Abraham Lincoln is unduly credited with having once uttered, “Give me six hours to chop down a tree and I will spend the first four sharpening the axe.” Although this inspirational quote extolls the virtue of diligent preparation, at some point of time you must face the tree. This holds particularly true for security professionals tasked with auditing/defending networks that contain sensitive information; skills and preparations will be tested, and the price of failure may be catastrophic.
An impressive collection of security certifications doesn’t necessarily endow an operator with the skill and dexterity to thwart, pre-emptively or in real-time, a proficient and thoroughly prepared aggressor. A quick Google search of “Network Security Breaches 2018” yields over 75 million results proving, beyond the shadow of a doubt, that this is not a hypothetical scenario. The only way to codify the dedicated acquisition of skills into the ability to act in an acute situation, such as a potential breach or ongoing advanced persistent threat (APT), is to have direct experience dealing with such acute situations.
In order to hone this critical skill, Ixia has created a series of live Cyber Combat Events centered around their Cyber Range Solution. The combat events are structured so that teams battle in a timed and scored melee where points are given for both defending protected resources (Blue Team) and for breaching enemy defenses (Red Team). All victories and failures are meticulously tabulated and viewable, in real-time, by the participant’s managers, opposing players, as well invited members of the press. Two weeks ago, in Hong Kong, twenty-eight network security professionals from various organizations, logged into Ixia’s Cyber Range “The Beast” to pit their skills against each other. Axe sharpening be damned; how fast can you chop down a tree in front of your boss’s boss?
This was the first ever public Cyber Combat event in Hong Kong hosted by HKT) and it was sponsored by Hong Kong Computer Association and Hong Kong Institute of Bankers. In addition to the scoring done by Ixia’s Cyber Range, Hong Kong Telecom’s SoC team monitored targeted servers for additional breach statistics. The compilation of both sets of statistics illustrated how chaotic the networked environment truly was by documenting tens of thousands of attacks on individual servers during the course of the six-hour event.
Many aspects of the challenges faced by the Blue Team competitors were derived from Ixia’s BreakingPoint; the all-in-one application and security testing platform. BreakingPoint is capable of creating complex network traffic scenarios such as advanced persistent threats, DDoS, and botnets. Blue Team members poured over log files deposited in their SIEM (Security Information and Event Management) from their NextGen Firewall and other security tools. It was crucial to efficiently and accurately analyzing events for the breadcrumbs of attacks launched by BreakingPoint. The attacks within the BreakingPoint solution are crafted by Ixia’s Threat Intelligence research team. The research performed by this in-house group not only fuels the Cyber Range but also the myriad of BreakingPoint's deployed in security testing labs all over the world.
At the end of the competition, the team representing PriceWaterhouseCoopers was victorious. Not only did the PWC team, featured in the above photo, have the highest aggregate score, the duo also comprised the top defender and top attacker. The prize for taking first place was a pair of plane tickets to compete in Ixia’s final Cyber Combat Event of the year which will take place in Singapore on November 22nd. This event will be attended by the winning teams of five other Cyber Combat Events put on by Ixia across APAC in addition to last year’s winner in Singapore.
If you’re interested in learning more about the network security research being done at the Ixia Solutions Group of Keysight Technologies or our Cyber Range technology, please visit the links below. If you're interested in testing your mettle in a live competition, there are lots of opportunities. On September 21st, there will be another Cyber Combat Event in Tokyo.