ONSITE • REMOTE • ONLINE • CLOUD

What Is CYBEX?

One eSecurity's CYBEX Service offers simulations of real cybersecurity incidents that your team will probably have to face sometime soon.

There are many different types of Cyber Exercises, ranging from a single challenge for your technical team in a hypothetical scenario, to a real and complete tabletop involving the crisis management team, making decisions based on real information coming from other areas or groups.

A Cyber Exercise can have different approaches and perspectives according to the client’s goals and objectives. These goals can be focused on evaluating the response capabilities and the internal knowledge of the company processes, identifying gaps in plans and procedures, measuring team technical knowledge and analyzing how teams react, measuring response time, testing business continuity plans, etc. They can also serve as training for different departments / areas / committees, evaluating their relationship models and interfaces, and analyzing how they work together.

Why Should You Use CYBEX?

The One eSecurity Cyber Exercises approach is based on real cyber threat situations adapted to the operational environments of our clients.

The scenarios can be precisely adapted to the client’s needs or demands. They can also aim to resolve existing weaknesses in the organization or consolidate strengths, to increase the level of effectiveness with which threats are contained or neutralized, or to improve the detection and reduce the potential damage of incidents, when they arise.

The alignment of the objectives, perspectives (strategic, tactical, and operational/technical), and teams involved, set the strategy that marks a successful exercise. Besides the topics mentioned above, there are also other factors that affect the Cyber Exercises design and scope. These factors are:

  • Communications and interaction with stakeholders/regulators/other CERTs.
  • Hypothetical scenario versus real threat.
  • Simulated outputs logs/artefacts/clues as input or injects to the cyber exercise.
  • Simulated versus emulated.
  • Tactics, Techniques and Procedures used by the adversary and type of threats.
  • Use of real roles versus generic groups.


Types of CYBEX

One eSecurity understands the aforementioned factors, options, and criteria, and it has established the following types of cyber exercises in order to cover all possibilities:

  • Challenges: present attack scenarios with a series of technical pieces to analyze. Specialist technicians.
  • Technical cyber exercises: present attack scenarios with interaction with third parties (asking for more information) and dynamic (new information that arrives, requests that can be made, etc).
  • Major and minor incident tabletop: present attack scenarios focused less on the technical field but rather on response processes, tactical movements, and communication in the organization, etc.
  • Full live scenario: present attack scenario with an emulated attack in real time.



These types are represented in the following figure:



Methodology

One eSecurity uses its own methodology that combines its experience and processes to build the most adequate attack scenario. This methodology is based on best practices and includes five phases, starting with the definition phase in which One eSecurity identifies the client's needs and requirements, gaining an understanding of their operational environment in order to mimic this in the cyber exercise.


Define and Design Stages

In the Define stage we develop a workshop with key client staff members to understand the real threats, threat agents, vulnerabilities, and critical assets. Combining these, we will propose two or more scenarios for the client to select from.

One eSecurity designs the cyber exercise chosen by the client:

  • The definition of different synchronous and asynchronous injects, also called events, with timeline.
  • The description of the crisis management plan and/or IR Plan, with the expected actions.
  • The alignment of both the injects and the actions from the defined plan.

Customize and Build Stages

In the next two stages, One eSecurity considers existing workflows/IRP or playbooks in order to refine the Cyber Exercise (continuous improvement) and include company platforms/committees to complete the scenario’s context. One eSecurity develops and reviews all the required material for the day (videos, speeches, notes, screens and review physical accommodation etc.…).

Deliver Stage

In accordance with the committees and roles defined in the crisis management plan and/or IR plan, One eSecurity organizes teams in round-table environments during the exercise and gives them a predefined time for every inject to collaborate, and agree actions and decisions between the different defined teams.

Once the inject time is over, the One eSecurity exercise leader discusses with the participants the actions and decisions that were taken and gives recommendations according to best practice. During the exercise, One eSecurity staff will document the decisions and actions of the teams, in order to write a final report on the effectiveness of the company’s response.

A final report that contains the analysis, recommendations and conclusions of the exercise will be delivered to the client according to each of the phases of the incident response:

  • Detection
  • Initial response
  • Containment
  • Eradication
  • Recovery
  • Lessons learned


Cyber Consulting SANS Training Cyber Threat Intelligence
One eSecurity CYCON service can give you honest answers to the most complex questions and acting as a guide throughout decision-making processes. One eSecurity is partner of the SANS Institute in Spain, the worldwide leader in cybersecurity training. The Cyber Threat Intelligence service by One eSecurity provides (both internally and for clients) knowledge and information on key threats for decision-making and forecasts of risk situations on IT systems and networks.
Learn more Learn more Learn more