The company thrusts chief executives and employees of all stripes into simulated attacks so they can learn how to make quick, often hard decisions that might one day determine if their business suffers a major data breach or takes a huge financial hit. Like war games that the military uses to prepare for combat, interactive games and simulations are becoming part of defense arsenals aimed at helping companies and other organizations cope with increasingly complex threats. Symantec (SYMC) is rolling out a cloud-based, hands-on cybersecurity simulation that customers can access from anywhere and engage in realistic training scenarios, CEO Michael Brown told IBD. "We have been expanding our offerings for customers who find security a pretty complex area and would like some help managing that," Brown said. "We have a managed security service offering and expanded that to incident response — what to do if you're breached. You can call us and we can help you by parachuting a team in. Simulations have long been part of well-known hacker competitions such as the long-running Def Con event, to be held Aug. 6-9 in Las Vegas. But security companies, consultants and others are applying game elements to non-game activities, creating software developed with traditional gaming techniques and technologies. Simulations can thrust people and a computer network into realistic situations. Palo Alto Networks' (PANW) cloud-based virtual malware analysis environment, called WildFire, can mimic company or government computers. A virtual "sandbox" security mechanism sifts through and analyzes unknown files to identify malware and other threats so as not to expose and harm a company or agency's network, says Scott Simkin, senior cyber analyst for Palo Alto Networks. "WildFire is essentially applying a magnifying glass to all that activity that has never been seen before," Simkin said. "You basically turn all of your devices into a sensor for unknown threats — a piece of malware or exploit that has completely been able to bypass traditional security solutions, whether they be firewalls or antivirus. It's the really bad, unknown, advanced and targeted threats that WildFire is built to handle. Once detected, WildFire automatically creates new protections and informs thousands of WildFire subscribers about the threats as they're being blocked. Simkin says that simulation and live training puts information technology security staff "into the weeds, so to speak. "Yes, you need user education and training," Simkin said. "But I would say it's on us, in the security industry as practitioners in the field, to do a better job of implementing the best technologies that we have to protect the users. Palo Alto Networks' teams participate in simulated games such as Pacific Endeavor, an annual multinational exercise where teams defend against cyberattack scenarios such as infection from virus, trojans and spyware. Symantec developed the Cyber Readiness Challenge, an offshoot of its internal CyberWar Games, which it offers to its customers online and in nearly two dozen countries. Check Point Software Technologies (CHKP) and Blackfin Security collaborate on simulation exercises for customers, such as a "hacker academy" and "capture the flag" competitions modeled after real attack scenarios. Security experts say that unlike assessments that evaluate a company's firewalls and other cyberdefenses, cybergames are a way to practice responses and identify gaps in preparedness and response plans. Participants can see what unexpected decisions they might face and whether they can communicate across departments while under attack. Every year, nearly 1,000 banks and other financial institutions take part in CAPP — Cyber Attack (against) Payment Processes — an event put on by the Financial Services Information Sharing and Analysis Center, a nonprofit industry group formed by financial companies to share information about cyberthreats. "It's one thing to have your cyber incident playbook ready to go, but practicing realistic drills based on current and anticipated threats is the best way to be prepared," said FS-ISAC CEO Bill Nelson. "Over the past five years, thousands of security practitioners and corporate teams have benefited from these exercises. We've carefully crafted and calibrated each exercise to help test existing preparation, help security teams engage across their organizations and identify areas for enhancement. Simkin says that some cybercriminals have developed complex underground economies over the past decade, with "boardrooms" better organized and equipped than many companies. "These are often serious people with serious goals," Simkin said, particularly groups out to steal intellectual property, medical records and identification information that they can sell. Hackers are developing malware that can change Internet Explorer security settings, go into "sleep mode" for 10 hours to avoid detection or outsmart off-the-shelf security programs. To defeat the sophisticated attacks, Simkin says that enterprises are embracing a security platform that combines next-generation firewalls, URL filtering, threat and endpoint protection and other strategies. It's not just security companies that are getting into the game. Consulting firm PricewaterhouseCoopers has a new hacking simulator called "Game of Threats" for corporate clients such as banks and retailers. The game not only makes the experience of a cyberattack real, but it also gives executives insight as they assume the role of hacker and defender, PwC global cybersecurity leader David Burg told IBD. The law firm Cooley, with 850 lawyers across 12 offices in the U.S, Europe and China, has joined FBI agents and other security experts to offer clients training through simulated cybergames. And teams from Massachusetts Institute of Technology and the University of Cambridge began staging a cyberwar in January in an exercise to learn by stealing secrets from each other's computers.
|