sangfor-security-cyber-resilience-challenge-outsmarting-threats-with-mdr.pdf
vergiehadiana2
0 views
29 slides
Oct 14, 2025
Slide 1 of 29
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
About This Presentation
sangfor-security-cyber-resilience-challenge-outsmarting-threats-with-mdr
Slide Content
Cyber Resilience
Challenge:
Outsmarting Threats
with MDR
An Interactive Workshop
Experience
Sangfor International Roadshow 2025
AnggerJatraRianza| Security Presales Manager
[email protected]
Challenge:
Outsmarting Threats
with MDR
An Interactive Workshop
Experience
Sangfor International Roadshow 2025
AnggerJatraRianza| Security Presales Manager
[email protected]
Sangfor International Roadshow 2025|Page2
Introduction
The use of AI in
cyber attacks are
increasing.
Ransomware is
growing at
an alarming rate.
Digital transformation
introduces new attack
surfaces.
Introduction
The use of AI in
cyber attacks are
increasing.
Ransomware is
growing at
an alarming rate.
Digital transformation
introduces new attack
surfaces.
Sangfor International Roadshow 2025|Page3
Understand real-world
cybersecurity decision-
making through
interactive games.
See how MDR services can
help enhance your cyber
resilience.
Learn about effective
Security Operations while
having fun at the same time.
Learn. Decide. Compete
Understand the challenges security professionals face in their day-to-day work to protect their organizations,
and the critical role that security operations play in achieving this goal.
Understand real-world
cybersecurity decision-
making through
interactive games.
See how MDR services can
help enhance your cyber
resilience.
Learn about effective
Security Operations while
having fun at the same time.
Learn. Decide. Compete
Understand the challenges security professionals face in their day-to-day work to protect their organizations,
and the critical role that security operations play in achieving this goal.
Sangfor International Roadshow 2025|Page4
IndividualGroups
What’s on the Agenda
Hack or Be
Hacked
Warm-Up
The Cyber Attack
Story
GAME #1
The Cyber Crisis
Showdown
GAME #2
KEY
TAKEAWAYS
IndividualGroups
What’s on the Agenda
Hack or Be
Hacked
Warm-Up
The Cyber Attack
Story
GAME #1
The Cyber Crisis
Showdown
GAME #2
KEY
TAKEAWAYS
Sangfor International Roadshow 2025|Page5
Warm Up Time –Hack or Be Hacked?
What would you do if your company
was attacked right now?
A
B
C
D
E
Call the IT/security team immediately
Disconnect affected systems from the network
Wait for more information before acting
Notify leadership and legal teams
Panic! I have no idea what to do
Warm Up Time –Hack or Be Hacked?
What would you do if your company
was attacked right now?
A
B
C
D
E
Call the IT/security team immediately
Disconnect affected systems from the network
Wait for more information before acting
Notify leadership and legal teams
Panic! I have no idea what to do
Sangfor International Roadshow 2025|Page6
A Lot Can Happen in 10 Seconds
Rapid encryption of critical server files.
DDoS can crash servers and bring down critical services.
Attackers can exploit an unknown zero-day vulnerability
and take over critical servers.
Malware can laterally spread and infect multiple critical
systems across a data center.
Attackers can breach and subsequently exfiltrate or
manipulate data.
A Lot Can Happen in 10 Seconds
Rapid encryption of critical server files.
DDoS can crash servers and bring down critical services.
Attackers can exploit an unknown zero-day vulnerability
and take over critical servers.
Malware can laterally spread and infect multiple critical
systems across a data center.
Attackers can breach and subsequently exfiltrate or
manipulate data.
Sangfor International Roadshow 2025|Page7
Reality Check…
•Many companies react too
slowly or take ineffective actions
in the heat of the moment.
•Delays in detection and
containment lead to greater
damage (e.g., ransomware
spreading, data exfiltration).
