Don’t Just Read Intelligence: Learn From It
January 17, 2019
The Importance of Learning in Cyber Security
Those unfamiliar with the field of computer security, reading the news headlines about how computers are ‘hacked’ and companies are breached, can be forgiven for conjuring up images of elite hacking teams whose (almost magical) abilities seem to penetrate the immensely complex defenses of large corporations like a knife through butter.
Goodness knows, Hollywood’s portrayal often doesn’t exactly help us explain our day job to colleagues, with perhaps the exception of the excellent Mr Robot. Even outside the confines of what our peers see on TV, the breadth, variety, and complexity of attacks and defenses vary greatly. The breaches and the misadventure that we routinely point to in the headlines can be complex, and the topic of cybersecurity can seem impenetrable and opaque for those at the beginning of that learning journey.
However, learn we all must. Societies reliance on digital technology will only increase, as will the breadth and diversity of the digital risks they encounter. Sourcing the army of talent that we need to counter these rapidly changing threats and risks is increasingly difficult. Even when you do find the right person to support your organization’s defenses – learning which investments to make and how to prioritize the work to minimize business risks effectively is often down to guided, educated risk management (guesswork) by sage and experienced professionals – who are, themselves, hard to find.
I’m not cynical – we can progress from here. These factors mean that high-quality, effective learning, and education play an especially important role when securing and reducing the risks to our economies in our digital world.
Partnering with Immersive Labs
That’s why, for the last year and a half, we’ve worked with Immersive Labs. Immersive provide our teams a hands-on, labs led learning environment where our talented analysts don’t just read a book and remember what a packet is. They hack, hands-on and learn by doing. Just as reading a book is not an effective way to learn to drive, someone who spends time at the wheel has a far greater chance of passing their driving test. We’ve been long term fans of the gamified learning that Immersive Labs have provided us, and it helps us ensure our teams are on point.
Late last year, Immersive Labs’ CEO James Hadley and I were discussing how MITRE’s work on the ATT&CK Framework was giving us a new language to describe attacker behavior, and we mulled how this might be an opportunity to join up capabilities for the better. What if we could use this framework to act as a Rosetta Stone – aligning real-world observations about attacks with practical hands-on labs?
Immersive Labs took some of our recent research and started to produce labs that gave a hands-on experience of the observed behavior or techniques we found in the real world. We took a series of these labs to a customer event and asked for feedback. What we got was a refreshing number of supportive comments which highlighted the benefits of learning based on recently observed attacker behavior. The group of security leaders identified:
- Intelligence-led learning can help show how the work of the security team is making impacts on real problems that affect other companies.
- Learning that is based on real-world intelligence is more engaging and relevant helping to drive wider user adoption.
- Showing both the attack and defense side of intelligence helps bring it to life and helps incident response teams bring to life the practical aspects of attack and defense.
- By aligning skills with recent attacks, we can more effectively measure our level of preparedness for things that are happening in the real world.
We continued to invest and have now started a collaboration with Immersive Labs, called Immersive Intelligence, creating links from our real-world intelligence to the hands-on learning experience. This means our joint customers can benefit and our prospects can more directly see how their investments in both digital risk and threat intelligence can translate into practical measures that really protect a business.
If you are not already using the Immersive Labs platform, you can learn more here, and if you register for a 7-day test drive of our SearchLight platform, you can see the intelligence in the labs free of charge.
I’m incredibly proud to have been working with the team at Immersive, as a few examples we’re excited to offer our customers the opportunity to:
- Learn how a hacker working for North Korea broke into entertainment, energy, academic institutions, and banks and carry out the techniques using real tools and capabilities. (Immersive Labs customers can see the lab here and here)
- Learn hands-on how the credit card stealing Magecart (podcast) attacks work in reality and learn to defend against them.
- Look at practical implementations of the Australian Signals Directorates ‘Essential Eight’ controls to defend effectively against sophisticated techniques in use today.
- Look at how Credential Theft is actually carried out, and learn common tools and approaches employed by attackers to maximize their success in breaching targets.
Among Many Other Labs
Security teams that measure their Mean Time to Learn (MTTL) should be better prepared and able to communicate their value to a business in a more real-world way. I am excited to be working with Immersive Labs in this way and looking forward to including learning-by-default across all of the intelligence insights that our teams provide.
We also have an upcoming live webinar with Immersive Labs – register for free to attend here.
To stay up to date with the latest digital risk and threat intelligence news, subscribe to our threat intelligence emails here.