Note: header image for illustration purposes and is not directly associated with the unit mentioned in this article.
Recently, our team was asked to provide training for an operational military Cyber Protection Team (CPT). This unit, and many others, are working remotely due to the current global situation but still need a way to provide cutting-edge training to keep their operators sharp and mission-ready. This was a particularly important engagement to the team at Recon as we are a team composed heavily of veterans and current members of Reserve/National Guard components.
CPTs have very specialized needs to maintain mission readiness and operational proficiency. Leadership of this unit approached us asking for a solution that could meet these needs in a way that supports a remote workforce. Since our training environment is 100% remotely accessible, it made perfect sense to enable this CPT to carry out its training mission using our Network Defense Range (NDR).
We are able to directly map our scenarios and range capabilities to the DoD Cyber Joint Qualification Requirements (JQRs) to maximize the training value to military teams needing to maintain qualifications in an agile way.
Through a 2-day engagement involving multiple nation-state adversary emulations, we enabled more than 40 of their operators to satisfy nearly all Continuation Training requirements described for the following crew positions:
- Cyber Operators
- Host Specialists
- Network Specialists
- Cyberspace Crew Leads
We even incorporated their All Source Intel Analysts (ASIA) into the engagement by providing scenarios that very closely mimic actual nation-state threat actors that can be identified with proper research.
The objectives met by the engagement included the following core competencies, among many others:
- Terrain Mapping
- Network Baselining, Analysis, Anomaly Detection, and Investigation
- Host Baselining, Analysis, Anomaly Detection, and Investigation
- Operations Check of mission systems
- Data Aggregation & Analysis
- Network Traffic Collection, Intrusion Detection Analysis
- Element (Team) Execution of key objectives
- Mission Planning, Briefing, and Debriefing
The following quote is from the Chief of Training for this unit:
Recon did a great job providing a training range for us to use, and seasoned incident response (IR) coaches to guide team leads. The realism of the scenarios was comparable to top Cyber Command incident response exercises. Not only did we meet quarterly training objectives, we were able to operate as a team and improve our IR processes. We even integrated Intel personnel on the team by passing observables in TheHive for them to do open source research on. I highly recommend Recon and NDR for CPT training!
The engagement was a huge success, thanks to the forward thinking leadership of the unit, and the all-in participation of their mission operators.
Looking for training for your CPT or enterprise SOC/DFIR team? Let us know!
What is NDR?
NDR is a one-of-a-kind training platform that enables SOC analysts, threat hunters, and incident responders to go toe-to-toe with advanced adversaries in a low-stakes/zero-risk environment. We pride ourselves in the high-fidelity nature of our simulated environment from the organic traffic generation down to the simulated users on workstations carrying out their day-to-day tasks.
Amidst the noise of this busy enterprise network, sophisticated adversaries are doing what they do best, finding and exploiting weaknesses in the armor of this fictitious corporation. We go to great lengths to make these attacks comprehensively realistic to todays most prolific threats. It is up to participants to identify the initial intrusion vector and follow the adversary through the environment to fully identify intentions as well as actions-on-objective.
WHAT DO STUDENTS SAY ABOUT NDR?
"Absolutely fantastic course. Provides invaluable "live-fire" experience in incident response and threat hunting. Far better than any previous training (I've) taken."
"Cannot recommend highly enough!"
"Best hunt/detection class ever!"
"Course pushes you to think and use newly acquired skills."
"Great 'hands-on' experience. I love the fact that it is not 'death by powerpoint.' Instructors did a great job of mentoring and coaching through-out. Sharing real-world experience added to the course value. Lastly, the lab environment and recreating actual APT attacks was outstanding."
“Best course I’ve attended. Engaging, entertaining, and very educational.”
“One of the most entertaining/engaging courses done at Black Hat. Technical training of top quality”