Nearly every military branch uses some variation on the phrase “train as you fight,” and for good reason: realistic, hands-on training helps retain skills and can prepare infosec teams for real-world security incidents.
It’s like building muscle memory — you need to put in the work and repeat the drills and exercises until they’re second nature. Airline pilots, surgeons, police officers and firefighters all train using real-world simulations or exercises. The same is true for cyber security, only in this case, mastering that recall means rehearsing threat scenarios that prepare you for incident response.
A cyber range provides the ideal solution for learning these necessary skills, letting you safely create the situations you will face, ensuring your team is ready for whatever an attacker might throw at them. This realism provides that valuable hands-on-keyboard time without the high stakes of a live incident.
But to achieve this level of cyber proficiency, your cyber range training needs to make the grade. Let’s look at five cyber range training best practices that can maximize the effectiveness of your security program.
1. Address skill and knowledge gaps
Chief information security officers (CISOs) in every sector are facing challenges as they try and close cyber security skill and knowledge gaps. And as the threat landscape evolves at light speed and new attack techniques emerge, infosec staff are often forced to learn on the job during cyber security incidents. At this point, it’s often too late to make an impact — like a firefighter learning how to put out a fire as your house burns down.
The reality is that your cyber security training must keep pace with your ever-changing IT infrastructure and the threats targeting it.
As you develop your cyber range curriculum, there are a few questions to keep in mind: has your training kept up with the skills and tactics of attackers targeting your organization? As you’ve scaled your IT infrastructure, are you now vulnerable to specific attacks? Does your team have a hands-on understanding of the steps and procedures needed to stop an active attack? What exercises need to be rehearsed?
Identifying these gaps can help you tailor your courses and content to close them effectively.
2. Deliver training in a “live” environment
Ensure your cyber range has both the content and capabilities to create the realistic conditions that prepare your team for response.
Hands-on practice during training sessions directly translates into proficiency in a live event. The entire point of cyber security training is to build skills that are immediately applicable to the real world.
What better way to do this than by using scenarios based directly on incidents occurring on actual networks? For example, Field Effect’s Cyber Range enables you to recreate an environment identical to your own, delivering training that truly reflects your reality.
3. Introduce the human element
Using a cyber range that can simulate an attack is a must, but it also needs to react to the actions teams and users will take in an actual cyber security incident.
As an example, without a way to replicate the noise attackers rely on to hide their actions — the network traffic, logs, events, files, and other artifacts generated by regular users — security teams can easily spot even the most sophisticated threat scenarios, undermining learning goals.
The problem is that generating this noise and the users that create it is hard. Staging authentic network traffic is time-consuming if you’re scripting it manually.
Look for a cyber range that can automate this without the tedium of manual processes. Field Effect’s Cyber Range provides a Human Actor-Like Orchestration (HALO) feature that can quickly simulate human activity, letting you deliver training that keeps your team on their toes.
4. Choose the right content
Make sure your cyber range training can deliver a variety of content to suit your goals.
Content may be needed to help specific team members build and retain skills for their day-to-day roles. You may also need a range of team-based exercises and courses to help staff learn how to work effectively as a cohesive department, or scenarios that enable them to play the roles and take the actions required for active incident response.
You may also need briefer courses for quick-hit “how-to” guides to get staff up-to-speed on specific tools, or longer courses — even multiple full days — if your teams are learning how to manage response to specific cyber incidents.
Finally, having defined curriculums that can enable reskilling to take on new work roles within your organization can help you better target your training to build truly effective defences.
There are several useful frameworks available that can guide this — the National Institute of Standards and Technology’s (NIST) National Initiative for Cybersecurity Education (NICE) outlines common roles and their required competencies.
Taking the time to make sure course content aligns with your training objectives can provide the education that moves the needle and delivers outcomes.
5. Ensure platform ease-of-use
Ease of use is paramount with cyber range training.
Look for a cyber range that enables an internet-in-a-box with all the tools to easily set up, stage, repeat, and reuse virtual training.
Whether deploying on-prem or in the cloud, your cyber range should support fast and easy deployment — providing that essential hands-on-keyboard experience without requiring more time from busy infosec teams.
Creating, deploying, and running highly detailed virtual cyber security learning environments can be tough. Look for a cyber range that simplifies and automates this process, making it easy to set up, tear down, stop, restart, and repeat challenges. Look for functionality that allows you to reset and rescale training on the fly — with no need to reconfigure devices or clean up artifacts. This will ensure you spend more time on cyber education and less on sorting out technical challenges.
Choose cyber range training that only requires a secure browser and internet connection to get teams into coursework fast.
Finally, it should be easy to customize or create courses for your educational goals. Tailoring content to target the skills your team needs is vital.
Putting it all together
Understanding these cyber range training best practices can ensure your team is ready to face the unknown. Having a platform that incorporates these practices can help you make the most of your training efforts so your team is ready to face cyber criminals.
Field Effect’s Cyber Range delivers exactly that, giving CISOs and infosec teams an intelligence-grade training platform to build skills in a secure virtual and realistic environment.
To learn more about Cyber Range, contact our team at firstname.lastname@example.org today to get started, or sign up for our newsletter below for access to helpful insights about emerging risks, security tips, webinar invites, and much more.