This installment of the “Living our Mission” blog series features Circadence’s Rajani “Raj” Kutty, Senior Product Manager.
Raj is fascinated by technology’s evolution in the marketplace and that interest has informed her career path toward success. She achieved her masters degree in computer science from University of Pennsylvania in 2003. From there, she spent 15-16 years in the tech industry and has always been interested in the everchanging advancements in technology. Her tech background consists of Java programming, business analysis and product management. In the beginning of her career, she worked on mobile app designs, web app development, and programming for various industries including finance, insurance, retail, and more. For the last 10 years, she’s moved into the direction of product management. Her shift into this area began because she enjoys building a roadmap for product development and seeing it through the various stages from identifying a problem in the market, and creating a product that solves pain points for customers. Her experience working with many different industries provides an advantage to Circadence since she has a first-hand understanding of why these businesses can benefit from additional cyber security training to protect company assets.
Raj started at Circadence about 7 months ago and was immediately captivated by the concept of cyber readiness and the security industry as a whole. Throughout her profession, she noticed a growing issue many companies faced: a lack of cyber security awareness and training. Over the years, she heard a lot about the cyber workforce shortage and knew the first step to creating a solution for this problem was to get the user engaged with the right type of training. In her mind, if the user is engaged in training, then it would result in better cyber defense for the organization. Her previous work experience, thoughts about cyber security readiness and ideas around engaged training were validated when she heard what Circadence was doing to help companies be “cyber ready” using gamified learning platforms. In the past, training would consist of a video, classroom lecture or reading textbooks- something dry and boring, she said. Raj felt Circadence offered a unique solution to get people interested in cyber security, which could lead to more strategic cyber defense performance and possibly minimize the cyber workforce gap.
“Training has to be fun and interesting to the user, while still being effective. I feel like Circadence is offering this to the cyber workforce in a game-play mode, which is more engaging for the user.”
Day to day, Raj works with different departments and team members at Circadence developing product strategy and bringing a product roadmap to life. Her knowledge across many industries helps ensure our products meet the needs of different organizations, while still maintaining in-depth cyber training and ease-of-use for the customer. Much like planning a road trip, which requires knowledge of route to destination, Raj leads her team every day by investigating and communicating strategy and plans to determine where they need to go next to bring the product to market.
Her main focus over the last couple months has been a new portal Circadence is developing called CyberBridge. CyberBridge is the entry point at which users can access all Circadence cyber learning platforms including Project Ares®, inCyt®, Orion® and more. It’s a global SaaS platform that offers different types of cyber training content for different markets.
“I love that I get to help design a product that addresses the cyber challenges across different industries and the ability to provide a readiness solution pertinent to each sector’s security pain points.”
The products Raj helps map to market fulfills her goal of bringing much-needed cyber awareness and training solutions to everyone and every business. Her perspective: With every tech integration, Bluetooth connection, and device-to-device communication we implement to make our working lives easier, we inherently increase our cyber risk as our attack surface widens. There are no signs of a slowing tech usage, hence why the importance of cyber awareness continues to grow each day. When we talk about how businesses need to protect themselves, we’re really talking about the people of a business, since people are what make up a company. In today’s world of escalating cyber threats, it’s everyone’s responsibly to gain cyber awareness to protect a company.
“Cybersecurity is like community immunity, when everyone gets vaccinated, we are improving and protecting our greater community, and cyber security works the same way.”
In this third and final post in the series, Microsoft’s Mark McIntyre addresses more advanced SecOps scenarios that an experienced cyber practitioner would be concerned with understanding.
As we enter the New Year, one thing is certain: cyber attacks aren’t going anywhere. Enterprise companies have been tasked with defending their networks from unyielding cyber crooks who want a piece of the pie for themselves. What’s on the horizon for enterprise security threats in 2020? We’ve got a few predictions.
Deep Fake technology can create fake but incredibly realistic images, text, and videos. Computers can rapidly process numerous facial biometrics, and mathematically build or classify human features, to mimic a person or group of individuals for public manipulation. Bloomberg reports the tech is becoming so sophisticated, detecting a DeepFake video from a real one, is getting harder and harder to differentiate for viewers.
While the technical benefits are impressive, underlying flaws inherent in all types of Deep Fake models represent a rapidly growing security weakness, which cyber criminals will exploit. It will be critical for businesses to understand the security risks presented by facial recognition and other biometric systems and educate themselves on the risks as well as hardening systems that require/use facial recognition.
