Jet CyberCamp

The main articles are:

• DLP - Data Loss/Leak Prevention
• Security Information and Event Management (SIEM)

2022

Ability to work out cases with Indeed PAM

The IT company Jet Infosystems and the Indid company, a Russian developer of information security software solutions, have created a joint cyber training program on the Jet CyberCamp platform. Now information security specialists can work out cases with Indeed PAM - a solution of the Privileged Access Management class, designed to monitor and control the actions of privileged users. This was announced by the company "Jet Infosystems" on September 27, 2022.

Some companies cannot afford to keep a sufficient number of highly qualified IT professionals on their staff, which can affect the quality of administration and support for automated business systems, security and IT infrastructure. Therefore, often part of the tasks for maintaining systems is transferred to external contractors.

The transfer of resources to outsourcing carries many serious risks. The first risk is that an unscrupulous contractor can take advantage of available access to the customer's corporate network for personal purposes. The second risk - a poorly protected infrastructure contractor can be attacked hackers and subsequently become an entry point malefactors into the customer's network.

The scenario on the Jet CyberCamp platform clearly shows possible options for investigating incidents involving users with high privileges.

Training participants have the opportunity to learn how to protect critical systems from illegal actions of external contractors, including developers, administrators, any employees with extended rights, shared Olga Yeliseyeva, head of the Jet CyberCamp service.

Cyber ​ ​ training tasks are developed on the basis of real customer cases and taking into account current information security trends. For example, in one scenario, at some point the web server is attacked - the website was defaced, access logs were deleted and malware was filled. Only three contractors who performed their work with it have access to the affected web server. The logs of the attacked web server have been cleaned up and do not contain information that allows you to identify the attacker. Contractors try to convince of their innocence and shift all responsibility to external hackers. Participants in the exercises will have to figure out who is really guilty.

Increasingly, companies are faced with the need to control the use of privileged accounts. Indeed PAM allows you to manage passwords and access to shared accounts, create trusted vaults for privileged accounts, track the actions of administrators working with them, and much more. All this reduces the risks of external and internal illegal interference in the operation of the customer's information systems, noted Olga Popova, director of business development at Indid.

The results of cyber training are analyzed in detail with the coaches and experts of the Jet CyberCamp team. As a result, information security specialists gain not only experience with the Indeed PAM product in combination with other means of protection, but also the skills of incident investigation based on real cases.

Ability to work out use cases for R-Vision products

On June 7, 2022, the company ITJet Infosystems"" announced that, together with the system developer cyber security R-Vision , they had prepared a joint cyber training program. As part of this program, INFORMATION SECURITY specialists will be able to gain practical experience with, and R-Vision SOAR R-Vision SGRC during R-Vision TIP training on the Jet CyberCamp Infosystems platform.

The program provides targeted mini-exercises that allow you to study work with a specific product, as well as large scenarios, where working with a variety of protective equipment is only a step in the chain of investigation. The practical tasks of cyber training are developed on the basis of current trends and real customer cases. For example, according to one of the scenarios, the corporate network machine failed because it was infected with malicious C&C ON communication. server Participants in cyber exercises will have to investigate this incident using the R-Vision TIP knowledge base, which is available information about compromise indicators - suspicious resources and IP-addresses. Another scenario implies that participants must detect and identify the consequences of a network attacks from Internet to one of the company's servers. Students are faced with the task of collecting maximum information about attacks, finding out why and how they were possible, as well as filling out incident cards in R-Vision SOAR.

After the training is completed, each case is additionally worked out with the instructor. The Jet CyberCamp expert discusses with each participant what actions need to be taken after investigating the incident, how the incident could have been prevented, how information protection tools can be adjusted.

Automatic response systems for information security incidents are increasingly becoming an integral component of the modern Security Operation Center (SOC), said Olga Yeliseyeva, head of Jet CyberCamp service. - Training using R-Vision products allows you to work out not only response skills, but also team interaction procedures, for example, between the first and second SOC lines, between the central office and branches. In addition, these training scenarios will be useful for practicing interaction with NCCCA.

The Jet CyberCamp team approached the implementation of the cyber training program extremely professionally. Users are offered the most realistic attack scenarios, as a result of which the knowledge gained from training can be adapted as quickly as possible to real incidents faced by SOC teams, "said Grigory Revenko, director of the R-Vision expertise center. - I also note that such a format will be useful for both specialized specialists who work daily with incidents and high-level information security managers.

2021: Cyber ​ ​ polygon and cyber training services based on the Jet CyberCamp platform

On September 22, 2021, Jet Infosystems announced that now information security specialists of Russian companies will be able to undergo training on the Jet CyberCamp platform or order the development of their own cyber police based on this platform.

"As a result of relative impunity, attackers can carry out attacks day after day, honing their skills. At the same time, information security specialists in internal information security services can face major incidents only a few times a year. To eliminate this asymmetry, we created Jet CyberCamp: first as a platform for experimentation and exchange of experience within the company, and then as a full-fledged commercial service for our customers, "said Andrey Yankin, director of the information security center of Jet Infosystems.

Jet CyberCamp uses a virtual infrastructure that is equipped with all the necessary protection and reproduces the typical IT landscape of the enterprise, its features and vulnerabilities. The Jet CyberCamp architecture provides several use cases: for information security managers, for employees of incident response centers (SOC) and for information security specialists. The modular principle of Jet CyberCamp provides flexible adaptation and customization to the individual needs of the customer both infrastructure and training scenarios.

The cyber training service on the Jet CyberCamp platform has been developed for companies from all industries: the financial sector, industry, the fuel and energy complex, etc. The virtual infrastructure reproduces not only typical corporate services, but also specific systems, such as APCS. The training is conducted under the guidance of experienced instructors-practitioners from Jet Infosystems: pentesters, analysts of the Jet CSIRT monitoring and response center, experts on the construction of integrated protection systems. The methodological base of Jet CyberCamp is designed in such a way as to comprehensively increase the skills of countering attackers: coaches understand in detail modern attacks and methods of detecting them, develop team skills among students.

The service for building and maintaining a cyber polygon based on Jet CyberCamp is optimal for companies that need to conduct training and experiment with protective equipment on their own infrastructure. Its cyberpolygon allows you to train SOC specialists 24/7, raise awareness of company employees in the field of information security, conduct joint exercises for RedTeam and BlueTeam specialists. The task of maintaining the cyberpoligon infrastructure and updating training materials and attack scenarios falls on the Jet Infosystems command.