Munich, 19th March 2018 – Three Security Analysts from the Airbus CyberSecurity Security Operations Centre (SOC) in Germany won the 1st prize at this year’s “Boss of the SOC” (BOTS) challenge in Munich. 13 teams and over 40 participants took part in this challenge.
(ltr) Winning team: Udo Götzen (Splunk), Joachim Gebauer (Splunk), Rajko Krall (Security Analyst – Airbus CyberSecurity), Daniel Hanft (Security Analyst – Airbus CyberSecurity), Igor Garofano (Security Analyst – Airbus CyberSecurity), Filip Wijnholds (Splunk)
BOTS, Blue Team Event from Splunk, is a challenging and entertaining one-day competition (Capture the Flag Challenge) where teams of up to four have to answer 50 questions about five different realistic security scenarios in only four hours. Participants slip into the roles of SOC analysts of a brewery and run data investigations to find out the “who”, “how” and “where” of a complete forensic investigation.
The more difficult the questions, the more points the teams could achieve. Time also played an important role. The faster the teams answered the questions, the more points they could achieve. It was also possible to receive tips in exchange with points. Wrong answers lead to penalty points.
The five realistic security scenarios were:
1. Insider Threat
2. Web Application Attacks
3. Ransomware/Malware
4. Advanced Persistent Threat
5. Web Fraud
The winning Airbus CyberSecurity team, called ‘Freeze’, consisted of Igor Garofano, Daniel Hanft and Rajko Krall. They were able to win against the competitors due to their knowledge in IT Security, Splunk, external tools and a successful strategy.
Security Operations Centre (SOC) by Airbus CyberSecurity
The Airbus Security Operations Center (SOC) is a management solution that offers an ideal protection against cyber threats to organisations, authorities and military institutions. The SOC offers an instant security status, as well as the possibility of system monitoring. Configuration, monitoring, reporting and the management of all systems are brought together in one SOC and offer the customer a timesaving and clear process.
More information: https://www.cyber.airbus.com/products-and-services/detect/