API and Cloud vulnerabilities
An application programming interface (API) is an interface or communication protocol between different parts of a computer program intended to simplify the implementation and maintenance of software. APIs are an essential tool in cloud environments, acting as a service gateway to enable direct and indirect cloud software and infrastructure services to cloud users.
A recent study showed more than three in four organizations treat API security differently than web app security, indicating API security readiness lags behind other aspects of application security. The study also reported that more than two-thirds of organizations expose APIs to the public to enable partners and external developers to tap into their software platforms and app ecosystems. Threat actors are following the growing number of organizations using API-enabled apps because APIs continue to be an easy – and vulnerable – means to access a treasure trove of sensitive data. Despite the fallout of large-scale breaches and ongoing threats, APIs often still reside outside of the application security infrastructure and are ignored by security processes and teams.
With the rollout of 5G continuing in 2020, we will see an increase in the volume and speed of data theft. The AT&T Cybersecurity Insights Report: Security at the Speed of 5G, shows that larger enterprises are not prepared for the security implications of 5G. The top cyber security concerns that came back in this report were:
- Larger attack surface due to the massive increase in connectivity
- Greater number of devices accessing the network
- The extension of security policies
- Authentication of a larger number and wider variety of devices.
As more 5G devices enter the network, organizations must prepare for the onslaught of added security threats.
Ransomware attacks evolve
Ah, ransomware, seemingly every hacker’s favorite extortion tool. According to McAfee Labs 2020 Threat Prediction Report, the increase of targeted ransomware has created a growing demand for compromised company networks. This demand is met by criminals who specialize in penetrating company networks and sell complete network access in one go.
“I expect that the ransomware used will continue to become more advanced. I am concerned that some threats have just become more stealthy, or are working toward that, and that readily available ransomware will enable even novice criminals to maintain stealth. Organizations are spending more resources to defend against ransomware, which might drive out a few of the lesser players, but any organization with resources will still see ransomware attacks happen as a fast and easy way for financial gain, so hackers will continue to pursue advancements.” ~ Karl Gosset, VP of Content Development at Circadence
It’s clear that the threat landscape will continue to grow and become more sophisticated in the coming year, which means it’s time for businesses to step up their security game.
Circadence believes that the best way to do this is through cyber learning games themselves! Our flagship product, Project Ares, delivers real-world attack scenarios in a safe, online range environment and allows users to practice and hone their cyber skills through the use of games. With missions specific to enterprise threats, such as Operation Crimson Wolf and Operation Desert Whale, Project Ares will ready your organization for any looming threats like these. By using a gamified cyber learning platform like this for your security teams in 2020, you can readily pop some champagne and dance the night away, knowing your enterprise is better protected in the new year.
Cyber attacks seem to grow more sophisticated and menacing with each passing year. No industry understands this better than finance, as their enormous stores of cash and sensitive data make them a prime target for hackers year-round. Let’s look ahead at four trends that are likely to play a role in 2020’s biggest banking hacks and share how we can help harden financial services firm’s security posture to prevent attacks.
Ransomware attacks will evolve
Ransomware attacks are believed to cost victims billions of dollars every year, as hackers deploy technologies that enable them to literally kidnap an individual or organization’s databases and hold all of the information for a ransom. As companies continue to focus on building stronger defenses to guard against ransomware breaches, some experts believe hackers will increasingly target other potentially profitable ransomware victims such as high-net-worth individuals.
Biometric security leaks and anti-fraud system bypass
A new report from cyber security company Kaspersky states that cybercriminals have created a huge underground market called Genesis, which sells digital fingerprints of online banking users from all over the world. There have also been several biometric database security leaks in the last year, the most notorious of which was the Biostar 2 database, which included the exploitation of biometric data of over 28 million people. With biometric leaks on the rise, this will make it easier for hackers to bypass anti-fraud systems to gain access to online bank records.
Increased third party risks
Banks have not been impervious to the decentralization of IT that has affected most enterprise businesses. As organizations become increasingly reliant on third-party vendors for their day-to-day operations, financial services firms must be continuously monitored for cyber security vulnerabilities. Lack of awareness of how third-party security services operate could cost banks millions in 2020 and beyond. Ensure your cyber team is not only monitoring its own vulnerabilities but that of its outsourced security as well.
