Living our Mission Blog Series #3: New Learning Curriculum in Project Ares 3.6.4

We’ve made several new updates to our gamified cyber learning platform Project Ares. We are releasing new battle room and mission cyber security exercises for professionals to continue training and honing skills and competency and have optimized some aspects of performance to make the learning experience smoother.

New Missions and Battle Rooms

To ensure professionals have access to the latest threats to train against, we develop new missions and battle rooms for our users so they can continually learn new cyber security skills, both technical and professional. The following new missions are available to users of the Professional and Enterprise licenses of Project Ares; while the new battle rooms updates are available to users of the Academy, Professional, and Enterprise licenses of Project Ares.

Mission 5 – Operation Wounded Bear

Designed to feature cyber security protection for financial institutions, the learning objectives for this mission are to identify and remove malware responsible for identity theft and protect the network from further infections. Variability in play within the mission includes method of exfiltration, malicious DNS and IP addresses, infected machines, data collection with file share uploads that vary, method of payload and persistence, and a mix of Windows and Linux.

This mission provides practical application of the following skill sets:

  • Computer languages
  • Computer network defense
  • Information systems
  • Information security
  • Command line interface
  • Cyber defense analysis
  • Network and O/S hardening techniques
  • Signature development, implementation and impact
  • Incident response

Mission Objectives:

  1. Use IDS/IPS to alert on initial malware infection vectors
  2. Alert/prevent download of malicious executables
  3. Create alert for infections
  4. Kill malware processes and remove malware from the initially infected machine
  5. Kill other instances of malware processes and remove from machines
  6. Prevent further infection

Mission 6 – Operation Angry Tiger

Using threat vectors similar to the Saudi Arabia Aramco and Doha RasGas cyber attacks, this mission is about responding to phishing and exfiltration attacks.  Cyber defenders conduct a risk assessment of a company’s existing network structure and its cyber risk posture for possible phishing attacks. Tasks include reviewing all detectable weaknesses to ensure no malicious activity is occurring on the network currently. Variability in play within the mission includes the method of phishing in email and payload injection, the alert generated, the persistence location and lateral movement specifics, and the malicious DNS and IP addresses.

Core competencies used in the mission:

  • Incident response team processes
  • Windows and *nix systems administration (Active Directory, Group Policy, Email)
  • Network monitoring (Snort, Bro, Sguil)

Mission Objectives:

  1. Verify network monitoring tools are functioning
  2. Examine current email policies for risk
  3. Examine domain group/user policies for risk
  4. Verify indicator of compromise (IOC)
  5. Find and kill malicious process
  6. Remove all artifacts of infection
  7. Stop exfiltration of corporate data

Mission 13 – Operation Black Dragon

Defending the power grid is a prevailing concern today and Mission 13 focuses on cyber security techniques for Industry Control Systems and Supervisory Control and Data Acquisition systems (ICS/SCADA).  Players conduct a cyber defense assessment mission on a power distribution plant. The end state of the assessment will be a defensible power grid with local defender ability to detect attempts to compromise the grid as well as the ability to attribute any attacks and respond accordingly.

Core competencies used in the mission:

  •  Risk Management
  • Incident Response Management
  • Information Systems and Network Security
  • Vulnerability Assessment
  • Hacking Methodologies

Mission Objectives:

  1. Evaluate risks to the plant
  2. Determine if there are any indicators of compromise to the network
  3. Improve monitoring of network behavior
  4. Mitigate an attack if necessary

Battle Room 8 – Network Analysis Using Packet Capture (PCAP)

Battle Room 8 delivers new exercises to teach network forensic investigation skills via analysis of a PCAP. Analyze the file to answer objectives related to topics such as origins of C2 traffic, identification of credentials in the clear, sensitive document exfiltration, and database activity using a Kali image with multiple network analysis tools installed.

Core competencies used in the mission:

  • Intrusion Detection Basics
  • Packet Capture Analysis

Battle Room 10 – Scripting Fundamentals

Scripting is a critical cyber security operator skillset for any team. Previously announced and now available, Battle Room 10 is the first Project Ares exercise focus on this key skill.  The player conducts a series of regimented tasks using the Python language in order to become more familiar with fundamental programming concepts. This battle room is geared towards players looking to develop basic programming and scripting skills, such as:

  • Functions
  • Classes and Objects
  • File Manipulation
  • Exception Handling
  • User Input
  • Data Structures
  • Conditional Statements
  • Loops
  • Variables
  • Numbers & Operators
  • Casting
  • String Manipulation

Core competency used in the mission:

  • Basic knowledge of programming concepts

Game client performance optimizations

We made several adjustments to improve the performance of Project Ares and ensure a smooth player experience throughout the platform.

  • The application size has been reduced by optimizing the texture, font, and 3D assets. This will improve the load time for the game client application.
  • 3D assets were optimized to minimize CPU and GPU loads to make the game client run smoother; especially on lower performance computers.
  • The game client frame rate can now be capped to a lower rate (i.e. 15fps) to lower CPU utilization for very resource constrained client computers.

These features are part of the Project Ares version 3.6.4 on the Azure cloud which is available now. Similar updates in Project Ares version 3.6.5 for vCenter servers will be available shortly.

 

Kickstarting Your Cyber Security Career Path

Jumpstarting a new cyber security career path can feel like a daunting initiative, however, it may be more attainable than you think. By utilizing online cyber resources and persistent learning exercises, you can start learning everything you need to know to understand career options and land your dream job.

