In an attempt to introduce improvements in current computer network defense analysis training, Encripto has recently released the Blue Team Training Toolkit.
Computer network defense analysis is a broad topic and skills can be acquired with different methods. Common training techniques are based on studying network traffic that could be either live or previously captured. Why does this training field require improvements?
In this blog post we will have a look at the most common challenges related to computer network defense analysis training.
Currently, the possibilities for training and improving in computer network defense analysis have important constraints mainly related to these criteria:
- Difficulty of implementation
This criterion describes how difficult it is to create, configure and maintain an environment where the attack scenario is going to be executed. The difficulty of implementation is usually related to the amount of time required for the tasks. An ideal environment would involve low-time and low-work requirements.
This criterion defines the amount of resources required for the correct implementation of the attack scenario. The lower the cost is, the smaller amount of money an organization will need to invest on its training program. Alternatively, low costs will allow organizations to design more complete training programs with the same budget.
This criterion describes the danger that a production network faces when an attack scenario is executed during a training session. Risk can be understood as the combination of likelihood and impact associated to an event. Therefore, the lower the risk is, the safer the training environment will be.
This criterion describes the level of detail that a training environment replicates based on what a real case would be. The higher the realism is, the closer to reality the training environment will be.
Typically, the criteria described in the previous sections tend to present themselves with important dilemmas, which force organizations to prioritize one criterion over others, or just reach a compromise that falls far from an optimal training session.
In the next blog post, we will have a closer look on these dilemmas.