网络安全事件模拟@Uber
All the best things come in threes: the Three Musketeers, the Three Stooges, and, of course, your favorite three-cheese pizza ordered via the UberEats app. Engineering Security (EngSec) at Uber agrees and we have formed our own trio for how we simulate cybersecurity incidents at Uber to exercise our ability to act decisively should an incident occur. This three-pronged approach consists of tabletop exercises, red team operations, and atomic simulations.
所有最好的东西都是三人行:三个火枪手,三个臭皮匠,当然还有你最喜欢的通过UberEats应用程序订购的三层奶酪比萨。Uber的工程安全部(EngSec)同意这一点,我们已经形成了自己的三人组,用于模拟Uber的网络安全事件,以锻炼我们在事件发生时果断行动的能力。这种三管齐下的方法包括桌面演习、红队行动和原子模拟。
Importance of Cybersecurity Incident Simulations
网络安全事件模拟的重要性
While having strong preventative measures in place is vitally important, it is essential that key people and functions are well prepared to both act, and importantly act together, should an incident occur.
虽然制定强有力的预防措施是非常重要的,但关键人物和职能部门必须做好准备,一旦发生事故,就能采取行动,而且重要的是要共同采取行动。
Multiple approaches can help reap the full benefits of cybersecurity incident simulations, and each approach can have different benefits and limitations. For example, a simulation requiring a large amount of planning can result in more sophistication and realism, but the preparation time can limit how frequently this type of simulation can be conducted. When combined, our trio of simulations provide an array of options for cybersecurity incident response readiness.
多种方法可以帮助收获网络安全事件模拟的全部好处,每种方法都会有不同的好处和限制。例如,需要大量计划的模拟可以带来更多的复杂性和真实性,但准备时间会限制这种类型的模拟的开展频率。如果结合起来,我们的三重模拟为网络安全事件响应准备提供了一系列的选择。
Architecture of Our Approach
我们方法的架构
Each of our three different simulation methods has its own unique focus:
我们三种不同的模拟方法都有其独特的重点:
Tabletop Exercises (TTX)
桌面演习(TTX)
These exercises simulate a security incident over a multi-hour event. TTXs complement more technical simulations by focusing on processes, roles, and equipping leaders to make decisions. The following objectives are ones that we have identified as being broadly applicable to all of our TTXs and we reflect on these post-TTX to determine t...