Red vs. Blue Gamification & Training
Cybersecurity Training...
Modernized
It’s no secret – there is a worldwide skills gap when it comes to cybersecurity, especially in operational technology (OT) security! Whether it’s protecting your company’s network, process control systems, or personally exploring a new career path, accessing the right skills, knowledge, and training is key to bridging that skills gap! ThreatGEN® Red vs. Blue gamification helps answer these skills gap questions:
- WHERE can you find quality cybersecurity and ICS/OT cybersecurity training that is affordable and accessible?
- WHAT experts can help you get your head around your ICS/OT cybersecurity situation, point you in the right direction, and just give me some advice?
- WHEN can you afford the current training solutions in the industrial environment, requiring upwards of $20,000 per person and several days offsite, or even $7,000 or more for virtual training??
-
HOW can you make your cybersecurity training, including
cybersecurity awareness program, more effective and entertaining?
Training for Any Skill Level
Our solution to cybersecurity training and bridging the OT cybersecurity skills gap centers around cutting edge gamification, allowing students of all skill levels to train cybersecurity skills and cybersecurity awareness, in a way that is much more effective, affordable, and easily accessible. Not to mention, entertaining!
Strategic Level Training
Gamification teaches and exercises skills that have been nearly impossible to do so through traditional forms of training - It answers the questions, “how do you teach concepts like cybersecurity strategy and risk management? How can you make cybersecurity awareness training more effective?” The simple answer is: You have to simulate an environment and its associated challenges in a way that allows students to interact and see, first-hand, how cybersecurity works and what happens when it doesn't. By immersing them in an environment where they are in charge of cybersecurity, or playing the part of the attacker, they have an entertaining and memorable learning experience.
ThreatGEN® Red vs. Blue Gamification
The ThreatGEN® Red vs. Blue gamification platform is the industry’s first online multi-player strategy computer game designed to teach real-world cybersecurity. Students of all skill levels can play solo against the computer A.I. or compete against other live players in head-to-head matches, to attack, defend, and control computer networks. ThreatGEN® Red vs. Blue is not based on fiction like consumer games, or a Jeopardy style “cyber” scavenger hunt, often referred to as a “capture the flag (CTF)". This is a live, player vs. player cybersecurity simulation in an immersive and interactive applied learning environment using cutting-edge gamification.
The Gamification Difference
ThreatGEN® Red vs. Blue Gamification differentiators from other training solutions on the market today include:
- Modern approach to learning – interactive, immersive, cost-effective, easily accessible (including cloud delivery)
- Broad audience – beginner, intermediate, and advanced
- Interactive – player vs. player, adversarial simulation, playing against active opponents, either computer A.I. or real-life players in internet or local hot seat multiplayer modes (a true "capture the flag")
- Play as the red team or blue team
- Based on real-world experience from cybersecurity and OT security professionals
- Learn the “hacker” methods, techniques, and strategies - No Prior technical skills required
- “In-game” real-world cybersecurity advice and hints
- Allows you to learn, exercise, and test practical application of strategic and management level skills
What does our flexible solution look like?
The ThreatGEN® Red vs. Blue gamification has 4 different editions (also, see our FAQ for details:
- Game Edition - for game players. Purchase, download and install through the STEAM gaming platform.
- Professional Edition - developed with the professional and education (high schools, colleges, and other educational institutions) audiences in mind; this has multiple install and delivery options, including cloud delivery.
- Enterprise Edition - Professional Edition with customized experiences including custom network maps, learning objectives, action tree(s), and more.
- CTF Edition - This is straight up, head-to-head, attack and defend cyber-warfare. A true traditional capture the flag. And the best part is, anyone can play, beginners and professionals, technical and non-technical alike!
| Feature | Description |
| Single Player | Play alone, as red or blue, against the computer A.I. |
| Internet Multiplayer | Play against another person, as red or blue, via the internet |
| Tutorial* | Walks the player through the basic functions of the game |
| Multiple Network Maps* | Players can choose which blue team map they want to use, or have one randomly chosen |
| Non-Steam Delivery | Delivery through web browser or standalone application installer |
| Supports Multi Seat Licensing | Multiple seats can be purchased under a single license |
| In-Game Teaching |
Advice is given throughout the game to help players |
| Scenarios* | Preset game conditions, settings, and objectives offering players new challenges |
| Challenges* | Similar to scenarios but smaller in scope usually meant to test a single concept |
| Maps to Certification Learning Objectives* | Learning objectives mapped to popular certifications such as CISSP and GICSP |
| Custom Network Maps* | Maps created to look like the customers network (created by ThreatGEN) |
| Custom Learning Objective Mapping* | Learning objectives mapped to a specific curriculum (created by ThreatGEN) |
| Custom Actions Tree | Custom actions created based on customer’s needs (created by ThreatGEN) |
| Leaderboards | Scoreboard displaying each player ranked by score |
*Coming Soon
Performance Analytics
Maximize Training and Evaluate Performance with Player and Game Analytics
In order to maximize training efficiency and effectiveness, you need to be able to track student performance. When you combine the power of gamification with performance tracking and analytics, you have an unparalleled tool like never before, which will help maximize your cybersecurity training and even your overall cybersecurity program! It is often said that the weakest link in any cybersecurity program is the "human factor". By analyzing and identifying the specific areas where your employees and cybersecurity staff are weakest (not by using multiple choice tests but actual applied application, enabled by gamification), you are able to pinpoint the exact areas where you need to focus your cybersecurity training!
ThreatGEN® Red vs. Blue is the first ever cybersecurity training platform to combine gamification, red team vs. blue team mechanics, and performance tracking and analytics, creating the most effective and modernized cybersecurity training method available today.
ThreatGEN® Red vs. Blue Resources
ThreatGEN® Red vs. Blue Curriculums
Defending Operational Technology (OT) networks and assets requires more than a single solution, and it’s not a just matter of deploying “best practices” and “layered defense” – it’s a combination of proactive and reactive strategies such as vulnerability assessments, network segmentation, system hardening and threat monitoring. Most organizations are limited in their ability to deploy even the most basic security controls due to lack of required skills.
That’s where our ThreatGEN® Red vs. Blue gamification meets the virtual classroom in our ThreatGEN® Red vs. Blue curriculum!
Our Differentiators
Using cutting-edge technology combined with proven methods, ThreatGEN delivers a revolutionary new and entertaining way to learn practical & effective OT cybersecurity and risk management skills – from beginner to technical levels. ThreatGEN has a training program to meet your needs, whether you:
- need security skills training,
- want to learn how to build an entire industrial cyber risk management program, or
- just want to learn how to build a cost-effective security strategy on a limited budget.
Why gamification and why use it in our ThreatGEN® Red vs. Blue curriculum?
Simple, it provides an environment to experience, “to simulate” the issues instead of just reading or talking about them while bringing YOU into the cybersecurity world with a game – gamification!
Our ThreatGEN® Red vs. Blue curriculum, delivered live in a classroom or virtual, build upon real world experience that our OT security professionals gained delivering our ThreatGEN OT Security Services and use our ThreatGEN® Red vs. Blue gamification to simulate the issues faced within your environments in real life.
ThreatGEN delivers our ThreatGEN® Red vs. Blue curriculum in numerous ways, including:
- Virtual courses (see 2020 news)
- Live courses brought to your site, delivered in person by one of our ThreatGEN professionals or one of our partners
- ThreatGEN “byte-sized” video sessions delivering short training
- Learning Management System (LMS) integration (coming soon)
Our courses
ThreatGEN training series brochure | ICS 101 brochure
Course Overview
Industrial security should be ingrained in your company's culture, equivalent to safety. Cyber incident preparedness begins with people. This class starts from a strategic perspective, helping students “get their head around” the big picture. It introduces beginner to intermediate topics such as OT/ICS vulnerabilities, “hacker” methodologies, and security controls at a comfortable and easy to follow pace. These topics are then exercised and reinforced using ThreatGEN® Red vs. Blue cybersecurity training game and other hands-on simulations.
This course will help students gain an understanding of the overall cyber risk management program and strategy, as well as OT/ICS vulnerabilities, basic adversary methods, and the security controls and strategies to defend against them.
ThreatGEN training series brochure | ICS 201 brochure
Course Overview
This course builds upon the knowledge gained in ICS 101 by applying technical cyber risk and vulnerability assessment skills. Through a combination of lecture and hands-on labs, students will learn how to perform standards-based gap assessments and technical ICS vulnerability assessments using industry standard tools and applications. In addition to standard methodologies, they will also learn “ICS safe” methods. Finally, they will tie it all together by learning consequence-driven risk calculation methods.
Bonus Content
Students will have access to our “Linux for Beginners” eLearning course as well as a bonus lab where students will learn how to use VBA and PowerShell scripts (in a way that students of all levels can follow and utilize) to automate vulnerability assessment data analysis and maximize the value of vulnerability scanning tool reports.
Course overview and brochure coming soon.
What the Red vs. Blue Training?
Security aware and knowledgeable users serve as the “front line” of your overall security posture. As such, training is one of the most essential components of your risk mitigation strategy and overall cybersecurity program. However, without learning cybersecurity from the “hacker’s” perspective and gaining a true understanding of how adversaries attack and compromise OT environments and assets, you’re only getting half of the picture. Without that other half, you’re essentially blindly deploying generic security controls and “best practices”.
Layered defense is a great concept, but few organizations have the resources to deploy every layer effectively, and in most case, it still ends up being a waste of resources.
In order to have an efficient and cost-effective risk mitigation strategy, you must understand not only where your vulnerabilities are, but also the tactics that attackers will use to exploit these vulnerabilities. Red vs. Blue Training provides the opportunity to learn these adversarial tactics in conjunction with the defensive methods.
Then, students get to apply the skills they learn as they face off in a head-to-head competition, Blue Team (the defenders) against Red Team (the attackers) - no prior technical skills required! The aspect of competition against a live adversary also helps student realize that cybersecurity is not "set it and forget it." Instead, it provides them the opportunity to develop, and adjust, risk mitigation strategies as an opponent actively counters and modifies their tactics and strategies, in real-time.
Our World Renown Experts Come Out of the trenches to Deliver ThreatGEN® Red Vs. Blue…
by Clint Bodungen & Aaron Shbeeb
by Pascal Ackerman
by Pascal Ackerman