MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT

Transcription

1 MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT

2 WHO ARE WE? Faisal Kaleem Professor, Metro State Executive Director, MN Cyber Corey Blommel Cyber Range Instructor Anoka Ramsey College MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT 2

3 Cyber skill shortage most serious threats facing the enterprises INTRODUCTION Cyber Demand vs. Supply Emerging skill gap threat Cyber range training is the solution to the skill gap threat Enterprises can hire, qualify and retain highly effective workforce MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT 3

4 Cyber Security Market Worth Billion USD by 2021 Marketandmarkets analysis, 2017 MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT 4

5 Current Cybersecurity Skill Shortage MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT 5

6 REASONS FOR WORKER SHORTAGE BY REGION MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT 6

7 Training is Crucial to Gaining the Upper Hand on Threat Actors New technology can provide a false sense of security, as operating budgets do not take into account the time to support, maintain and operate the new technology thus it becomes ineffective. Threat actors have the upper hand when technology is not maintained and they develop ways to circumvent how it works. Continuous operational and security training, coupled with additional staff, are required to stay on the same level as threat actors. Verizon data breach MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT 7

8 Enterprise Cybersecurity Training MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT 8

9 WHO: Tier 1 Security Analysts WHAT: Incident Response - Triage, Investigation & Response Background: Current Corporate Policies / Standards Enforcing Policies and Standards Personal Responsibility for Actions Review Threats / Entry level - Expert Review Detection / Mitigation - Expert SIEM Review Incidence Response Range Simulation / Interaction / Review (3 Scenarios) Cyber Skill Level: Medium to High Duration: 2 full days Frequency: 2 times per year Responsibilities: Your Tier 1 Analysts are the first responders for all incoming security alerts. They are your organization s first line of defense. The better they do their job, the less the stress is put on everyone else. The Tier 1 analysts monitor and triage alerts, identifying high risk situations and make the decision to escalate events when necessary. They also perform preliminary incident investigations. Challenges: The threat landscape is constantly changing and these relatively less-qualified analysts often lack the experience in crisis and breach management. Their lack of knowledge and experience means they tend to escalate too many alerts, creating a burdensome backlog for the Tier 2 analysts. When Tier 2 analysts are overloaded with alerts, they have trouble dedicating their efforts to the most critical and difficult incidents. They also have difficulty mastering the large number of security tools they are expected to know how to use. Additionally, Tier 1 analysts suffer from alert fatigue, resulting from the overwhelming amount of alerts generated by all the SOC tools. Training: Simulation training, modeled after the events they deal with on a daily basis, as well as emergency situations, helps prepare Tier 1 analysts to react more efficiently and effectively in their daily work as well as emergent situations. Simulation training allows relatively new, inexperienced analysts to gain practical experience quickly, allowing them to build confidence and advance their skill level more quickly. MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT 9

10 Introducing MN Cyber Range The Flight Simulator for Cybersecurity MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT 10

11 MN CYBER RANGE The First Hyper-Realistic Simulation Platform for Cyber Security Training Complex attack simulation Customizable environment Real-life settings Collaborative training 11 MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT

12 Train a large scale trainee base Assure SOC team competence Provide Certification Hyper Realistic Simulation Allows You To Execute organization-wide training Practice and improve playbooks and procedures Evaluate cyber security posture Perform POCs in a stand alone realistic environment MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT

13 MN CYBER RANGE CAN HELP YOU Train and Retain Excellent Analyst Reduce Training Time and Costs Onboard New Analysts Faster Train on Exact Replica of your Network Custom Attack Scenarios Assess Processes and Technologies MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT 13

14 CUSTOMIZABLE NETWORK, TRAFFIC, Blue Team AND THREATS Simulated Network Red Team (optional) Threat Generator Traffic Generator Instructors 14 MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT

15 MN Cyber Training and Simulation Stand-Alone Environment for Training and for Testing Technologies and Methodologies Training and Qualification Testing technologies and security solutions Testing of security policy Real-time cyber event analysis Testing and analysis of event management and response R&D Lab MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT

