Almost every CISO reading a cybersecurity news feed thinks: what strategy to choose to protect the company? To choose one more tool or to hire new specialists? How to train security officers to deal with today's threats? And how to keep within budget constraints?
A lot of questions! He stands at a crossroads and must choose the right way. And we could understand the CISO pain points.
Too many tools that his team needs to deal with dramatically increase the requirements for the staff expertise, do not give a consistent view of what is happening, and complicate the team communication.
The most courses on the market are about how to use offensive techniques. They do not provide the skills to act in case of emerging attack and how to protect, detect, response.
Only a hacker attack gives real experience, shows the infrastructure vulnerabilities and the team's true willingness to act coherently, competently and quickly. But such "training" may be too expensive for the company... Is it possible to gain experience without risking their own company?
The "Battle for the Domain" workshop developed by our company is the one day of theoretical study of modern approaches to protecting against threats implemented in Microsoft 365. The second day is a practical work in expert teams who were invited to investigate and mitigate the incident.
Each team gets compromised hybrid infrastructure, in which the attackers used ransomware, persistence, C2, data exfiltration and other attack techniques. Teams use the Microsoft Threat Protection, Microsoft Defender ATP, Azure ATP, and Microsoft Cloud App Security web consoles to investigate incidents, search for artifacts, hypothesize, and test them using Advanced Hunting.
Team actions are automatically tracked on the scoring web portal. Teams track each other's successes and try to complete tasks faster than rivals. Gamification creates constructive tension that is as close as possible to a real incident investigation.
The fusion of theory and practical workshop allowed to get a huge positive effect. Students of the course understand Microsoft cybersecurity strategic initiatives, they use Microsoft security solutions by working with real infrastructures. This is not the boring labs but a real challenge for them!
The "Battle for the domain" is a popular training event. Over the past fiscal year, we have conducted more than 20 workshops. They involved more than 300 participants - Microsoft partners, large financial companies, insurance companies, manufacturing, retail.
There are several successful stories when large companies conducted Proof of Concepts, pilot projects and licensed Microsoft 365 after our workshop. For example, the financial company QIWI compared VMware Carbon Black with Microsoft Defender ATP and chose Microsoft's solution to protect its information assets after the "Battle for Domain" workshop.
The "Battle for the domain" is a reliable tool that drives Microsoft 365 security solutions value to customers!