Athena MDR provides real-time visibility, rapid
threat containment and expert response that
every company needs to enhance their
security operations.
In Reality
24 x 7 continuous proactive monitoring.
Early detection to stop cyber attacks
before it causes serious damage
Expert-led response to minimize the
impact of cyber attacks.
Reality Check…
•Many companies react too
slowly or take ineffective actions
in the heat of the moment.
•Delays in detection and
containment lead to greater
damage (e.g., ransomware
spreading, data exfiltration).
Athena MDR provides real-time visibility, rapid
threat containment and expert response that
every company needs to enhance their
security operations.
In Reality
24 x 7 continuous proactive monitoring.
Early detection to stop cyber attacks
before it causes serious damage
Expert-led response to minimize the
impact of cyber attacks.
Sangfor International Roadshow 2025|Page8
The Cybersecurity Story
-Choose Your Fate
GAME #1
The Cybersecurity Story
-Choose Your Fate
GAME #1
Sangfor International Roadshow 2025|Page9
Game #1: The Cyber Attack Story
There are no WRONGanswers, only DIFFERENT OUTCOMES.
1
2
3
4
5
Game Instructions
You will be presented with a series of
cyber attack scenarios.
For each scenario, choose your
response from the available options.
Your score will be based on the
option you select.
After each scenario, we will discuss
the outcomes of the responses.
At the end of the game, tally your
score and see your security
awareness rating.
Game #1: The Cyber Attack Story
There are no WRONGanswers, only DIFFERENT OUTCOMES.
1
2
3
4
5
Game Instructions
You will be presented with a series of
cyber attack scenarios.
For each scenario, choose your
response from the available options.
Your score will be based on the
option you select.
After each scenario, we will discuss
the outcomes of the responses.
At the end of the game, tally your
score and see your security
awareness rating.
Sangfor International Roadshow 2025|Page10
Your options:
Ignore the issue and restart the device.
Report the issue to IT.
MDR detects the malware, isolates the device and blocks the execution.
Disconnect the device from the network immediately.
A
B
C
D
Game #1: The Cyber Attack Story
Scenario 1: Ransomware Infection
Youworkremotelyandfrequentlyreceiveinvoicesfromvendors.Oneday,youdownloadaninvoice
attachmentfromanunknownsender.Momentslater,yourscreenfreezes,andastrangemessage
appearsdemandingpaymenttounlockyourfiles.Whatdoyoudonext?
Your options:
Ignore the issue and restart the device.
Report the issue to IT.
MDR detects the malware, isolates the device and blocks the execution.
Disconnect the device from the network immediately.
A
B
C
D
Game #1: The Cyber Attack Story
Scenario 1: Ransomware Infection
Youworkremotelyandfrequentlyreceiveinvoicesfromvendors.Oneday,youdownloadaninvoice
attachmentfromanunknownsender.Momentslater,yourscreenfreezes,andastrangemessage
appearsdemandingpaymenttounlockyourfiles.Whatdoyoudonext?
Sangfor International Roadshow 2025|Page11
Game #1: The Cyber Attack Story
??????Score: -10
Malware stays active, encrypting
company files and demanding a ransom.
??????Score: +5
IT isolates the device, but ransomware
has already spread to shared drives.
✅Score: +10Infection is stopped before it spreads.
??????Score: +7
Prevents further spread, but local files
remain encrypted.
Scenario 2: Ransomware Infection
Ignore the issue and restart the
device.
Report the issue to IT.
MDR detects the malware, isolates the
device and blocks the execution.
Disconnect the device from the network
immediately.
A
B
C
D
Game #1: The Cyber Attack Story
??????Score: -10
Malware stays active, encrypting
company files and demanding a ransom.
??????Score: +5
IT isolates the device, but ransomware
has already spread to shared drives.
✅Score: +10Infection is stopped before it spreads.
??????Score: +7
Prevents further spread, but local files
remain encrypted.
Scenario 2: Ransomware Infection
Ignore the issue and restart the
device.
