CyberNEXS Global Services



Similar documents
Contestant Requirements:

Hackers are here. Where are you?

The Open Cyber Challenge Platform *

Hackers are here. Where are you?

i Network, Inc Technology Solutions, Products & Services Providing the right information, to the right customer, at the right time.

EC-Council Certified Security Analyst (ECSA)

Cisco Advanced Services for Network Security

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Cyber Learning Solutions

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

Analyze. Secure. Defend. Do you hold ECSA credential?

The Importance of Cybersecurity Monitoring for Utilities

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Cyber Exercises, Small and Large

Penetration Testing. University of Sunderland CSEM02 Harry R Erwin, PhD

Information Technology Cluster

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

SCADA Security Training

A Biologically Inspired Approach to Network Vulnerability Identification

Information Technology Security Review April 16, 2012

Global Cyber Range (GCR) Empowering the Cybersecurity Professional (CyPro)

INTERNATIONAL CYBEREX 2015

Defensible Strategy To. Cyber Incident Response

Defending Against Data Beaches: Internal Controls for Cybersecurity

CYBER SECURITY TRAINING SAFE AND SECURE

A POLYCOM WHITEPAPER Polycom. Recommended Best Security Practices for Unified Communications

THE TOP 4 CONTROLS.

Unified Security Management and Open Threat Exchange

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

The fast track to top skills and top jobs in cyber. Guaranteed.

An Integrated CyberSecurity Approach for HEP Grids. Workshop Report.

NETWORK SECURITY (W/LAB) Course Syllabus

The fast track to top skills and top jobs in cyber. Guaranteed.

Information Security Attack Tree Modeling for Enhancing Student Learning

The SIEM Evaluator s Guide

The Future Is SECURITY THAT MAKES A DIFFERENCE. Overview of the 20 Critical Controls. Dr. Eric Cole

Department of Management Services. Request for Information

Unit 3 Research Project. Eddie S. Jackson. Kaplan University. IT540: Management of Information Security. Kenneth L. Flick, Ph.D.

Vulnerability Management

Network and Host-based Vulnerability Assessment

NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense

Prevent cyber attacks. SEE. what you are missing. Netw rk Infrastructure Security Management

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Introduction to Cyber Defense Competition. Module 16

OVERVIEW DEGREES & CERTIFICATES

Implementing Cisco IOS Network Security v2.0 (IINS)

IT INFRASTRUCTURE MANAGEMENT SERVICE ADDING POWER TO YOUR NETWORKS

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

DeltaV System Cyber-Security

Wasting Money on the Tools? Automating the Most Critical Security Controls. Mason Brown Director, The SANS Institute

Goals. Understanding security testing

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

EC-Council. Certified Ethical Hacker. Program Brochure

NERC CIP VERSION 5 COMPLIANCE

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

THE CHALLENGES OF CYBERSECURITY TRAINING

Introduction to Cybersecurity Overview. October 2014

WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION

Cyber R &D Research Roundtable

Cisco Security Optimization Service

Bellevue University Cybersecurity Programs & Courses

Solving the CIO s Cybersecurity Dilemma: 20 Critical Controls for Effective Cyber Defense

Cyber Security Day: Creating a Mock Cyber Competition Event to Increase Student Interest in Cyber Security

2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy

Enterprise Cybersecurity: Building an Effective Defense

PENETRATION TESTING GUIDE. 1

90% of data breaches are caused by software vulnerabilities.

defense through discovery

INSIGHTS AND RESOURCES FOR THE CYBERSECURITY PROFESSIONAL

Security-as-a-Service (Sec-aaS) Framework. Service Introduction

Anthony J. Keane, MSc, PhD and Jason Flood, MSc Information Security & Digital Forensics Research Group Institute of Technology Blanchardstown

Persistence Mechanisms as Indicators of Compromise

TEACHING COMPUTER SECURITY TO UNDERGRADUATES A Hands-On Approach

CIT 480: Securing Computer Systems. Vulnerability Scanning and Exploitation Frameworks

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Verve Security Center

RARITAN VALLEY COMMUNITY COLLEGE COURSE OUTLINE. CISY-274 Privacy, Ethics & Computer Forensics

Information Systems Security Certificate Program

Cybersecurity Health Check At A Glance

Principles of Information Assurance Syllabus

SANS Top 20 Critical Controls for Effective Cyber Defense

Logical Operations CyberSec First Responder: Threat Detection and Response (CFR) Exam CFR-110

NEW YORK INSTITUTE OF TECHNOLOGY School of Engineering and Technology Department of Computer Science Old Westbury Campus

Extreme Networks Security Analytics G2 Vulnerability Manager

FedVTE Training Catalog SUMMER advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles

Transcription:

CyberNEXS Global Services CYBERSECURITY A cyber training, exercising, competition and certification product for maximizing the cyber skills of your workforce

