real damage is done. Founded in 2011 and led by world-class cyber security experts, the company’s products have been successfully deployed by top-tier customers around the world in the financial, legal, telecom, government, media and technology sectors. For more information, please visit http://www.lightcyber.com or follow us on Twitter, LinkedIn and Facebook.