Cyber Polygon 2024 was held within MENA ISC, the region’s leading cybersecurity conference. This year, over 300 organizations from 65 countries joined the training.
Cyber Polygon is the international capacity building initiative aimed at raising global cyber resilience. Its main goal is to reinforce cybersecurity on all levels. Following the training, we have prepared an analytical report that provides recommendations for cybersecurity specialists.
At Cyber Polygon 2024, corporate teams investigated a sophisticated targeted cyberattack, using classical digital forensics and threat hunting methods. We have analyzed the results and identified several trends:
- SOC-as-a-service providers performed the best. At the same time, teams from the financial, manufacturing, and public sectors also showed high results and made it into the top 10.
- The specialists were more inclined to use specialized tools like EDR, XDR, and SOAR and were less likely to apply classical digital forensic techniques.
- The teams have become more efficient in handling container security and digital forensics tasks.
We also developed recommendations to help cybersecurity specialists gain the missing knowledge and strengthen their skills:
- Apply classical digital forensics, excel in processing raw data and operating open-source tools such as Elasticsearch, Logstash, Eric Zimmerman’s tools, GoogleContainerTools, Msitools.
- Get to know the related areas of cybersecurity: offensive, secure software development, etc.
- Study the attacker tactics and techniques. Our Threat Zone research contains much useful insight:
- threat actors active in different countries and their descriptions
- attacker techniques and tools
- BI.ZONE case studies
- Practice the purple team format. This approach combines the strengths of the red and blue teams.
“Threat actors are constantly applying new tools and making attacks more sophisticated. Therefore, it is important to expand the practical knowledge of defense specialists. The tasks for the scenario were chosen for a reason as they accurately reflect the most prevalent risks of the current threat landscape. The scenario included real incidents from BI.ZONE practice, which we compiled into a single attack.
In order to effectively repel targeted attacks, we recommend that organizations continuously participate in practical trainings such as Cyber Polygon to strengthen and build their competencies.”
Muslim Medzhlumov
Chief Product and Technology Officer, BI.ZONE
The full report is available here.
You are welcome to go through the scenario without time constraints. It is available via subscription on BI.ZONE Cyber Polygon Platform.