The Cyber Network EXercise System CyberNEXS CyberNEXS accelerates the development of cyber skills to recognize and defend against cyber attacks, conduct forensic analysis and assess (penetration test) your critical information resources. It provides a web-based network management tool and graphical displays that aid in real-time feedback and focused training. CyberNEXS will simultaneously exercise IT staff in an environment that emulates a corporate infrastructure to enhance a real-world training experience. Fight as You Train CyberNEXS Benefits Live, realistic and available from anywhere in the world, CyberNEXS prepares your security professionals, network administrators, system administrators and students with the tools and skills they need to effectively protect and defend your critical IT systems against today s real-world threats. Trains onsite or remotely against real-world, live cyber threats Exercises skills in secure configuration, vulnerability assessment, intrusion detection, incident mitigation and forensics Trains in a separate environment with most functionality of customer networks Provides real-time feedback, through performance-based testing, to reinforce and focus training Performs automated analysis of the individual and the team Trains as a team to measure the level of knowledge and proficiency Uses reconfigurable system architecture to emulate customer environment Lite Mode enables scalability to thousands of simultaneous Internet-based contestants Permits Red, White, Blue and Green Team functions to be performed from any location The CyberNEXS Team has been recognized for its contribution to Science, Technology, Engineering and Mathematics (STEM)- related support. These important cyber competitions are conducted to encourage high school and middle school students to pursue a career in cybersecurity.

SAIC is a leader in delivering cybersecurity training and exercising to trainees from age 12 plus, including the most expert professionals such as those found in the Maryland Cyber Challenge and Conference. Essential Cyber Training Phases CyberNEXS supports four essential training phases: Instruction Classroom Teaches facts Demonstrates techniques Permits questions and answers Exercise Live Lab Reinforces learning Provides students with hands-on experience Enables real-time feedback using trial and error method Competition Game Measures individual or team performance Enables participants to share knowledge It s fun and stimulates contestants to learn more Certification Demonstrate Practical Knowledge Provides final verification of competency level Certifies applicants against varying levels of difficulty and pressure CERTIFY INSTRUCT EXERCISE COMPETE Games Available SAIC is dedicated to maintaining the most up-to-date library of target configurations and hacker exploits, as well as continuing to offer a greater variety of training and exercising modules. These games* focus on four methods: Defense, Forensics, Attack, and Attack/Defend. 1. CyberNEXS Defense (CND) Competitors defend a network being attacked by a live, while maintaining critical services and securing hosts, detecting and mitigating activity and other misuse, and communicating findings. 2. CyberNEXS Forensics (CNF) This game involves finding and reporting evidence of intrusions, discovery of malware, analysis of payloads, analysis of logs and networks, and tracking attackers. 3. CyberNEXS Attack/Penetration Testing (CNA) Requires assessing targets for vulnerabilities, exploiting and compromising to verify vulnerabilities. Players report any artifacts, which include system administration details, credit card information, trust relationships, system and application misconfigurations, and patching issues. 4. CyberNEXS /Capture The Flag (CTF) In this game players compromise and control targets, maintain control of targets, and secure targets against other teams compromise. The longer a team holds a target, the more points they earn. *All games capable of King of the Hill scenario.

CyberNEXS Training Why Competition? Over the last four years, SAIC has been delivering cybersecurity training and exercising to over 100 government, Department of Defense, and commercial events around the world. In every engagement, we have found that the challenge of the competition brings out the best in people. They not only prepare harder to be the best, but they perform follow-up training to discover what they didn t know during the competition. Why Training? CyberNEXS is the perfect platform for instruction and exercise, reinforcing training materials through hands-on trial-and-error feedback. Curriculum would include instructional material followed by lab directions and student interaction with CyberNEXS. With the new emphasis on performance-based testing to truly evaluate a person s ability to practically apply learned knowledge, CyberNEXS is the platform for preparing in the real environment with real-time feedback. Blue Team Scorebot Internet External Switch VLAN Scorebot Internal Switch VLAN Router IDS Firewall IDS M an ua l Blue Team Players defend IT resources, including Windows and UNIX servers and desktops, switches and routers, firewalls and intrusion detection systems (IDSs). Responds to attacks. Referees and monitors the score, responds to Blue Team trouble tickets, and provides required resources. Launches real-world attacks to challenge how well Blue Team has hardened its systems. External VLAN DMZ VLAN Internal Switch VLAN

Cybersecurity Training Requirements The system is self-contained; it never touches the operational environment. It emulates the users operational environment using standard Windows, UNIX, network management interface, and network and security devices. It is a realistic, live environment with real-time, automated, quantitative scoring. There is a capability to rerun the same scenario providing the same results. The system is available anytime, anywhere, and the complexity of the training can be scaled to the users level. It is automated for ease of use, and the outbrief capability shows status, trends and scores for rapid feedback. Post-Exercise Reconstruction At the end of the exercise, the instructor can freeze the training scenario and debrief the students with various charts and graphs, as well as the documented student communication. This review of the perceived and real situational environment greatly aids the students as they begin to understand and compare what they did versus what actually happened. Through this trialand-error method the students apply their knowledge and improve their skills.