Conclusions
The results of Cyber Polygon suggest the following conclusions:
Training makes it quicker
The second round of each scenario resulted in the participants taking considerably less time to detect and mitigate the attack compared to the fastest participants during the first round. This is partly due to the fact that after getting some practice in the first round, the teams better understood how to withstand the attacks. In the second round of the scenario, the only elements that were changed were the IoC values, and not the attack logic itself, so the participants responded to the threat much faster. This confirms the effectiveness of practical training: teams improved their ability to mitigate attacks and immediately demonstrated progress all within a relatively short amount of time.
Collaboration is the key
Working with the data exchange platform yielded a remarkable decrease in the average time it took to respond to an attack. The best results from using the information sharing platform were obtained in the second scenario: compared to the first round of attacks on the web-based application, in the second round the response was 7 times faster. By exchanging data, the participants mitigated the attack in 2 minutes 31 seconds, as opposed to the longest independent response that took 24 minutes 24 seconds in the first round — the difference between the indicators was almost 22 minutes with a total duration of the scenario set to 30 minutes.
Competencies differ — uniting them is a must
In some cases, the joint efforts made it possible to mitigate even those attacks that would otherwise have been missed. Thus, organization 3 could not cope with the first scenario on its own. However, in the second launch, the use of the platform and the efforts of other participants were enough to protect the organization. In a real situation, this would have saved a company from losses associated with its web resources being unavailable.
Some threats are still almost irresistible
The ransomware infection turned out to be the most difficult scenario for the participants: only one company was able to mitigate the attack independently. Companies showed the best results in the web-based application attack.
Relying on the results gathered from the first training we hope to convince the global community of the efficiency of such exercises and demonstrate the process of global collaboration as a whole, thus attracting more international participants to exercise their cybersecurity capabilities and contribute to our common goal, which is to combat global cybercrime.