IB specialists of Rosbank underwent cyber training on the Jet platform CyberCamp

2021: Cyber exercises

On December 6, 2021, the Jet Infosystems company announced two-day cyber exercises for Rosbank's Security Operation Center (SOUND) specialists . In the sampled infrastructure, the bank's IB specialists investigated a major attack, during which, according to legend, the company's intellectual property was stolen, and also stopped the mining of cryptocurrency by the workstations of a large engineering center.

The training was carried out on the basis of the Jet CyberCamp platform, the cyber monopoly of the IT company Jet Infosystems, under the guidance of instructors-practitioners: pentesters and analysts of the Jet CSIRT monitoring and response center.

We are constantly looking for effective ways to keep our specialists "in tone," shared Mikhail Ivanov, Director of the Information Security Department of Rosbank. - It is important for us to acquire individual skills, and increase the efficiency of the team as a whole. Participation in Jet CyberCamp cyber exercises has become a completely new experience for us. We liked the depth of the practical tasks. It was interesting to unwind the "storyline" and reach the very depth. Such experience will definitely help us in future work.

Cyber exercises took place within two days. First, participants using the training platform improved their skills in investigating incidents operating systems Windows in and. Linux Then a team investigation was conducted according to pre-prepared scenarios: it was necessary to detect all stages of the attacker's attack and develop proposals for preventing incidents.

We build cyber exercises in such a way that they combine theory and practice and at the same time prevent participants from getting bored, "said Olga Yeliseyeva, head of the design and implementation department of the Infosystems Jet information security center. - Before sending specialists "into battle," we always teach them to investigate incidents on small cases, analyze attacks and methods of their detection. To effectively investigate the attack, you need to understand how the attacker acts, as well as know where to look for his "traces."

To develop teamwork skills, participants in cyber exercises were divided into small groups, which in the allotted time had to decide whether the information was really stolen, as well as find out exactly how the cryptocurrency miner got to the workstation: due to an internal intruder or an external attacker. The team investigated the Jet CyberCamp virtual infrastructure, emulating a typical IT infrastructure, using industry-specific information protection tools.

At the end of the cyber exercises, each scenario was step-by-step dismantled with the trainer, and the participants received a certificate confirming the completion of the training.