16 IMPROVEMENT DRIVEN TRAINING MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT

17 Training Management System (TMS) Setup Training session setup includes network modification, team allocation, scenario selection, and goal definition Execution Initiation of training session allows normal traffic flow and threat injection into network, full view of trainee activity, goal tracking and scoring audit trail & timeline Summary & Debrief Training session replay allows focus on specific actions and points in time, scoring review, trainee evaluation, summary and training documentation 17 MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT

18 One of the Many Topologies MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT

19 Attack Execution/Observer Station MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT 19

20 Customize and adjust the Preconfigured Scenarios MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT 20

21 TRAINING TIMELINE MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT 21

22 DEBRIEFING MODULE MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT 22

23 TRAINEE EVALUATION MODULE MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT 23

24 TRAFFIC GENERATOR Source and destination of generated traffic Traffic type and protocol Duration of generated traffic Amount of network traffic by allowing creation of groups of flows MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT 24

25 SCADA Capability Scenario Characteristics Difficulty Level: Medium Estimated Time: 3 hours Required Skills Windows forensics IDS configuration Network forensics Scenario Objectives Becoming familiar with the SCADA network entities Learning how to investigate the SCADA network when a live physical attack on a SCADA system occurs MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT

26 HOW MN CYBER RANGE IS DIFFERENT Off-the-Shelf Content Content Creation Tools In-depth Scenario Documentation Instructor Feedback Support for IT and OT Environments On-Premise or Remote Capability Automatic Scenario Emulator Training focused on improving Individual and Team Skills Ability to plug-in other tools on a subnet MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT 26

27 Courses that MN CYBER offers New Analyst Skill Development Courses Expert Skill Enhancement Courses Team and Individual Training Courses Certification Courses Customized SOC Analyst Onboarding Certification Advanced Courses on Forensics Final check out exam MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT 27

28 Workforce & Program Development MN Cyber Academy Provider of industry certifications at a nominal cost MN Cyber Pathways A collaborative effort to develop a next generation cybersecurity curriculum for K-18 MN Cyber Residencies In-house Cyber Residencies for graduating MN Cyber Placements Internship, Apprenticeship and Placement opportunities with in/out state employers via dedicated recruiters MN Cyber Assistantships Paid Research Assistantship opportunities for both undergraduate and graduate students to work on exciting projects under Private, State, and, Federal Grants MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT 28

29 EDUCATIONAL OPTIONS AT METROPOLITAN STATE UNIVERSITY Bachelors of Applied Science (BAS) in Computer Forensics Bachelors of Science (BS) in Computer Science and Computer Information Technology BAS in Information Assurance (offered through MIS) A minor/certificate in Cybersecurity that can be combined with any majors A minor/certificate in Computer Forensics Master of Science (MS) in Computer Science with concentration in Cybersecurity Professional Science Master (PSM) in Computer Science with concentration in Cybersecurity A Graduate Certificate in Information Assurance (offered through MIS) A Minor/certificate in E-Discovery Upcoming BS in Cybersecurity in Spring 2019 Upcoming MS in Cybersecurity in Fall 2019/Spring 2020 MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT 29

30 Conclusion The cybersecurity skill gap is quickly developing into a national and global security crisis. Colleges and universities have a vital role to play in developing the highly skilled workforce needed to defend computer networks and keep businesses, public services and critical infrastructure against cyber assailants. Military and medical teams have always required extensive hands on training as an integral part of training requirements. Simulation training gives us the ability to develop top performing cybersecurity professionals and leaders in a short time period and in a cost-effective manner. MN CYBER RANGE will give your employees a competitive edge by providing state of the art training in cybersecurity MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT 30

31 Contact Info Faisal Kaleem LinkedIn: Kaleemf Corey Blommel LinkedIn: corey-blommel a MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT 31

32 DEMO Web Defacement Difficulty Level: Medium Estimated Time: 2 Hrs. Type: Blue Team Required Skills: Linux log management Apache web server Checkpoint firewall ArcSight Port Scanning Actions taken by the attacker to obscure the attack FTP Exploit Ping Sweep Scenario Objectives: Practicing Linux and Apache logging research and basic forensics Gaining hands-on experience with Apache, SSH client, and Linux management tools Gaining hands-on experience with an event of bruteforce and web defacement attack SSH Tunneling DB Authentication Brute Force Extract DB Data 32 MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT

33 THANK YOU QUESTIONS MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT 33