It’s that time of year again… March Madness is officially here! Today, I’m going to talk about what sets teams up for success in the Big Dance and how you can learn from that when thinking about how to train and prepare your cybersecurity teams to go up against advanced cyber threat actors. We all want the perfect tourney bracket, but know it’s probably not going to happen. Let’s take that same energy and effort and strive for perfection in our cybersecurity practices!

What makes the NCAA Basketball Tournament different from traditional playoffs in many other sports? For me it’s a mixture of the large number of talented teams involved (68 total teams), the inclusion of schools from smaller conferences, the quick turnaround time between each round of games, and the fact that just a single loss eliminates a team from the entire tournament. With sometimes just a single day between games, teams have very little time to rest and to prepare for their next opponent. This requires the teams to rely on their experience gained throughout the entire season, even if they’re not sure what to expect come tip-off time. To be successful in the NCAA Tournament, teams must effectively play to their strengths while minimizing mistakes when it comes to their weaknesses.

Training and preparing for cyber adversaries is not that different. We can have our security team members take countless hours of knowledge-based training to ensure they’re up to speed on the latest and greatest tools and methodologies, and that’s definitely NOT a bad thing. However, that training alone may not be enough to win when the game is on the line… or in this case, when your company’s systems and “crown jewels” are on the line. We need team members that have real-world, battle-tested experience working large cyber incidents. With the growing demand for experienced cybersecurity talent, we’re often looking at a room full of highly intelligent and well-trained cyber professionals, but many of them are lacking experience working real-world incidents involving advanced threat actors. This gives the adversary a huge advantage once they have a foothold on your organization’s network.

Just like college basketball teams over the coming days and weeks will be relying on efficient teamwork to win games, it’s imperative that your cybersecurity teams are working in unison as well. The basketball teams will be relying on their coaches to call up the right plays, players setting up open shots, efficient passing, solid defense, and rebounds. Likewise, your cybersecurity team must be able to perform well under pressure, with leadership providing the right resources for success. Your defensive cybersecurity controls need to be hardened as much as possible, with proper monitoring and alerting setup for anything that slips through the cracks. Rather than passing a basketball efficiently, your cybersecurity analysts and responders need to be able to effectively communicate during an active investigation or cyber incident, which includes documenting every finding and coordinating effective shift turnover between teams and individual team members.

We often spend a lot of time, energy, and money ensuring that we have the right technology solutions in place; but we do not identify gaps in our skills, playbooks, and operating procedures until it is too late. With the SimSpace Cyber Force Platform, your teams and individuals can be put to the test in a Cyber Range against live-fire emulated advanced threats, while using the same cybersecurity tools and solutions they use every day in your production environment. Our cyber ranges can be modeled after your production network, to provide a scaled-down replica for testing your people, processes, and technologies in a consequence-free environment against actual attacks. Best of all, our User Emulation technology creates realistic noise in the cyber range environment, to ensure your blue teamers have a realistic experience with the attacks being buried amongst legitimate traffic, logs, events, and system behavior.

Unless you’re in an extremely unfortunate situation, your blue teamers are not dealing with super-sophisticated threat actors crawling around on your network on a daily basis. It’s important to expedite the learning curve and to identify weaknesses in advance of a major incident. Using the SimSpace platform to conduct range-based cybersecurity exercises and mission rehearsals, your team members can gain the equivalent of years of monitoring and incident response experience against advanced adversarial attacks in a fraction of the time.

During March Madness, we all love a good Cinderella story; where a small school that few people have heard of is able to defeat a huge school with a reputation for winning championships, and make their own run toward the Final Four. Even if you don’t have a ton of experienced blue teamers on your cybersecurity team, and maybe you don’t have the latest and greatest cybersecurity solutions deployed, you can still ensure your team has as much real-world experience as possible to set them up for success. You can ensure they are able to play to their strengths, know their weaknesses, and minimize mistakes when they encounter the next major cyber incident on your network.

Don’t wait until it’s too late! Reach out to the SimSpace Team today to set up an intro meeting, and find out how enterprises, governments, and militaries around the world are leveraging the SimSpace Cyber Force Platform to ensure their teams are ready for their next major adversary.

Blog byJordan Wigley
Jordan Wigley
Jordan Wigley
Jordan Wigley is a cybersecurity professional with over 17 years of experience in a variety of technical and leadership positions at multiple Fortune 30 and cybersecurity companies, with a specialization in Threat Hunting, Incident Response, and Network Forensics. He is currently the Director of Alliances Business Development at SimSpace, with a focus on driving new business opportunities via strategic and technical alliance partners.