Cyber Polygon 2019
International online exercise focusing
on joint response to cyberthreats
Next training — July 8, 2020

2019 Training results
The fight against cybercrime cannot be waged alone. The sooner the public and private sectors learn to cooperate, the faster we can build a safe and secure cyberspace.
24 countries
audience geography
Cyberspace has no borders. This allows cybercriminals to launch attacks from anywhere in the world, while the absence of international laws capable of restricting the actions of attackers regardless of their geolocation gives them a sense of absolute impunity.
The main reason for such situation is the extremely low level of international collaboration. That is why the primary goal of Cyber Polygon is to learn how to respond to relevant cyberthreats in unison.
The training was streamed online and lasted more than 3 hours. Opinion leaders in cybersecurity took part in the broadcast, including representatives from the World Economic Forum, INTERPOL and various related international organisations.
Training makes it quicker
In each scenario, the response from participants was considerably faster come second launch.
Collaboration is the key
7x efficiency recorded when responding to the attacks with the use of the threat data exchange platform.
Competencies differ — uniting them is a must
Each organisation performed better in one scenarios or the other — uniting their efforts allowed to protect everyone equally.
Some threats are still almost irresistible
The ransomware scenario was a great
challenge — only one organisation was able to counter the attack independently.
Through cooperation with each other, all organisations taking part in the training were able to cope with the threats being hurled at them, regardless of their initial level of competencies.
In the real world, this could mean millions or even billions of dollars averted in damages.
3 scenarios
inspired by the most common types of attacks
efficiency recorded during joint response
to the attacks
We chose three scenarios of the most common cyberattacks in 2018.
DDoS Attack
DDoS attack (Distributed Denial of Service attack) involves a set of actions, as a result of which an attacker can render the Internet resources of even the largest organisations inaccessible.

The attack is carried out by sending a targeted flow of traffic, which leads to target systems failing.
Web Application Attack
We chose the SQL injection as the most wide-spread type of web application attacks.

When executing such an attack, a cybercriminal sends requests to the web application database, and by bypassing all protective measures, gains access to all the information stored there: users’ bank card details, passwords and phone numbers, their addresses etc.
Ransomware Attack
Having penetrated the system, this class of malware encrypts files and requires a ransom for decrypting them.

The most common method for distributing such malware is phishing. We did the same in our training.
Training Infrastructure Layout
In achieving the goals set out for the exercise, we recreated an infrastructure of a large organisation to resemble real conditions as closely as possible. To accomplish this, IBM — being the technology partner of the event — provided dedicated physical servers in their cloud. Each infrastructure was originally integrated with security solutions provided by another partner, Fortinet.
All participants were immersed in equal environments — this made it possible to achieve the most realistic results and assess them fairly.
Participants and partners
Red team
Blue teams