SecureDefend – Fortify Applications & Systems
Protecting the software-dependent enterprise requires practical technology assessments, well-defined policies, effective controls, and streamlined compliance programs.
SecureDefend features advanced application & infrastructure cyber ranges for the most hands-on environment to hone skills. CBT helps teams learn popular frameworks and offensive techniques to apply in the cyber range and on the job.
SecureDefend covers all governance & assessment activities
Ideal for Security & GRC Teams
- Tech: Cloud, Mobile, IoT, Web, API
- Standards: PCI, ISO, NIST, NICE, OWASP, RMF, CWE GDPR
- Process & Policy: auditing, data & privacy protection, incident response, risk analysis, threat modeling, scanning, pen testing, DevSecOps
- Environments: Complex Web & Mobile apps, cloud infrastructure, business platforms
Focus: Full spectrum of vulnerabilities, built-in defenses, expansive attack surfaces
Attacks: password cracking, path traversal, reverse engineering, binary exploitation, script injection, filter evasion, crypto, denial of service
Gameplay: proxies, scripting, and other tools needed. Maps to OWASP, CWE and MITRE ATT&CK Framework
Driven by client demand for security-savvy staff, Accenture needed to groom security champions and stock their AppSec Team with proven talent
Accenture manages software systems for the world’s most recognizable brands. As such, they have clauses that hold them accountable to demonstrate security competency for their teams. They realized this would be challenging as they had staff in 12 different countries and over 50 job functions of varying maturity levels.
Guided by a Security Innovation Customer Success Manager, Security Innovation devised a plan comprised of:
- Learning paths for 24 roles based on 3 skill levels
- Computer-based Training (CBT) to quickly scale knowledge
- Cyber range to practice knowledge and set “scoring bars” for AppSec team candidates
- Pilot programs to ensure seamless rollout for larger audiences
- Post-training assessments to determine if users should advance to the next level
- Communication plans complete with emails, social media posts, and scheduled prompts
After 5 Months
- 5k+ employees trained
- Updated learning paths to better align work roles
- Scheduled cyber range events to assesscompetency and streamline training
After 12 months
- Exceeded Training Goal by 40%
- Implemented formal Belt Program with measurable competency gates
- Dozens of developers moved to AppSec team (with higher bill rates)
After one year, 110k+ staff were trained
vs. a goal of ~80k
Cobalt’s Pentest as a Service (PaaS) was growing fast and they needed to scale recruitment in a way that improved speed and quality of hire
- Needed to scale their software security consultant recruitment process
- The process of reviewing resumes and interviewing was too slow
- Evaluated traditional CBT and gamified solutions, but every candidate “looked” the same
- Improve the quality of hires: bad hires led to lost clients and higher re-work expense
- Improve speed of hires: hiring only ~3-4% of applicants results in a time drain
- CMD+CTRL Cyber Ranges provided the right technology, delivery model, and reporting capabilities
- Reduced time and costs: minimum score requirement halts the interview process for under-performers
- Improved scalability – can scale to meet demand within days
Baseline Against the Security Elite
|In addition to industry and role baselining, you can see how your teams stack up against the best.
We ran our Forescient cyber range, a vulnerable AWS infrastructure, at DEFCON. The results:
Individual and team reports provide additional insight into each vulnerability and misconfiguration
Results mapped to MITRE ATT&CK Framework
The MITRE ATT&CK Framework is a matrix of techniques used by threat hunters, red teamers, and defenders to classify attacks and assess risk.
All Forescient challenges are linked to the MITRE ATT& CK framework so learners can refer back to it and discover new avenues of attack. The objective is to help learners better understand the techniques and tactics hackers use to penetrate IT systems.
Additional learning opportunities are available in our courses.