Splunk BOTS: Gamification in Cybersecurity - What Blue Teaming looks like with over 270 Teams across EMEA

Hey There,

Whenever your friends say cybersecurity is boring and that it involves sitting in front of large screens all day - tell them about Splunk Boss of the SOC EMEA 2020!

Splunk is the leader in the security operations field empowering the best and brightest security teams, enabling them to ask as many questions as they want on the ever-growing amount of data generated by any application, cloud service or IoT device in our digital world. 

Splunk security customers know that there is no such thing as that single correlation search or machine learning algorithm that solves cybersecurity. It’s a constant learning process, it’s a maturing process but it does not have to be boring!

I’m so proud that Splunk is not just another SaaS/software vendor - Splunk invests in the community and people - which is where everything begins and security is no different! 

Splunk Boss of the SOC is an Important Part of a Detection and Response Training Plan

“Splunk Boss Of The SOC is our favorite blue team exercise and highlight of the year. We consider BOTS an important part of our detection and response training plan. It’s also just a lot of fun, very competitive and it lets us compare our skill to other similar teams."

^{- Jarand Nikolai Jansen, Security Engineer, Norwegian Tax Administration}

273 Participating Teams, 732 Active Players from over 40 Countries

Recently we executed an EMEA Boss of the SOC. As we had to do it virtually - we were able to go BIG - with over 273 participating teams from over 40 countries. 

Though it may not be representative research on cybersecurity maturity within SOC’s, we put together some fun stats as key takeaways from the event: 

• Finland, with 4 teams participating reached a 3x higher average score than the 15 teams       participating from Spain.
• The UK with the highest number of participating security teams seems to invest most into       cybersecurity in EMEA.
• Germany made it into the top 10 (#9), but for a leading country within EMEA cyber defense       maturity seems low when compared to Finland, Czech, Austria, Switzerland, Norway Ireland and the       UK, suggesting there’s still room for improvement.

During the EMEA BOTS, there were 4 scenarios: Toolchain, Red Team activity Detection, defending an APT group and investigating an Industrial Control Systems (ICS) breach.

Just like in the real world, the teams are thrown into different kinds of situations to find answers to over 90 questions in 4 hours. The teams have to investigate and research data spanning from well-known cloud providers through to lesser-known software solutions. The exercise even included an investigation of an ICS breach that could happen at any given time in our digital world. 

Here is some insight into how the teams from various countries performed:

• Generally, the APT scenario was scored lowest compared to other scenarios;
• Finland scored highest on the ICS scenario, Austria scored one of the lowest, while having a similar amount of teams playing.
• Teams from Poland scored higher than the Dutch teams on toolchain (with a similar amount of teams);
• Switzerland scored highest on detecting the Red Team activity;
• Austria scored highest in the APT scenario, whereas France scored one of the lowest while having a similar amount of teams playing).