Big banks are starting to dip their toes in the crypto waters, with one in five financial firms saying they might start trading cryptocurrencies. However, crypto exchange has had many hacks of its own, including the largest in history, which happened earlier this year. Japanese crypto exchange, Coincheck, was drained of coins worth a total of roughly $534 million. In the first half of 2019 alone, hackers have stolen approximately $4.26 billion worth of crypto currency. It’s possible that the involvement of major financial institutions will shore up the security of the crypto industry — but if the past is any indicator, extreme measures will have to be taken to ensure the security of these digital currencies.
So, how can financial institutions continue to grow and adapt to new technologies while keeping their stores of information and constituent’s wealth safe from adversaries?
Circadence has a solution: our gamified cyber learning platform, Project Ares. Project Ares can be used by everyone at your institution from the Chief Financial Officer to IT teams. With persistent, hands-on learning in a safe, browser-based environment, financial services security teams can stay up to date on the latest threats and feel prepared to keep them at bay. With finance specific missions such as Operation Wounded Bear and Operation Crimson Wolf, your team can practice combatting hackers anytime, anywhere. Don’t let your finance company be the next one making headlines for a data breach, see what Project Ares can do for you.
Every year hackers come out of the woodwork to target various companies, specifically around the holiday season. In fact, cyber attacks are estimated to increase by as much as 50 – 60% over the holidays. With staff often spread thin and consumers taking advantage of online shopping and banking for added convenience, the timing is perfect for HR professionals to stay vigilant with how they onboard new employees with cyber education while encouraging good cyber hygiene among existing colleagues. Understanding the risks employees come across while online, how to train them to detect and mitigate these risks, and how you as an HR manager can ensure continued efforts to harden security posture will make you a cyber safety hero this holiday season!
While IT and cyber professionals are primarily responsible for securing a company’s networks and ensuring teams are up to snuff, the reality is that cyber risk extends beyond what occurs in the server room. Human error continues to be one of the top reasons cyber attacks are successful. This means that not only do security teams need to be trained, but cyber training across every department, with every employee who works on a computer, is essential to obtain and maintain good cyber hygiene across the company. If every employee in your organization understands how their actions can impact overall company security, more personal responsibility will be taken to maintain cyber safety.
Don’t fret! HR professionals need not be masters in cyber security. There are great tools out there to help anyone learn the basics and be able to share their foundational learning with others. So, what are some of the things you can learn and train employees on to mitigate attacks?
- Phishing emails – With inboxes flooded daily, it can be hard to spot potential threats in emails. Hackers send targeted emails that may address a work-related matter from a co-worker or manager. One click on the wrong email, and you could be infecting your business device with malware. It is important every employee understand what suspicious emails “look” like and how to avoid nefarious click bait.
- Using company devices for personal work – It’s an easy thing to do – grab a work device off the counter and start online shopping, emailing friends and family, or finally getting around to baking that chocolate chip cookie recipe from Martha Stewart. However, accessing un-secured sites and opening personal, and potentially phishing, emails on a work computer puts companies at risk. As an HR manager, you must recognize this common occurrence and be able to speak to it with your staff. If a hacker is able to gain access to a business computer through an employee’s personal use, they gain access to all of the company information on that employee’s device as well.
- Using personal devices to conduct business – The same can be said for using personal devices to conduct business. It can be difficult to “turn off” after work hours and many employees answer some work emails on their cell phone, or load a work document on his/her personal tablet or laptop. When company staff access potentially sensitive business documents on their personal device, they risk leaking that information to a hacker. To prevent attacks company-wide, HR pros must be aware of how often this type of behavior occurs and work closely with their IT department to learn how company networks are secured when remote access is granted to employees outside of home and work IP addresses.
HR managers: Spread good cyber hygiene!
Security awareness training is becoming increasingly prevalent at companies that know what it takes to have good cyber hygiene. According to a recent report by Infosec, about 53% of U.S companies have some form of security awareness training in place. While this is still barely over half, it’s a start. So what can you do to rank among companies leading the charge in cyber security?
- Offer continuous training – Cyber security awareness training is not a “one and done” event. This kind of training should continue throughout the year, at all levels of an organization, and be specific to different job roles within the company. Technology is always changing, which means the threatscape is too. When you are battling a constantly shifting enemy, your employees need to be vigilantly trained to understand each shift.
- Perform “live fire” training exercises – Live fire exercises (LFX) happen when users undergo a simulated cyber attack specific to their job or industry. One example is having your IT department send out a phishing email. See how many people click on it and show them how easily they could have been hacked. This data can be used to show progress, tailor problem areas, and train to specific threats as needed.
