Is your team trained for the next cyber threat?
A shortage of skilled cyber security professionals, coupled with cybercrime tactics that are becoming more sophisticated, frequent, and damaging, have put cyber ranges into the spotlight.
Used by military and government agencies to simulate the real-world training needed for effective cyber security response, cyber ranges are now becoming critical tools for a broader range of businesses and organizations. Education, finance, technology, government and other markets, are among those realizing the value of cyber ranges in building highly-trained, qualified cyber security staff.
How do you train cyber security skills?
Cyber security skills can’t be taught overnight. This specialized level of expertise requires time in the cyber trenches – monitoring, analyzing new or potential threats, vulnerabilities and other incidents that could threaten networks and users. In many cases, teams are learning their trade on the job as incidents occur and then evaluating the quality of response or how the incident could have been prevented, after the fact. By this time, it is too late to avoid damage, resulting in extensive recovery efforts.
Progressive teams are approaching cyber training with a focus on hands-on learning. Nothing sticks in the brain more than hands-on keyboard experience in a safe, non-production environment.
The challenge is creating and running realistic training programs that train, test and evaluate response to cyber threats without requiring considerable resources and time. The training should also be easily repeated, modified, reused, and scaled to fit changing needs. You can imagine the complexities. Without the right tools, the project can become prohibitive for many organizations.
Cyber ranges solve for this.
What is a cyber range?
At its core, a cyber range is a collection of hardware or software that simulates an organization’s network, systems, and even traffic and services, in a safe and controlled virtual environment for cyber security training or technology development. Within this simulated ‘test’ environment, the elements – the network, system, applications, web browsers, webpages, email – are being acted upon to create real-world scenarios. The advantage of this type of controlled environment is the training can be replicated, reused, and repeated, without impact to your network and systems.
What is a cyber range used for?
Cyber ranges offer a number of uses and advantages. Employees can learn how to use new tools, try new methods, experiment more freely and not be afraid of having adverse effects on your critical infrastructure. You can dramatically up-level your training program, improve cyber skill levels, and quickly identify team members that have the natural traits of cyber security experts.
The most common use is scenario training. For example, a group of participants are given access to the cyber range, a debrief of the scenario, and a list of objectives to complete within a set amount of time. Scenarios can be quite elaborate and competitive, sometimes lasting for days.
Cyber ranges are also ideal for mission rehearsal. A cyber range is invaluable for complex upgrades or configuration changes. The mission can be executed in a mock environment as many times as needed before going live on a production server. Using a cyber range for practice alleviates the uncertainty of what will happen and reduces the potential downtime a failed operation may incur.
However, a cyber range can (and in our opinion, should) be used to train and assess employees and potential ones. Using a cyber range, you don’t have to expose employees to core, critical infrastructure. The cyber range should provide access to oversight and metrics so you can identify and evaluate who are the ‘can-do’ candidates vs. the ‘can’t-quite-do’ ones.
How do you choose the best cyber range for your needs?
Cyber ranges can vary widely. For example, a group of university students could scrounge up a hand-full of old computers, create a small network, complete with some web servers running vulnerable web apps, and then practice trying to penetrate the applications. This technically could be considered a cyber range.
This type of cyber range is easy to reproduce. However, this is a lot of work to get set up, and becomes very limited, very fast. In the previous example, the first person to penetrate the web application wins. The rest of the participants can possibly learn from the winner’s experience, but they do not get the hands-on experience of doing it themselves.
A more sophisticated cyber range will take advantage of virtualization and enterprise-level hardware. This allows for more centralized administration and quick adjustments during the exercise or training. It also allows for the virtual machine to be replicated per participant or per team with minimal effort. Any host can be reset back to its starting state, or potentially fast-forwarded to a known snapshot if a single participant starts to fall too far behind. This level of flexibility is a big improvement on the ad-hoc example, but this is still just a collection of virtual computers.
Better yet, an effective cyber range has the advantages of virtualization technology and virtual machines that make the cyber range intuitive enough to adjust and account for users, teams, scoring, and metrics. The environments should be dynamic and adjustable by moderators at any time. This functionality should be seamless to users and not require administrators, content authors or instructors to be experts in virtualization platforms. Sophisticated cyber ranges will provide insightful views depending on the user’s role. For example, instructors or moderators need a central view from their dashboard to monitor participants’ actions and progress. Supervisors need a report of how the different employees or candidates scored. Students need to access and view the content easily.
A good cyber range also ensures the content – scenarios, training, assessments – is reusable and easy to modify again and again. This is how authors, instructors, and facilitators will save the most time and get the best value for the investment. By reusing content, like a preconfigured network for both the basic and advanced course, a course author can create two courses at a significantly faster pace than if the network had to be redefined from scratch each time. It is how a team can practice an operation repeatedly with the click of a button.
To create an effective cyber security training program, a cyber range with these capabilities is essential.
In our next blog, we will take a closer look at the elements and associated costs for effective cyber range training. To get a better sense of the capabilities of a cyber range, contact firstname.lastname@example.org for a demonstration of our Cyber Range platform.