Imagine a team of IT security professionals connecting to a simulated security environment, when suddenly one of them sees an anomaly in the data. The individual and others in the team now go on to try and understand what is happening and they identify that an unauthorized party has gained access to their infrastructure and confidential data. What do they do next? Do they have run books or incident response play books to follow? How do they detect the extent of damage and confirm if a data breach has actually occurred? How do they conduct forensics on the event, and how do they remediate the problem and try to ensure that it does not recur?
All this and more can be practiced in a simulated real-life scenario using a cyber range.
Why use a cyber range as a training tool
In the arenas of combat, competitions and highly skilled professions, we all know that readiness is a key factor. Military services on a daily basis train by simulating real-life combat situations to make sure that they maintain healthy readiness and work on continuously improving skills to stay a few steps ahead of the enemy. They engage in drills on a daily basis. Similarly, sports teams, to compete every week, make sure that their players participate in various drills between games and during off-season to maintain a high level of readiness. Teams train together to build strong muscle memory by imitating real game situations and thereby allow themselves to be agile in responding to plays from the opposite team. Airline pilots have been trained on flight simulators for decades in order to be sure that they are completely prepared during flights where they are responsible for the lives of several passengers.
Cyber warfare is real and here to stay! As we progress in the era of the internet and as we prepare for combat with hackers, hacktivists and nation-states, IT security staff need to prepare their own drill regimen, run books and prepare themselves to be truly aware of what can come at them, practice the response and simulate different kinds of scenarios so that are minimal surprises when the cyber attack does occur.
What is a cyber range?
Like we have shooting ranges for the military, and baseball has batting cages, football has drills for offensive and defensive teams, IT security personnel need a cyber range to learn various basic skills and hone special skills to identify, detect and respond to ever evolving cyber threats.
According to the National Institute of Standards and Technology (NIST), cyber ranges are interactive, simulated representations of an organization’s local network, system, tools, and applications that are connected to a simulated Internet level environment. They provide a safe, legal environment to gain hands-on cyber skills and a secure environment for product development and security posture testing.
Types of cyber ranges
There are different kinds of cyber ranges available. There are physical cyber ranges where people get together in one location and log into a central system. Virtual cyber ranges are also fast gaining traction, where IT security personnel sitting at their desks can log into virtual cyber ranges and practice various drills and complex scenarios of multiple types of cyber incidents. Universities are beginning to add cyber ranges to the facilities for teaching cyber security to students and professionals.
Like a typical IT security responder will have to deal with malware, ransomware, web defacement, DDOS attacks, and more, a company can choose these scenarios in a cyber range to simulate the situation where the team will have to identify a threat, where it is originating, how it is spreading, what kind of threat it is, how to contain it, how to clean it, how to do forensic investigations on it, and to remediate it. Some of the features of these cyber ranges are that they capture every keystroke of the responder - this allows peers and supervisors to assess readiness levels, gaps in skills and can help them tailor training for the responders in specific areas of weaknesses, and to improve existing skills.
What differentiates a cyber range from regular training
A cyber range does not replace your security training program, it augments it. A cyber range takes all of the theoretical skills learnt from courses and through certifications and applies them to real life scenarios, where a person can apply all the knowledge they have acquired to a seemingly real cyber attack. This is similar to how an airline pilot first learns the skills to fly a plane and how to operate the controls, and then participates in simulation exercises in conjunction with other flying lessons and practice hours. The flight simulator allows airline pilots to take all of these disparate skills and actually conduct a flight end to end in a controlled simulated environment. Even experienced pilots go through simulations to practice new skills, strengthen existing skills or learn how to fly new aircraft. Similarly, IT security staff may take individual training on using a SIEM, or configuring a firewall, or how to identify, detect and respond to threats, but the cyber range brings it all together in a practical incident response experience.
It is estimated that 20% of companies will be using cyber ranges by 2022. Learn how and why leading companies of all sizes are incorporating cyber range technologies and simulation exercises into their security budgets. The increasing shortage of experienced cybersecurity professionals requires companies to take a different approach on how to hire, train, retain, and keep their SOC Analysts and cybersecurity defenders prepared for any type of attack, especially as the threat landscape increases. Learn what the varieties of cyber ranges are as well as what to consider when looking for a way to accelerate the practical cyber incident management training experience for your security team.