[img]{STEAM_CLAN_IMAGE}/34132566/d62364ed46ea17cb8595b1670120fc1d2b0a421c.png[/img] [h2]WHAT’S NEW?[/h2] This latest update represents a pivotal milestone for ThreatGEN® Red vs. Blue. All of the core features and mechanics are now in place for both the game version on Steam as well as the professional platform version. Moving forward, our development efforts will focus on enhancing the entire educational experience with eLearning content and curriculums that support the game, labs and challenges for training curriculums, and several built-in scenarios for incident response (IR) tabletop exercises. But more on all that in a bit. For now, what’s new in this latest update? [h3]PROFIT & LOSS METER[/h3] [img]{STEAM_CLAN_IMAGE}/34132566/74b45fed2a837125f097b3c41e5b40cf04f3cc91.png[/img] Under the threat intelligence score meter, there is a new profit & loss meter. The profit & loss meter represents the financial and production status of the company in relation to cyber outages. When assets are out of service, infected with malware, or having data exfiltrated, the meter will trend downward toward red until the issues are remediated. The more important the asset, the faster the meter will move. When the meter remains in the red for too long, the Blue Team loses. [h3]NEW RED TEAM WIN CONDITION:[/h3] [b]COMPANY PRODUCTION COMPROMISED[/b] This win condition is awarded when the blue team's production drops below a threshold for a set number of turns. [h3][h2]NEW RED TEAM ACTIONS AND STRATEGIES[/h2][/h3] [b]MALWARE[/b] Installing disruptive malware is one way to disrupt the productivity (profit and loss) of the Blue Team. The effects can be amplified by using the malware to exfiltrate data. [b]RANSOMWARE[/b] Ransomware is another devastating tool in the Red Team’s arsenal, which represents one of the most concerning threats in recent times. Unless the Blue Team is lucky enough to have a restore point created prior to the initial compromise, the only recourse they have is to pay the ransom (which is very expensive), crack the ransomware encryption key (which is very difficult to do), or replace the asset. Ransomware is a two-step process. The Red Team must first install ransomware and then activate the ransomware. [h3]NEW BLUE TEAM ACTIONS AND STRATEGIES[/h3] [b]CREATING RESTORE POINTS [/b] System backups are no longer a “one and done” action that improves your overall chances of cleaning a compromised asset. Now, the system backups action enables the ability to create restore points on each asset as a targeted action. When an asset is infected or compromised, the Blue Team can restore the asset to its last known restore point. However, the last restore point was created after the system was infected or compromised, the asset will still be in the infected or compromised state. [b]IMPROVED INCIDENT RESPONSE (IR)[/b] All IR actions have been organized into their own grouping in the action tree view and several new IR actions have been added to improve the overall IR simulation. [img]{STEAM_CLAN_IMAGE}/34132566/576c280bdaedb6a36f7d5b10f1d03af0f3986295.png[/img] [list] [*] [b]Restore from backup[/b] – As already mentioned the Blue Team can restore from backup if they have created a restore point on the affected asset. [*] [b]Disconnect/reconnect the asset from the network[/b] – The Blue Team now has the ability to disconnect assets from the network (disconnect from upstream), effectively isolating them and cutting off further malicious activity. As such, the assets can also be reconnected to the network (reconnect to upstream). [*] [b]Respond to ransomware infections[/b] – Ransomware infections present two additional and unique options. If you have the resources, you can pay the ransomware to recover your infected systems. Or, if you have enough time and security skills training, you can attempt to crack the ransomware encryption key. [/list] [h2]WHAT’S NEXT? [/h2] In the first quarter of 2022, we will be launching our complete ThreatGEN® Red vs. Blue portal, which is a single point of access to not only the Red vs. Blue gamification platform, but also includes a complete array of cybersecurity education material, eLearning courses, guides, resources, and incident response (IR) tabletop exercise support, all leveraging the ThreatGEN® Red vs. Blue gamification platform. In addition to on demand eLearning courses, the Q1 2022 launch will also feature tons of new Red vs. Blue gamification content such as scenarios and labs to support the included courses. Focus on enhancing the analytics and reporting features and dashboards will also be a high priority in early 2022. For organizations wanting to use ThreatGEN® Red vs. Blue to support their IR tabletop exercises, the portal will include built in scenarios and eLearning content to support guided tabletop exercises ready to go “out of the box” without the need for extensive planning or even a facilitator or instructor. For those of you wondering about upcoming DLC and expansions for the Red vs. Blue game version available on Steam... the answer is YES! Look for DLC for the Steam version by mid 2022 and a single player campaign planned to release later in the year! Finally, with the existing Red vs. Blue tournament features, and new CTF capabilities on the way, 2022 will see the emergence of regularly scheduled ThreatGEN® Red vs. Blue public competitions and events! Be on the lookout for announcements soon!