A hallmark of an engaged team is continuous learning and improvement. And this is no different for a SOC (Security Operations Center) team. We believe that readiness is a key aspect of learning and improving and readiness is critical for a SOC teams success. Capture the Flag (CTF) events are one of the best ways that a SOC can remain sharp. We strive to do as many of these as we reasonably can each year.
On Thursday, January 18, 2018, Adobe, in conjunction with Splunk Inc. sponsored a Boss of the SOC competition. The BOTS competition is a Blue Team-focused Capture the Flag (CTF) style competition where contestants play the part of a Security Operations Center analyst. Teams are presented with various questions about multiple security-related scenarios. Some are easy. Some are hard. The teams use a Splunk Search Server, background information, and external sources to answer the questions as quickly and accurately as they can. The contestant with the most points at the end of the competition wins.
The Adobe Security Coordination center and several industry partners joined forces, divided into several different teams, and worked together to test out security skills that included reverse engineering malware, identifying data exfiltration behaviors, and identifying malicious user activity. Each team played the role of security analysts helping a home brewing supply company work through some major incidents they have experienced. The competition used realistic data in Splunk, Splunk Enterprise Security and the wild, wild web, while racing against the clock to identify: the who, the how and the where of a full forensic investigation. Teams were given a series of questions with varying types and degrees of difficulty and received more points if answered quickly. And the harder the question, the more points awarded.
The stellar effort by all teams involved made this event a hugely successful competition. This was a great learning experience for everyone involved. We would like to extend warm congratulations to the winning team which consisted of members of our Adobe team and our industry partners with an amazing performance! We had 48 participants from 5 organizations attend the event and sincerely thank Splunk Inc. for their efforts in supporting the event for us.
Sr. Manager, Security Monitoring