During the course, the trainees will be required to monitor, investigate and mitigate security incidents that occur in real time using real simulator pre-defined scenarios. The course includes both technical and operational aspects of incident investigation. On the technical side, the trainees will learn about tools and techniques used to investigate the network, and will practice the usage of these tools in the virtual environment. On the operational side, the trainees will learn about working as a team, dividing the tasks of monitoring and investigating between the different team members, drawing conclusions from the gathered information and applying mitigation processes.
The participants will be divided into two groups of 5–6 trainees, who train simultaneously (each trainee at his/her own work station), with each group having its own training network which it needs to protect.
During the training, attack scenarios are executed in different versions for the training network according to mission goals and through competition with the defense actions of the blue teams. The trainees address each event in all its stages, beginning with discovery, response and prevention. A coach accompanies the actions and gives feedback to the trainees.
During the training, the system monitors trainee actions, the events and the supporting processes (SIEM, NMS, EPS) and tracks the achievement of the goals and the point-score of the trainees.
At the conclusion of the training, a coach conducts an investigation of the critical events and the trainee responses during the training, and gives points for improvement.
In addition, the client receives a quantitative and qualitative evaluation of the trainees and follow-up reports for progress.