Blogpost

In rugby as in cyber, we are stronger together.

In this article, we explore how the competitive dynamics, defensive formations, and sportsmanship of rugby translate into key elements of effective cyber protection.

Fanch Francis
September 4, 2023
Share
LinkedIn LogoX logo

NANO Corp loves rugby and even sponsors a team, R Se Canto, in the French corporate sports championship.

In this article, we explore how the competitive dynamics, defensive formations, and sportsmanship of rugby translate into key elements of effective cyber protection.

Guys! Next Sunday we're playing on Saturday, got it?

Cyber translation: an attack never comes when expected.

The 3 phases of play, from a defensive viewpoint.

Reactivity and game vision in general movement phases

Whether the opponent chooses a lateral, deep, or vertical axis attack through a high ball, the defense must provide the right response at the right place, without neglecting the possible changes in attack strategies by the opponent.

Cyber translation: A range of solutions must always be available to the CISO to respond to an attack.

Strategic defense in the binding phases (maul, ruck)

Upon an opponent's ruck, the reaction must be immediate, concentrating the necessary means to block the main progression while having resources to counter the forthcoming outflanking. In a maul, if the front players are overwhelmed by the attack's power, others are planned as reinforcements ready to block the intrusion.

Cyber translation: A solid second line of defense is essential in any defense strategy.

The strength of the collective in static phases (scrums, lineouts)

These phases are never improvised in a match; they are the subject of numerous repetitions during training. Each opponent's preferences and habits are meticulously studied before each match.

Cyber translation: Red Team vs. Blue Team at the cyber range, we test and approve possible combinations to best counter today's opponent.

Today we're going to play it simple: forwards in the front, backs in the back!

Cyber translation: A good cyber team is structured.

Team Composition

The front row, hooker and props, is the SIEM.

Just like the front row which constitutes the first rampart in a scrum, the SIEM continuously analyzes the situation to identify intrusions or attack attempts. Its main task is to protect and alert the team about imminent risks.

The second row is the vulnerability management system.

These players are responsible for defending high, intercepting the balls in lineouts and preventing beneficial actions by the opponent. They reinforce the front row in scrums, making any progression by the opponent difficult.

The flankers are the NDR.

That's us 😊. In defense, they cover wide areas, intervening quickly to fill gaps and stop opposing attackers before they can gain ground.

The number eight is the CTI platform.

In the maul, he is the control tower; he anticipates and analyzes the opponent's movements, allowing the team to adapt and counter.

The scrum-half is the incident response platform.

In defense, he is the link between the forwards and backs, coordinating the team's movements and distributing the necessary information to counter any threat.

The fly-half is the SOAR.

He acts as a defensive lock, anticipating the opponent's offenses and orchestrating the team's movements to effectively block any enemy progression.

The centers are the IAM.

They are crucial for preventing central breakthroughs, ensuring that the heart of the defense remains impenetrable.

The wings and the fullback are the EDRs.

Their role is to monitor and intervene against peripheral threats, using their speed to intercept, counter, or eliminate any threat coming from the sides or the rear.

Fanch Francis
September 4, 2023
Share
LinkedIn LogoX logo

Ready to unlock
full network visibility?

More blog posts

Go to the blog