- Stress the importance of security at work and at home – Showing employees the benefit of cyber awareness in the workplace translates to awareness at home as well. Help prospective and existing employees gain a wide breadth of understanding about cyber best practices by making learning approachable instead of unattainable or intimidating.
- Reward good cyber hygiene – Reward employees who find malicious emails or other threats with your company’s IT team and share success stories of how employees helped thwart security issues with vigilant “eyes” on suspicious activity. Equally, it is important to also empathize with employees who make mistakes and give them the tools to learn from their mistakes. Many employees receive hundreds of emails each day, and while training tips and education are helpful tools, it is not a perfect solution.
Training employees to be cyber aware can be difficult unless a structured program and management strategy is in place. We’re here to help! Circadence’s security awareness platform, inCyt, is coming soon! inCyt allows employees to compete in cyber-themed battles and empowers them to understand professional and personal cyber responsibility. By cultivating safe cyber practices in virtual environments, HR managers can increase security awareness and reduce risks to the business.
To learn more and stay in the know for upcoming product launches, visit www.circadence.com
Award winning cyber learning platform provides new features to improve training scalability, content access, and new learning exercises
According to CIO magazine, about 96% of organizations use cloud services in one way or another. In partnership with Microsoft, we are proud to announce that Circadence has redesigned its Project Ares cyber learning platform to fully leverage a cloud-native design on Microsoft Azure. This new, flexible architecture improves cyber training to be even more customized, scalable, accessible, and relevant for today’s professionals.
This transition to cloud infrastructure will yield immediate impacts to our current customers.
- Increased speeds to launch cyber learning battle rooms and missions
- Greater ability to onboard more trainees to the system from virtually any location
- More access to cyber training content that suits their security needs and professional development interests
Proven success at Microsoft Ignite
At the recent Microsoft Ignite conference (November 2019), more than 500 security professionals had the opportunity to use the enhanced platform. Conference participants set up CyberBridge accounts and then played customized battle rooms in Project Ares. Microsoft cloud-based Azure security solutions were integrated into the cloud-based cyber range to provide an immersive “cloud-in-cloud” sandboxed learning experience that realistically aligned to phases of a ransomware attack. The new version of Project Ares sustained weeklong intensive usage while delivering on performance.
So what’s new in the new and improved Project Ares?
Curriculum Access Controls for Tailored Cyber Learning
One of the biggest enhancements for Project Ares clients is that they can now control permissions for training exercises and solution access at the user level. Customer Administrators will use the new CyberBridge management portal to tailor access to Circadence training exercises for individual users or groups of users.
Single-sign-on through CyberBridge enables the alignment of training exercises to individuals based on their unique learning requirements including:
- Cyber skill-building exercises and complex missions within Project Ares for cyber professionals
- Cyber foundation learning with Cyber Essentials tools for the IT team
- Security awareness training with inCyt for general staff
Cyber Essential learning tools and the inCyt game for security awareness will be added to CyberBridge over the next several months. With the capability to pre-select training activities reflective of a company’s overall security strategy, enterprise security managers can call the shots.
“As the administrator, you now choose what curriculum content your team should have. “This provides more flexibility in cyber training for our customers in terms of what they can expose to their teams.” ~ Rajani Kutty, Senior Product Manager for CyberBridge at Circadence.
Greater Scalability and Performance in Cyber Training
With a cloud-native architecture design, Project Ares can support more simultaneous users on the platform than ever before. Project Ares can now handle over 1,000 concurrent users, a significant improvement over historical capacity of 200-250 concurrent users on the platform. The combination of content access control at the group or individual level and the increased scalability of Project Ares creates a solution that effectively spins up cyber ranges with built-in learning exercises for teams and enterprises of any size. Additionally, this means that no matter where a cyber learner is geographically, they can log on to Project Ares and access training quickly. We see this as similar to the scalability and accessibility of any large global content provider (e.g. Netflix)—in that users who have accounts can log in virtually anywhere in the world at multiple times and access their accounts.
Now that Project Ares can support a greater volume of users on the platform, activities like hosting cyber competitions and events for experts and aspiring security professionals can be done on-demand and at scale.
“We can train more people in cyber than ever before and that is so impactful when we remember the industry’s challenges in workforce gaps and skills deficiencies.” ~ Paul Ellis, Project Ares Senior Product Manager at Circadence
The previous design of Project Ares required placing users in “enclaves” or groups when they signed on to the system to ensure the content within could be loaded quickly without delay. Now, everyone can sign in at any time and have access to learning without loading delays. It doesn’t even matter if multiple people are accessing the same mission or battle room at the same time. Their individual experience loading and playing the exercise won’t be compromised because of increased user activity.
