I like Star Trek. I’ve always wanted to be Captain Kirk (had to pick one…Picard is great too) sitting in that chair on the bridge of the Enterprise with seemingly endless resources at my disposal with a mission to protect the universe. I’m not giving up, but that’s probably not going to happen. However, I do get a bit of the same thrill as I have the opportunity to work in the Critical Incident Response Center lab we have set up at RSA for research and demonstration purposes.

Affectionately known as the “mini-CIRC”, this impressive lab is modeled after the real EMC CIRC and similarly leverages EMC and RSA products into an Enterprise console (see what I did there?). Unlike the production CIRC at EMC, the mini-CIRC has dozens of virtual machines assembled as attackers, malware distribution sites, drop zones, and command & control servers. It allows a group of analysts to operate in a real environment with the real tools and the real screens and try to detect and fend off a real attack.  Make no mistake, this is no screen shot click thru…it’s the real tools with real data that’s being generated in real time…but unlike real life, if something goes horribly wrong in the mini-CIRC we can reset it back and debrief and give it another try.

CIRC-DSC_363

Kobayashi Maru anyone?

This safe environment gives us the opportunity to train analysts on not just the tools but also the techniques, the team dynamics, and the processes and procedures involved in a real attack. Like the Kobayashi Maru in Star Trek we can keep playing the “unwinnable scenario” until we’ve learned the attacker’s techniques and methods. Then we can take this knowledge and ingest it back into our real program. When the Klingons alter their attack, we alter the scenario and can keep our response current.

How Can I Play?

We are working on several ways to allow those with a desire to get access to this resource. RSA Conference will be an opportunity for those who attend the 2013 conference in San Francisco who desire some hands on access to get some. Our Executive Briefing Center also has plans to make this available for those who visit the RSA EBC in Bedford, MA. And for those wanting extensive time and training, RSA Education Services is developing a full course called the Advanced Threat Workshop that includes multiple days in this environment working with a team and assuming different roles.

If you’re interested in more information about obtaining the skills and getting the practice required to save the universe, Jason Rader can be contacted via jason.rader@rsa.com

Jason Rader is the Chief Security Strategist for RSA Global Services

Jason Rader
Author: