RANGES_Landing_Page_Graphics21.jpg

SANS Cyber Situational Training eXercise (Cyber STX)

The premiere in-depth training and validation cyber range

Overview

The SANS Cyber Situational Training eXercise (Cyber STX) is our premiere in-depth training and validation cyber range. Teams of participants engage in active Red-on-blue battle during an intense free-flowing week defending critical cyber terrain. The red team develops a comprehensive campaign based on one or more specific Advanced Persistent Threat(s), utilizing their same Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) as the given APTs.

SANS instructors and Teaching Assistants (TAs) play the part of blue team coaches and red team / OPFOR operators, creating a highly realistic environment that can measure a blue team’s abilities, the capabilities of their tools and communications, and the effectiveness of their TTPs. Additionally, the Cyber STX can take red teamer skills to the next level. SANS offers the Cyber STX on-site for private events, virtually in a cloud-based environment, or in a mixed mode with participants both local and remote. Cyber STX can include both Information Technology (IT) and Operations Technology (OT) infrastructures, depending on the specific environments participants are called on to protect. From an OT perspective, SANS runs Cyber STX missions with Industrial Control System (ICS) devices for power distribution, power generation, water refinement, port crane operations, manufacturing systems, and more.

Characteristics of Cyber STX

  • Live fire red-on-blue engagement lasting a week
  • Custom, detailed campaign utilizing the TTPs and IOCs of one or more specific Advanced Persistent Threats
  • SANS instructors act as blue team coaches, red teamers and coaches, and white cell organizers
  • Daily shot validation emphasizing lessons learned and planning for subsequent days
  • After Action Review on final day
  • IT and OT environments, with the amount of OT and types of ICS infrastructures determined based on participants’ job needs
  • Run anywhere, with local participants, remote participants, or mixed mode
  • Ideal for teams of 30 to 100+ participants
  • Blue team can utilize their own tools or a set of SANS recommended tools

Who should participate?

  • Military groups seeking in-depth training and validation
  • Cyber Protection Teams
  • Government agencies with responsibilities for defending critical systems
  • Large private industry organizations protecting complex infrastructure


RANGES_Landing_Page_Graphics17.jpg

Cyber STX for Your Team

Build a Cyber STX experience that meets your team’s training needs. SANS will help you to:
  • Define Learning Objectives
  • Develop Scorecards
  • Configure Content & Platform

    Reviews

    NetWars is challenging for all levels of expertise, has great hints if you get stuck, and promotes continuous education.
    Jon-Michael Lacek
    - Wegmans Food Markets
    Core NetWars was challenging but not frustrating for newbies. This is my first time doing NetWars and it has been a blast.
    Rachael Murray
    - Northwestern Mutual
    I'm very impressed with SANS NetWars. The material is relevant and educational, and the tournament-style play is remarkably engaging.
    Adam Tice
    - Lockheed Center for Cyber Security