Virtual machines and digital libraries are great places to start on your cyber learning journey. A virtual machine is a software program or operating system that exhibits the behavior of a separate computer and is capable of performing tasks such as running applications and programs like a separate computer. This enables you to create multiple independent VMs environments on one physical machine and it aids in detecting things like malware and ransomware attacks. A digital library is an online platform that offers a diverse collection of cyber security learning objectives, along with an online database of digital materials like videos and reports.

Here are some resources that can help you pursue a career in cyber security:

  • Oracle VM VirtualBox – this powerful virtualization product is for enterprise as well as home personal use. This is the best VM for home users and can be run on a multitude of operating systems.
  • Kali Linux – this is an open source tool used in information security training and penetration testing services. Kali Linux is one tool available for use in our Project Ares platform for offensive skill building and practice.
  • Security Onion Virtual Machine – this free and open sourced Linux distribution aids in intrusion detections, enterprise security monitoring, and log management. Security Onion is also available in Project Ares.
  • Flare Virtual Machine – a freely available and open sourced Windows-based program that offers a fully configured platform with a comprehensive collection of Windows security tools.
  • Cybrary – this community based digital library gives you the ability to collaborate in an open source way and create an ever-growing catalog of online courses and experiential tools to learn all things cyber security from offensive, defensive and governance.
  • Clark Cybersecurity Library – a digital library that hosts a diverse collection of cyber security learning objectives from Intro to Cyber to Adversarial Thinking. It is a high-quality and high-availability repository for curricular resources in the cyber education community.

From entry level positions to cyber security professionals, digital libraries help in understanding cyber concepts and virtual machines allow learners to apply and hone cyber skills that security professionals use on the job such as risk management, information systems security, and network security.

To complete your well-rounded cyber education, pairing these tools with hands-on practice in cyber range like Project Ares is key.

Circadence’s own Project Ares uses gamified cyber range learning environments to emulate immersive and mission-specific network threats for a variety of cyber security work roles and job titles. The Project Ares platform is constantly evolving with new battle rooms and missions to address the latest threats and includes targeted training scenarios to learn specific skillsets. This platform also offers digital badges in its Academy license, which represent credentials that can be used to indicate a variety of accomplishments and skills. These are a great way to show a prospective employer just how much you’ve taught yourself about cyber security (and you can add them to your social profiles so prospective employers can see your skills)!

From concept learning to skills application, gamification paired with persistent, hands-on training in virtual environments is an ideal approach to understanding the ins and outs of complex cyber networks and how to recognize potential vulnerabilities in today’s evolving threat landscape. Pairing Project Ares with any of the aforementioned resources is a sure-fire way to kick off your cyber security career and prepare for security certifications!

Photo by Andras Vas on Unsplash

CBS4 Denver – Gamified Cyber Learning at CU Boulder

Students at the University of Colorado Boulder are harnessing the cyber security skills needed to fill a widening staff shortage– using a video game on Circadence’s Project Ares.

Common Cyber Security Issues and Challenges

We’re taking a 30,000-foot view of cyber security to understand the state of the industry from an enterprise perspective and share some common challenges faced by diverse industries. Doing so provides infosec leaders insight into how challenges emerge in their workplace and potentially a sense of relief knowing their industry (and themselves, as professionals) are not alone in this struggle.

Cyber security remains dynamic and turbulent as businesses and technologies grow in complexity and hackers become more sophisticated. There is much discussion regarding the need to increase cyber security spending to expand cyber teams to cover more ground. And, we know that many businesses lack confidence in their current cyber readiness, due in part to many of these common challenges detailed below.

Lack of qualified cyber security experts

Finding cyber security professionals who possess specific technical skill sets is an uphill battle for many infosec leaders who are trying to grow and expand their cyber teams. According to Harvard Business Review, one of the main reasons is that businesses tend to look for people with traditional technology credentials instead of individuals possessing a wide variety of professional and technical skills. As attacks get more sophisticated varied skill sets of both technical (forensics, network analysis, malware detection) and professional (communication, problem-solving, analysis) will be required to combat them effectively, so leaders would be wise to expand their talent searches to include more diverse skill sets moving forward.

Lack of structured upskilling among talent

Senior staff often have a significant advantage over newer hires because they understand the ins and outs of their company. However, simply because they have advanced in their careers, they are not necessarily the most effective when trying to teach junior staff new skills and approaches to cyber security since conducting effective training is often a full-time job itself. Concurrently, it is difficult for IT professionals to consistently remain up-to-date on best practices across all aspects of cyber security. The 2019 IT Security Employment Outlook report and many other resources note a 3 million staffing gap in cyber positions. Skills needed include the ability to identify key cyber terrain and risks, protect organizational assets and data, detect unauthorized access and data breaches, respond to cybersecurity events and attacks, and recover normal operations and services. Investing in consistent, structured, measurable training to upskill existing team members is an effective way to assess and combat these deficiencies. 

Staff retention and fatigue

Since many organizations do not have the proper resources to alleviate heavy workloads and to effectively combat cyber threats, information security employees are often fatigued from long hours, immense pressure, and unreasonable workloads. These issues contribute to dissatisfied employees and high attrition rates across the industry. All of these issues taken together pose a serious problem because organizations that are trusting their security to a fatigued and undermanned or under-skilled cyber team is ultimately a threat to us all. CSO magazine recommends that companies assess “the state of mind of key staff members, create work schedules to rotate personnel off the front lines, and provide the right levels of support, stress relief programs, and career counseling.” 

Combating common cyber security challenges

These challenges are daunting and exist across many industries, keeping many infosec professionals up at night. Fortunately, by expanding the pool of candidates for positions by looking for more diverse skill sets, investing in immersive cyber security training, and understanding the state of mind of key staff members including monitoring their level of job satisfaction and fatigue, firms can more effectively combat these common challenges.