February 15, 2023 | Cyber security education
What is a cyber range?
By Noel Murphy
With contributions from Mark Gaudet and Ben Filipkowski.
Cybersecurity skills can’t be taught overnight—and they’re in high demand as organizations everywhere try to build out internal security teams. Yet the specialized level of expertise required for cybersecurity is acquired from time in the cyber trenches analyzing new or potential threats, vulnerabilities, and other incidents that could threaten IT networks and their users.
According to a study from (ISC)2, despite adding some 464,000 professionals to the global cybersecurity workforce in the past year, the security skills gap still increased by 26.2% year-over-year. As such, teams are far too often stuck learning their trade on the job as incidents occur, evaluating the quality of response or how the incident could have been prevented well after the fact. By this time, it is too late to avoid damage, resulting in extensive recovery efforts.
There’s good news, though: there’s a better approach to cybersecurity training.
No form of education is as effective as hands-on, experiential learning. Putting staff in training scenarios that give them valuable hands-on-keyboards experience (in a safe, non-production environment) will allow them to hone their skills without the pressure of a real incident.
Of course, the challenge lies in creating and running realistic training programs that train, test, and evaluate cyber response without requiring considerable resources and time. The training should also be easily repeated, modified, reused, and scaled to fit changing needs—you can imagine the complexities. Without the right tools, the project can become prohibitive for many organizations.
That's where cyber range training excels.
What is a cyber range?
A cyber range platform is a collection of hardware or software that simulates an organization’s network, systems, and even traffic and services, in a safe and controlled virtual environment for cybersecurity training or technology development.
The shortage of skilled cybersecurity professionals, coupled with cybercrime tactics that are becoming more sophisticated, frequent, and damaging, have put cyber ranges into the spotlight. All the attacks a hacker can use can be recreated and simulated within a cyber range—regardless of the technique in question or what it targets. In short, cyber ranges are here to help users learn how to protect against any kind of attack.
Why use a cyber range?
Cyber ranges offer several uses and advantages for all types of organizations. Whether you’re looking to build an internal team for a large enterprise, want to keep existing security staff on the cutting edge, or are looking to shape future security talent with cybersecurity educational programs, there are numerous benefits to take advantage of.
Hands-on learning in a safe environment
Cyber ranges provide a highly controlled virtual environment in which training can be replicated, reused, and repeated without impact to your live network and systems. After all, you shouldn’t have to reinvent the wheel every time you want to deliver security training.
Using a cyber range means employees can learn how to use new tools and experiment freely without having adverse effects on critical infrastructure. This leads to a better training program, improved cyber skill levels, and the ability to identify team members with the traits of cybersecurity experts.
Beyond this, a good cyber range provides courses mapped to accepted industry frameworks, such as the National Institute of Standards Technology’s (NIST) National Initiative for Cybersecurity Education (NICE) framework. These frameworks help guide education and training efforts to ensure users have certain core competencies essential to a given role. For instance, a vulnerability analyst may take role-based courses to learn more about misconfiguration exploits that would help them identify potential security gaps early.
Frustrated by tedious training processes?
Learn why one cybersecurity-focused non-profit turned to Field Effect’s Cyber Range to transform its cybersecurity training programs.
Collaborate, learn, and grow as a team
Cybersecurity is a collaborative effort. With a cyber range, team members can take their individual skills and put them to use in a team setting. For example, a group of participants are given access to the cyber range, a debrief of the scenario, and a list of objectives to complete within a set amount of time.
Scenarios can be quite elaborate and competitive, sometimes lasting for days. This gives your employees the ability to collaborate and practice as a team so they’re ready when it’s time to respond to an incident.
Carry out complex upgrades or changes safely
Cyber range training is also ideal for mission rehearsal. A cyber range is invaluable for complex upgrades or configuration changes. The mission can be executed in a mock environment as many times as needed before going live on a production server.
In turn, the nature of a cyber range means that you’ll spend less time on the tedious tasks usually associated with cybersecurity training: provisioning environments, setting up scenarios, tearing them down, and recreating them. A good cyber range automates all of that on your behalf.
Practicing on a cyber range environment alleviates the uncertainty of what will happen and reduces the potential downtime a failed operation may incur.
Assess employees and candidates
A cyber range platform can also (and in our opinion, should) be used to train and assess employees and potential hires. When hiring a cybersecurity staff member, certifications are significant, but knowing that they are job-ready and have the hands-on skills necessary for the job matters more.
The cyber range platform you use should provide access to detailed oversight and metrics so you can identify and evaluate who are the ‘can-do’ candidates vs. the ‘can’t-quite-do’ ones.
Who should use a cyber range?
Originally, cyber ranges were used primarily by military and government agencies to simulate the real-world training needed for effective cybersecurity response.
However, cyber ranges are now used by a broad range of businesses and organizations, in part because these platforms are more cost-effective than ever. Education, finance, technology, and government are some of many markets realizing the value of cyber ranges in building highly trained, qualified cybersecurity staff.
How to choose a cyber range
Cyber ranges can vary widely. A group of university students could find a handful of old computers, create a small network, complete with some web servers running vulnerable web apps, and then practice trying to penetrate the applications. This could technically be considered a cyber range, but it has its limitations.
For one, this takes a lot of effort to set up. What’s more, the first person to penetrate the web application, for example, wins. The rest of the participants could possibly learn from the winner’s experience, but they do not get the hands-on experience of doing it themselves.
The good news is that there are key cyber range features and best practices to keep an eye out for. A more sophisticated cyber range may use virtualization and enterprise-level hardware. This would allow for:
- More centralized administration and quick adjustments during training
- Virtual machines to be replicated per participant or per team easily
While this flexibility is a big improvement from the ad-hoc example above, it's still essentially a collection of virtual computers.
So, what really should you be looking for?
Scalability is key. Most cyber ranges take advantage of virtualization technology, providing an orchestration layer that maps complex training environments into networks of virtual machines representative of real world networks. This virtualization makes the platform scalable to account for users, teams, scoring, and metrics.
You want environments that are dynamic and adjustable by moderators at any time. This functionality should be seamless to users and not require administrators, content authors, or instructors to be experts in virtualization platforms.
Sophisticated cyber ranges will provide insightful views depending on the user’s role. For example, instructors or moderators need a central view from their dashboard to monitor participants’ actions and progress. The cyber range should be able to quickly provide a report of how the different employees or candidates scored. Students need to access and view the content easily.
What about cyber range training content?
A good cyber range also ensures the content—scenarios, training, assessments—is reusable and easy to modify continuously. This is how authors, instructors, and facilitators will save the most time and get the best value for their investment.
Cyber range content catalogues cover a wide variety of topics, including:
- Cybersecurity basics
- Digital forensics and malware analysis
- Red team operations
- Packet capture filtering and characterization
- Traffic analysis
- Capture the flag (CTF)
- Penetration testing
- Vulnerability assessments
Yet the best cyber ranges don’t just offer up prepackaged courses—they expand on them and allow you to customize scenarios to meet your exact training needs. The ability to tailor pre-built courses makes it easy for you to refine your training programs to ensure teams have the exact skills, knowledge, and experiences they need.
By reusing content, like a preconfigured network for both the basic and advanced course, a course author can create two courses at a significantly faster pace than if the network had to be redefined from scratch each time.
To create an effective cyber security training program, a cyber range with these capabilities is essential.
If you want to learn more about cyber ranges, their benefits, and their capabilities, check out Field Effect's Cyber Range platform. Or, get in contact with our team to explore how a cyber range fits your needs.