Report the issue to IT.
MDR detects the malware, isolates the
device and blocks the execution.
Disconnect the device from the network
immediately.
A
B
C
D
Sangfor International Roadshow 2025|Page12
Game #1: The Cyber Attack Story
Scenario 2: Insider Threat
AspartoftheITteam(orHR),youmonitoruseraccesspatterns.Younoticethataprivilegedemployee
hasbeenaccessingsensitiveHRandfinancialrecordsoutsidenormalbusinesshours.Noformalrequest
forthisdataaccesswasmade.Howdoyourespond?
Your options:
Do nothing –it might be normal work activity.
Manually review access logs next week.
Confront the employee and ask for an explanation.
MDR flags unusual behaviorand alerts security, triggering an investigation.
A
B
C
D
Game #1: The Cyber Attack Story
Scenario 2: Insider Threat
AspartoftheITteam(orHR),youmonitoruseraccesspatterns.Younoticethataprivilegedemployee
hasbeenaccessingsensitiveHRandfinancialrecordsoutsidenormalbusinesshours.Noformalrequest
forthisdataaccesswasmade.Howdoyourespond?
Your options:
Do nothing –it might be normal work activity.
Manually review access logs next week.
Confront the employee and ask for an explanation.
MDR flags unusual behaviorand alerts security, triggering an investigation.
A
B
C
D
Sangfor International Roadshow 2025|Page13
Game #1: The Cyber Attack Story
??????Score: -10
The user steals confidential data and
leaks it externally.
??????Score: +5
Suspicious activity is detected too late –
data has already been stolen.
??????Score: +5
The insider denies wrongdoing and
continues exfiltrating data.
✅Score: +10
Early detection stops the breach before
data is stolen.
Scenario 3: Insider Threat
Do nothing –it might be normal
work activity.
Manually review access logs next week.
Confront the employee and ask for an
explanation.
MDR flags unusual behaviorand alerts
security, triggering an investigation.
A
B
C
D
Game #1: The Cyber Attack Story
??????Score: -10
The user steals confidential data and
leaks it externally.
??????Score: +5
Suspicious activity is detected too late –
data has already been stolen.
??????Score: +5
The insider denies wrongdoing and
continues exfiltrating data.
✅Score: +10
Early detection stops the breach before
data is stolen.
Scenario 3: Insider Threat
Do nothing –it might be normal
work activity.
Manually review access logs next week.
Confront the employee and ask for an
explanation.
MDR flags unusual behaviorand alerts
security, triggering an investigation.
A
B
C
D
Sangfor International Roadshow 2025|Page14
Game #1 Wrap-Up
✓Athena MDR enables faster threat
detection, particularly in situations where
the customer lacks the resources to
detect threats.
✓Athena MDR responds immediately to
ensure that threats do not spread.
✓Athena MDR security experts take a
proactive and holistic approach, relying
on both tools and experience to manage
security incidents.
✓Slow or delayed threat detection
✓Human error & lack of security
awareness
✓Incomplete or ineffective response
✓Limited security resources or
expertise
✓Lack of proactive security
measures
Game #1 Wrap-Up
✓Athena MDR enables faster threat
detection, particularly in situations where
the customer lacks the resources to
detect threats.
✓Athena MDR responds immediately to
ensure that threats do not spread.
✓Athena MDR security experts take a
proactive and holistic approach, relying
on both tools and experience to manage
security incidents.
✓Slow or delayed threat detection
✓Human error & lack of security
awareness
✓Incomplete or ineffective response
✓Limited security resources or
expertise
✓Lack of proactive security
measures
Sangfor International Roadshow 2025|Page15
The Cyber CrisisShowdown
-Can You Outsmart the Attack
GAME #2
The Cyber CrisisShowdown
-Can You Outsmart the Attack
GAME #2
Sangfor International Roadshow 2025|Page16
Game #2: The Cyber Crisis Showdown
BREAKING NEWS!! Cybercriminals are launching sophisticated attacks
against Arcorp Corporation.