Other performance improvements made to this version of Project Ares include:
- Quicker download speeds of cyber exercises
- Use of less memory on user’s computers, and resulting longer battery life for users, thanks to lower CPU utilization.
- These behind-the-scenes improvements mean that training can happen quicker and learning, faster.
New Cyber Training Content
One new Mission and three new Battle Rooms will be deployed throughout the next few months on this new version of Project Ares.
- Mission 15, Operation Raging Mammoth, showcases how to protect against an Election attack
- Battle Rooms 19 and 20 feature Splunk Enterprise installation, configuration, and fundamentals
- Battle Room 21 teaches Powershell cmdlet (pronounced command-lets) basics
Mission 15 has been developed from many discussions about 2020 election security given past reports of Russian hacktivist groups interfering with the 2016 U.S. election. In Operation Raging Mammoth, users are tasked to monitor voting-related systems. In order to identify anomalies, players must first establish a baseline of normal activity and configurations. Any changes to administrator access or attempt to modify voter registration information must be quickly detected and reported to authorities. Like all Project Ares Missions, the exercise aligns with NIST/NICE work roles, specifically Cyber Defense Analyst, Cyber Defense Incident Responder, Threat/Warning analyst.
Battle Rooms 19 and 20 focuses on using Splunk software to assist IT and security teams to get the most out of their security tools by enabling log aggregation of event data from across an environment into a single repository of critical security insights. Teaching cyber pros how to configure and use this tool helps them identify issues faster so they can resolve them more efficiently to stop threats and attacks.
Battle Room 21 teaches cmdlet lightweight commands used in PowerShell. PowerShell is a command-line (CLI) scripting language developed by Microsoft to simplify automation and configuration management, consisting of a command-line shell and associated scripting language. With PowerShell, network analysts can obtain all the information they need to solve problems they detect in an environment. Microsoft notes that PowerShell also makes learning other programming languages like C# easier.
Embracing Cloud Capabilities for Continual Cyber Training
Circadence embraces all the capabilities the cloud provides and is pleased to launch the latest version of Project Ares that furthers our vision to provide sustainable, scalable, adaptable cyber training and learning opportunities to professionals so they can combat evolving threats in their workplace and in their personal lives.
As this upward trend in cloud utilization becomes ever-more prevalent, security teams of all sizes need to adapt their strategies to acknowledge the adoption of the cloud and train persistently in Project Ares. You can bet that as more people convene in the cloud, malicious hackers are not far behind them, looking for ways to exploit it. By continually innovating in Project Ares, we hope professionals all over the globe can better manage their networks in the cloud and protect them from attackers.
Students at Milam Elementary were learning about cyber security through a computer game, and they are also hearing from someone who helps fight cyber threats every day. The Cyber Day demonstration is sponsored by Circadence.
Not everyone gets into the holiday spirit, but whether or not your stockings are hung by the chimney with care, there are real world cyber grinches out there looking to steal holiday joy and sensitive data. The Financial Sector in particular is a high-profile target for hackers in the cyber industry year-round but the holiday season has historically attracted a larger quantity of cyber criminals who conduct attacks designed to steal money, social security numbers, addresses, and other sensitive information. The volume of e-commerce and e-banking transactions that occur during the holiday season provide ample opportunities for hostile actors to exploit financial institution networks. Specifically, “attacks on SWIFT—the leading global network for money and security transfers—alone cost $1.8 billion year-to-date” Forbes reports. To understand just how vulnerable banking and financial organizations are, let’s review the attacks that financial cyber teams should look out for and then discuss systemic solutions to safeguard finance networks, companies, and their stakeholders.
Financial institutions are susceptible to any of the following cyber attack types:
- Distributed Denial-of-Service Attacks (DDoS) – DDoS attacks are a weapon that has historically been leveraged against the financial sector. These attacks occur when multiple systems flood the resources of a single targeted system. One of the most historic DDoS attacks occurred back in 2012 when a whopping 6 banks in the US including Bank of America, JP Morgan Chase, U.S. Bancorp, Citigroup, and PNC Bank, were hit by a string of DDoS attacks. Each bank was hit with an unusually high volume of internet traffic, resulting in customers experiencing difficulty when logging into mobile banking apps. This form of malicious vandalism disrupted service and, like many DDoS attacks, acted as a political statement where the hackers sought to shed light on their perceptions of banking organizations. Past evidence has suggested that DDoS attacks actually increase as the holiday season approaches, as consumers are spending more and utilizing mobile banking more frequently. In fact, security firms report a 150% increase in DDos attacks between the summer months and the end of the year.
