Eternal vigilance is the key to good security. You need to constantly hunt for cyberthreats or you'll end up being hunted. You can quickly identify a threat amongst the thousands of events that a SIEM tool captures with heightened environmental awareness, meticulous attention to detail, and a tidy presentation of the network logs in the form of intuitive reports and dashboards.
Cyber Detective is an engaging cybersecurity game, where you must progress through 10 levels developed from typical security scenarios, including a suspicious PowerShell process initiated, abnormal number of files created, or phishing emails.
A security analyst's work is similar to that of a detective. You're continuously on the lookout for risks in order to thwart them before they materialize.
The objective of Cyber Detective is to add to your expertise to recognize, assess, and evaluate security threats. The game seeks to offer an intriguing and realistic learning experience that equips players to take on the increasingly complex terrain of cyberthreats and defend enterprises from potential breaches.
From the game, you will explore security use cases such as:
Attackers utilize social engineering techniques to make emails appear authentic and persuade recipients to click links or download attachments. Attackers can still get through, despite employees being trained to be aware of such emails. This makes phishing emails the top initial access vector. Simultaneously, a lot of reported phishing emails are false positives. Evaluating a phishing email requires careful attention.
Here are a few things to look at when investigating a suspected phishing email:
Monitoring user activities is critical to identify occurrences of insider threats and compromised accounts. Suspicious user logon activities can be indicators of potential security breaches or anomalies.
Here are a few examples:
Data exfiltration refers to the unauthorized transmission of sensitive information from a company. This may occur through email attachments or uploads to any SaaS application that employees utilize. Enterprises have to ensure total visibility and audit all user actions in the cloud to keep pace with the growing use of cloud apps. A cloud access security broker (CASB) acts as a gatekeeper between an organization's on-premises infrastructure and the cloud services it uses. The CASB capability of a SIEM solution gives complete visibility into things like upload file size, file name, and file type.
Inevitably, the classification of files based on their sensitivity is vital to detect attempts to modify, copy, and send emails with attachments. By classifying files, the security team can prioritize the most business-critical data and focus their efforts and resources (capital, personnel, and technology) into protecting those assets first.
A malware payload is typically delivered through email attachments, malicious downloads, or exploit kits targeting vulnerabilities in a system. Once delivered, the malware begins its execution.
Here are the typical behaviors of malware to look at:
Are you ready to take the challenge? Play the game now.
You will receive regular updates on the latest news on cybersecurity.
© 2021 Zoho Corporation Pvt. Ltd. All rights reserved.