You are the CISO / IT Manager for Arcorp
Corporation. You just received news that your
company is being targeted for a series of
cyber attacks.
Your task is to navigate these threats using
whatever means are available to you.
Game #2: The Cyber Crisis Showdown
BREAKING NEWS!! Cybercriminals are launching sophisticated attacks
against Arcorp Corporation.
You are the CISO / IT Manager for Arcorp
Corporation. You just received news that your
company is being targeted for a series of
cyber attacks.
Your task is to navigate these threats using
whatever means are available to you.
Sangfor International Roadshow 2025|Page17
Game #2: The Cyber Crisis Showdown
Game Instructions
1.You will be given 1 crisis scenarios.
2.Your task for each scenario is to choose the best option to
minimize operational downtime and financial loss.
3.This game will be played in 2 rounds.
i.Round 1: You will respond to cyber incidents using in-
house approaches.
ii.Round 2: You will handle the same incidents, but with
MDR supporting your response.
4.By the end, you will compare outcomes to understand how
MDR improves your cybersecurity resilience.
Game #2: The Cyber Crisis Showdown
Game Instructions
1.You will be given 1 crisis scenarios.
2.Your task for each scenario is to choose the best option to
minimize operational downtime and financial loss.
3.This game will be played in 2 rounds.
i.Round 1: You will respond to cyber incidents using in-
house approaches.
ii.Round 2: You will handle the same incidents, but with
MDR supporting your response.
4.By the end, you will compare outcomes to understand how
MDR improves your cybersecurity resilience.
Sangfor International Roadshow 2025|Page18
Game #2: The Cyber Crisis Showdown
FIGHT !!!
Game #2: The Cyber Crisis Showdown
FIGHT !!!
Sangfor International Roadshow 2025|Page19
Game #2: The Cyber Crisis Showdown –Round 1
What do you do?
Attempt to restore from backup.
Isolate infected items manually.
Contact external IR teams.
Pay the ransom.
A
B
C
D
Scenario 1: Ransomware Attack
Your company’s critical systems are suddenly
locked. Employees can’t access files, and a
ransom note appears demanding payment in
cryptocurrency. Panic spreads as production is
impacted. Every minute lost means more
encrypted data, increasing the risk of financial
loss and downtime.
Game #2: The Cyber Crisis Showdown –Round 1
What do you do?
Attempt to restore from backup.
Isolate infected items manually.
Contact external IR teams.
Pay the ransom.
A
B
C
D
Scenario 1: Ransomware Attack
Your company’s critical systems are suddenly
locked. Employees can’t access files, and a
ransom note appears demanding payment in
cryptocurrency. Panic spreads as production is
impacted. Every minute lost means more
encrypted data, increasing the risk of financial
loss and downtime.
Sangfor International Roadshow 2025|Page20
Game #2: The Cyber Crisis Showdown –Round 1
Scenario 1: Ransomware Attack
A
B
C
D
Attempt to restore from
backup.
Partial recovery, extended downtime,
potential data loss, backups may also
be encrypted.
Isolate infected items
manually.
Slows down the spread but does not
fully prevent damage.
Contact external IR teams.
Professional expertise but expensive
and slow.
Pay the ransom.
High financial cost, no assurance of
success, increased likelihood of future
targeting.
??????Score: +5
??????Score: +5
??????Score: +5
??????Score: -10
Game #2: The Cyber Crisis Showdown –Round 1
Scenario 1: Ransomware Attack
A
B
C
D
Attempt to restore from
backup.
Partial recovery, extended downtime,
potential data loss, backups may also
be encrypted.
Isolate infected items
manually.
Slows down the spread but does not
fully prevent damage.
Contact external IR teams.
Professional expertise but expensive
and slow.
Pay the ransom.
