Case Studies
Cyber range exercises are the most realistic way for warfighters to ‘train as they fight’. These are live exercises where cyber attackers (red teams) attempt to disrupt information flow within defended environments. The network defenders (blue teams) are tasked with keeping their networks up and running by detecting and mitigating the red team’s attacks
The US Army National Guard’s largest yearly event is called ‘Cyber Shield’. The 2020 event was run under the command of COL Teri Williams, of the National Guard’s 91st Cyber Brigade. More than 800 National Guard soldiers and airmen from more than 40 states signed in for the virtual training to sharpen their skills as network defenders. The exercise was conceived in cooperation with industry network owners and law enforcement partners to ensure it met the demands of defending the nation’s at-risk information infrastructures
As in previous years, Keysight Technologies volunteered its support to Cyber Shield. Keysight’s BreakingPoint traffic generators were used in the exercise to provide realistic and random background traffic generation meant to obfuscate cyberattacks
Traffic realism is one of the most important requirements for cyber range traffic generation. It is not enough for defending teams to observe and mitigate cyber threats. As in the real world, they must ‘hunt’ the nefarious actors, understand hacker tactics, techniques, and procedures (TTPs), and then mitigate their attacks. These attacks will be part of the normal network traffic landscape and that landscape can be an enormous haystack of traffic. Before trying to mitigate an attack, a blue team must find that attacker, or needle, in this haystack of normal network traffic
Identifying the threat is as important as mitigating it. Without appropriate background traffic, the red team is easily identified. Nearly as ineffective as no background traffic is bad background traffic. When blue teams start their hunting, they will analyze the traffic for clues to find the attackers. The quality and realism of the traffic is a very important aspect of any cyber range as synthetic traffic can be misleading. Keysight traffic generators provide random and realistic traffic that cannot be easily identified. Red teams now have the cover traffic to perform their operations and blue teams must hunt for their needles in a haystack of random and realistic traffic, just as they must do in the real world
Organization:
US Army National Guard
Challenges:
• Generate realistic legitimate internet-like network traffic
• Obfuscate malicious actions to challenge analysts in finding cyberattacks
Solutions:
Keysight’s BreakingPoint application and security test platform
Results:
Brought “immeasurable realism, context, and value to this year’s exercise”
O que você está procurando?