- Ransomware – Ransomware can be delivered through various online channels, including through phishing tactics and Remote Desktop Protocol (RDP). RDP allows computers to connect to each other across a network, so that remote users can gain access to various applications on virtual desktops. Cyber criminals may take advantage of financial institutions by deploying ransomware over the holiday season, at a time when stakeholders (aka consumers) may need increased access to funds for purchases. According to a report by TechTarget, most ransomware attacks typically occur during the holidays when network admins and other IT staff are spread thin.
- Web-Application Attacks – The expansion of online and digital services, including mobile apps, has increased the surface for web application attacks. A web application attack is just that – a hacker gains access to an app through a system vulnerability and is able to access sensitive information. For financial institutions, this relates to online banking, banking apps, and web applications that banks use such as SWIFT mentioned above. According to a report by Akamai, “Looking at the assorted web application attacks, the number of attacks on Christmas Day were comparable to Cyber Monday…this is likely due to the fact retailers want to track their Christmas sales more than any other day of the year, and web application developers end up including a lot more third-party scripts/content on their sites, and attackers take advantage of that.”
- Banking Trojans – Due to their popularity and high success rate, banking Trojans remain a weapon of choice for conducting malicious cyber attacks. These kinds of attacks involve redirecting traffic from a genuine app to a network the hacker has access to so that they can easily take sensitive information. Tactics used by hostile cyber actors to deliver banking Trojans continue to evolve, adapting to and implementing any technique that can effectively take advantage of a user. In 2017, the Panda Banking Trojan was observed focusing on non-banking targets using an extensive list of injects clearly designed to capitalize on holiday shopping and activities. Similarly, in 2017, the Ramnit Banking Trojan was extremely active during the holiday season, targeting some of the largest banks and retail e-commerce sites in the world. Both of these trojans continue to reappear each year, targeting financial institutions and their customers.
Systemic Cyber Readiness Solutions for Financial Services
- Expand your view of cyber risk – A cyber attack doesn’t just mean data is compromised the implications are much deeper than that. You may need to shut down systems during recovery, you might lose existing customers, get a bad reputation, or see a decline in new customer acquisition. A deeper understanding of how a cybersecurity event could impact your financial institution will help you better understand what’s at stake and in turn, take action to better protect your company.
- Proactive cyber learning and training – Hackers are doing their research and implementing attacks using new technologies and strategies every day. Practicing proactive cyber learning to understand the latest cyber threats safeguard your business.
- Calculate capital – According to the Deloitte Insights Global Risk Management Survey, most financial institutions calculate economic capital for their financial risks, but only 16% calculate how much capital will be needed to support a cyber security incident. An accurate calculation of how much you may need to recover, both in real and unrecognized revenue, will help you better prepare for looming threats.
Don’t let your financial institution fall victim to a holiday hack. Utilize persistent, hands-on, gamified cyber training to put your cyber teams on the front lines of defense. Circadence’s flagship product, Project Ares, ensures higher user engagement and learning retention through the use of cyber ranges. Project Ares utilizes a library of mission scenarios with specific skill-based learning to accurately measure skills and performance, such as:
- Operation Wounded Bear – This mission is specifically designed to teach users how to protect a financial institution by identifying and removing malware responsible for identity theft and protecting the network from further infections. Users learn intrusion detection, basic malware analysis, and infection containment and eradication.
- Operation Crimson Wolf – Crimson Wolf teaches users to stop a ransomware attack from spreading and infecting other boxes in the network. They learn computer network defense, incident response management, data forensics and handling, and so much more.
- Operation Bold Hermit – As a cyber operator, users defend against web attacks by identifying reconnaissance activity and beacons inside a network and locate the attack vector. Users build skills including network management, infrastructure design, and hacking methodologies.
These missions and more cyber learning activities in Project Ares allow users to gain insight into real-world attack scenarios pertinent to their industry in a safe learning environment. These specific mission scenarios can help to keep financial institutions at the front lines of cyber defense over the holidays and year-round. Just like the grinch’s heart, you can grow your cyber defense to stay happy year-round! To learn more about what Project Ares can do for you, visit www.circadence.com.