Last week, Cynet CyOps participated in the annual cyber exercise organized by NATO Cooperative Cyber ​​Defense Center of Excellence (CCDCOE). The Locked Shields exercise is a large-scale and intensive international cyber defense simulation. The goal of the exercise is to offer cyber security experts an opportunity to enhance their skills in defending national IT systems and critical infrastructure during real-time attacks.

The exercise is comprised of realistic scenarios and cutting-edge technologies while simulating the entire complexity of a massive cyber incident, including response, strategic decision-making, legal and communication aspects. The exercise occurs in teams (Red vs. Blue), with the Blue team comprising member nations of CCDCOE. The participating Blue Teams play the role of national rapid reaction teams that are deployed to assist a fictional country in handling a large-scale cyber incident and all their multiple implications.

In addition to maintaining approximately 4000 virtualized systems while experiencing more than 2500 attacks, the teams must be effective in reporting incidents, executing strategic decisions and solving forensic, legal and media challenges.

Cynet360 is one of the best solutions for such an exercise, incorporating outstanding detection and prevention mechanisms alongside its data collection and telemetry capabilities which consistently prove to be mandatory when handling a large-scale cyber incident, especially when there is more than one team involved.

Prior to the exercise, Cynet CyOps were requested by CreaPlus, which chose to utilize Cynet360 as the only XDR solution during the exercise, to join and assist in the analysis and investigation of the attacks. CreaPlus is an MSSP providing security services to a vast customer base from different sectors.

To provide the best impact and value, CyOps’ recommendations to CreaPlus were to activate all the relevant detection and prevention mechanisms on the Locked-Shields environment.
During the exercise, CyOps provided CreaPlus with detailed analysis and investigation of alerts and suspicious files together with relevant mitigation steps and additional hunting options which played a crucial part in the ability to respond in a timely manner to the sophisticated scenarios set forth in the Locked-Shields exercise.