Operations

10/15/2018
04:45 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

IBM Builds 'SOC on Wheels' to Drive Cybersecurity Training

A tractor trailer housing a Cyber Tactical Operation Center will travel throughout the US and Europe for incident response training, security support, and education.

IBM Security is taking incident response training on the road with the IBM X-Force Command Cyber Tactical Operation Center (C-TOC), a tractor trailer housing a fully functional security operations center.

The company opened its commercial cyber range, X-Force Command, in Cambridge, Massachusetts, in Nov. 2016. Its mission was to simulate actual cyberattacks so corporate security experts, C-suite execs, and other business teams could gauge their preparedness (or lack thereof) to respond to an actual breach. In two years, about 2,000 people have tested their response skills in the cyber range, which has a waiting list of eight months.

Now, IBM is putting the same concept on wheels.

IBM X-Force's C-TOC accommodates 24 operators, analysts, and incident command center staff. The 23-ton trailer, modeled after military and first responders' command centers, can expand to the width of three Humvees and packs 20 workstations, 20,000 feet of networking cable, and two satellite dishes. An onboard data center is built on a 100TB solid-state disk array, cooled with 10+ tons of cooling capacity, and the full unit runs on 47kW of self-generating power.

"We built the IT environment of a Fortune 500 company and put it on a truck," said Caleb Barlow, vice president of threat intelligence at IBM Security, in a tour of the space.

(Inside the CTOC. Image: IBM)

(Inside the CTOC. Image: IBM)

The C-TOC serves three purposes, he explained. First and foremost is response training: companies can use the center to train employees on how they should respond to attacks by simulating real-life scenarios. Rather than limit education to technical response, businesses can bring in executives, HR, comms teams – anyone who has a role in responding to a breach.

Companies with the ability to respond to incidents within 30 days can save more than $1 million after a data breach, according to data in IBM's 2018 Cost of a Data Breach Study. But less than 25% companies surveyed report having a coordinated incident response plan.

"This is built on the fundamental thesis that learning how to make a decision in a crisis matters," Barlow said. Generally, he added, when teams are put into a simulation and forced to make decisions, any underlying problems that could derail incident response quickly surface.

Chris Crummey, executive director of IBM X-Force Command, said one of the key lessons learned among companies who test their response skills is they need to be more proactive in threat hunting while investigating an incident. "Customers want to put out fires, but in reality, you have to figure out if the fires are related," he explained. Another common weakness is neglecting to look for places where security problems commonly begin.

"The most mature customers, they go hunting for their blind spots," Crummey added

Response capabilities aside, IBM also intends for the C-TOC to be an on-demand mobile operations center at sporting events or other large-scale gatherings where extra security resources may be needed, Barlow noted.

When it isn't being used for incident response training or supplemental security support, IBM plans to use the C-TOC to drive education and awareness. The center will travel to universities and industry events to teach the incoming generation of workers about security careers.

"We want to provide the educational opportunity, and inspirational opportunity, to get more people in this field," he said.

The C-TOC will be traveling the United States for the next month, visiting client sites, government facilities, and schools. Then it's onward to Europe, where it will work with clients and stop by events in countries across the EU throughout 2019. 

 

(Image: IBM)

(Image: IBM)

Related Content:

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Assignmenthelp
50%
50%
Assignmenthelp,
User Rank: Apprentice
10/22/2018 | 7:38:57 AM
Assignment Help
Hi,

This is fabulous blog. Thanks so much for sharing.

 
How the US Chooses Which Zero-Day Vulnerabilities to Stockpile
Ricardo Arroyo, Senior Technical Product Manager, Watchguard Technologies,  1/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3906
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents.
CVE-2019-3907
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).
CVE-2019-3908
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data.
CVE-2019-3909
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention.
CVE-2019-3910
PUBLISHED: 2019-01-18
Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.