High financial cost, no assurance of
success, increased likelihood of future
targeting.
??????Score: +5
??????Score: +5
??????Score: +5
??????Score: -10
Sangfor International Roadshow 2025|Page21
Game #2: The Cyber Crisis Showdown –Round 1
Many organizations face these problems, especially when running in-house
security operations with limited resources and a lack of cybersecurity capabilities.
Slow and Reactive Response
Partial or Ineffective
Mitigation
High Cost and
Business Disruption
Game #2: The Cyber Crisis Showdown –Round 1
Many organizations face these problems, especially when running in-house
security operations with limited resources and a lack of cybersecurity capabilities.
Slow and Reactive Response
Partial or Ineffective
Mitigation
High Cost and
Business Disruption
Sangfor International Roadshow 2025|Page22
Game #2: The Cyber Crisis Showdown –Round 2
Round 1 Outcome: Struggled with slow response, leading to financial loss and downtime.
A
B
C
D
MDR detects early signs of ransomware using
behavioralanalytics.
MDR triggers an immediate investigation and provides
step-by-step guidance for response.
MDR identifies suspicious behaviorand blocks the attack before
encryption occurs.
MDR provides forensic analysis after the attack, ensuring
vulnerabilities are patched to prevent recurrence.
Scenario 1: Ransomware Attack
Your company’s critical systems are suddenly locked. Employees can’t access files, and a ransom
note appears demanding payment in cryptocurrency. Panic spreads as production is impacted.
Every minute lost means more encrypted data, increasing the risk of financial loss and downtime.
Game #2: The Cyber Crisis Showdown –Round 2
Round 1 Outcome: Struggled with slow response, leading to financial loss and downtime.
A
B
C
D
MDR detects early signs of ransomware using
behavioralanalytics.
MDR triggers an immediate investigation and provides
step-by-step guidance for response.
MDR identifies suspicious behaviorand blocks the attack before
encryption occurs.
MDR provides forensic analysis after the attack, ensuring
vulnerabilities are patched to prevent recurrence.
Scenario 1: Ransomware Attack
Your company’s critical systems are suddenly locked. Employees can’t access files, and a ransom
note appears demanding payment in cryptocurrency. Panic spreads as production is impacted.
Every minute lost means more encrypted data, increasing the risk of financial loss and downtime.
Sangfor International Roadshow 2025|Page23
Game #2: The Cyber Crisis Showdown –Round 2
MDR detects early signs of
ransomware using behavioural
analytics.
The attack is contained before
widespread damage. No ransom
payment is needed, and recovery
is fast.
MDR triggers an immediate investigation and
provides step-by-step guidance for response.
The attack is contained, but some
systems experience short downtime
before full recovery.
MDR identifies suspicious behavior and blocks
the attack before encryption occurs.
The ransomware attack is stopped
before any damage happens,
keeping business operations
uninterrupted.
MDR provides forensic analysis after the attack,
ensuring vulnerabilities are patched to prevent
recurrence.
Recovery is effective, but initial
damage occurred due to delayed
detection.
✅Score: +10
??????Score: +5
✅Score: +10
??????Score: +5
Scenario 1: Ransomware Attack
A
B
C
D
Game #2: The Cyber Crisis Showdown –Round 2
MDR detects early signs of
ransomware using behavioural
analytics.
The attack is contained before
widespread damage. No ransom
payment is needed, and recovery
is fast.
MDR triggers an immediate investigation and
provides step-by-step guidance for response.
The attack is contained, but some
systems experience short downtime
before full recovery.
MDR identifies suspicious behavior and blocks
the attack before encryption occurs.
The ransomware attack is stopped
before any damage happens,
keeping business operations
uninterrupted.
MDR provides forensic analysis after the attack,
ensuring vulnerabilities are patched to prevent
recurrence.
Recovery is effective, but initial
damage occurred due to delayed
detection.
