War Room Training

An interactive incident response and analysis training in a virtual network environment.

No matter how well the users were trained, the systems maintained, and security concepts developed: the risk of a successful attack always remains. Rapid, effective analysis and response after the detection of an attack determines whether it becomes a nuisance or an existential threat to an organization. Often, it’s crucial to quickly identify the attacker’s entry point, determine the time of initial access, and assess the extent of the compromise. Based on this knowledge, the ongoing attack can be repelled, data exfiltration prevented, and the point of entry closed.

This training simulates a realistic network breach situation, in which the participants form the task force working on analyzing the developing security incident. The goal is to repel the dynamically ongoing attack against the simulated organization’s network infrastructure by forming an effective team and cooperate in the analysis of the situation and the design and implementation of appropriate countermeasures. Meanwhile, the attackers continue to operate in the organization’s virtual network, new information becomes available and the fictious management demands continuous progress updates.

This training is designed for advanced participants with prior knowledge about incident analysis. It is in many ways the counterpart to the concurrent Incident Analysis Training, where our teammates introduce a variety of incident analysis methods. While the key point there is a practical introduction to the different tools and approaches, the focus here is the utilization of this knowledge in an uncertain (and possibly chaotic) environment, and the communication of the results.