✅Score: +10
??????Score: +5
✅Score: +10
??????Score: +5
Scenario 1: Ransomware Attack
A
B
C
D
Sangfor International Roadshow 2025|Page24
Game #2: The Cyber Crisis Showdown
✓Athena MDR enables proactive
defense to prevent incidents before the
issue escalates.
✓Athena MDR leverages expert driven-
analysis combined the advanced
technology to ensure accurate
detection to reduce reaction time.
✓Athena MDR provides expert guidance
to effectively handle security threats,
acting as an extension of the security
team.
✓Slow threat detection and response
✓Lack of 24/7 monitoring
✓Limited expertise and resources
✓Ineffective manual processes
✓High business impact & costs
Game #2: The Cyber Crisis Showdown
✓Athena MDR enables proactive
defense to prevent incidents before the
issue escalates.
✓Athena MDR leverages expert driven-
analysis combined the advanced
technology to ensure accurate
detection to reduce reaction time.
✓Athena MDR provides expert guidance
to effectively handle security threats,
acting as an extension of the security
team.
✓Slow threat detection and response
✓Lack of 24/7 monitoring
✓Limited expertise and resources
✓Ineffective manual processes
✓High business impact & costs
Sangfor International Roadshow 2025|Page25
Key Takeaways
Key Takeaways
Sangfor International Roadshow 2025|Page26
Key Takeaways
Game 1: The Cyber Attack Story –Choose Your Fate
Key Lesson:The right decisions make the difference between a minor security event and a full-scale breach.
Athena MDR provides real-time detection and rapid response, ensuring that businesses don’t rely on slow, manual
processes or human judgment alone.
Game 2: The Cyber Crisis Showdown
Key Lesson:Many organizations struggle to keep up with modern cyber threats due to slow response times, limited
expertise, and reactive approaches. Athena MDR provides a more proactive approach to tackling cyber attacks,
combining accurate threat detection and rapid response to significantly reduce the impact of attacks and
ensurebusiness continuity.
Key Takeaways
Game 1: The Cyber Attack Story –Choose Your Fate
Key Lesson:The right decisions make the difference between a minor security event and a full-scale breach.
Athena MDR provides real-time detection and rapid response, ensuring that businesses don’t rely on slow, manual
processes or human judgment alone.
Game 2: The Cyber Crisis Showdown
Key Lesson:Many organizations struggle to keep up with modern cyber threats due to slow response times, limited
expertise, and reactive approaches. Athena MDR provides a more proactive approach to tackling cyber attacks,
combining accurate threat detection and rapid response to significantly reduce the impact of attacks and
ensurebusiness continuity.
Sangfor International Roadshow 2025|Page27
Athena MDR Business Impact: Why It Matters
Prevents costly breaches–Faster response means less damage, downtime, and financial loss.
Maximizes security investments–24/7 expert monitoring + response is more cost-effective than
hiring multiple security analysts or relying on reactive measures.
Minimizes risk from human error–MDR reduces the chance of mistakes (e.g. execute unknown
email attachment, slow responses, or misconfigured defenses).
Frees up IT teams–Instead of chasing alerts, IT teams can focus on strategic business priorities.
1
2
3
4
Athena MDR Business Impact: Why It Matters
Prevents costly breaches–Faster response means less damage, downtime, and financial loss.
Maximizes security investments–24/7 expert monitoring + response is more cost-effective than
hiring multiple security analysts or relying on reactive measures.
Minimizes risk from human error–MDR reduces the chance of mistakes (e.g. execute unknown
email attachment, slow responses, or misconfigured defenses).
Frees up IT teams–Instead of chasing alerts, IT teams can focus on strategic business priorities.
1
2
3
4
THANK
YOU!
Sangfor International Roadshow 2025
YOU!
Sangfor International Roadshow 2025
Tags
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 0
- Slides 29
- Age 52 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
49 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
48 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
37 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
35 views
21
Know for Certain
DaveSinNM
23 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
26 views