29.10.2019 What is the true cost of a cyber range?

by Noel Murphy

In contrast to online courses and classroom training, cyber ranges provide the practical hands-on learning that ensures IT teams are prepared for the next cyber security threat. By training your team to respond to real-world incidents and scenarios, you can reduce the damage, expense, and downtime from cyber attacks. 

Using cyber range solutions is often the only way to ensure ultimate readiness.  You can customize and stage training based on your IT environment. Or modify scenarios, re-train, and repeat training continuously.

Budgeting for cyber range solutions: What you need to know

Getting the green light to put a cyber range in place indicates your organization is well ahead of the pack. Whether you’re building an in-house cyber range solution or purchasing something out of the box, a good understanding of all of the elements needed and the costs is the right place to start.

What are the cost components of cyber ranges?

The platform

    • The cyber range platform, often considered the only significant cost, is just one element of the solution and can vary wildly depending on your choice.  Options and customizations can also cause large swings in prices. 

For example, do you plan on hosting the platform or relying on another provider for hosting? What are your training or testing needs?  Are you doing classroom or team-based training? Do you need the cyber range to provision a test environment before deploying products to a live environment?

All of these factors will help you determine the functionality you will need in a platform.

The hardware

    • The hardware required to run a cyber range can represent at least 60% of your total costs, depending on whether you run this using an on-premise or online platform, and how you plan to scale it for your needs in the future.

You need to consider enough resources to accommodate all the virtual machines used by different team members at the same time. What about courses or training that your team may be doing on their own time? Do you plan to schedule usage so the hardware can be used in the off-time for something else?

You may think the training scenarios you’re running are very simple, yet, if you introduce any complexity – more participants, new elements  – hardware could be a large expense.

The software

    • The software used in cyber ranges, often overlooked, represents one more expense.  Licensing for software used in the scenario or training materials isn’t free. You can get away with some trial licenses, but eventually that becomes hard to maintain or may not deliver the realism you need. For example, you can’t create a Windows domain with trial versions and how do you stage a realistic Windows environment without a domain? You can use Linux and other open source tools like Kali for teaching concepts, but if your team uses something else in their day job, this isn’t a good way to train.

The human resources

    • Cyber range solutions require people power to develop and maintain the content and this adds another cost. You can usually purchase some content with your cyber range platform. This may include ‘as is’ options for generic scenarios and training material, or add-ons for customizations.

You can also create the content yourself and tailor it to your environment. However, it means that someone on your team is now developing content instead of their day job and may not be learning anything new from your platform purchase.  Either way, the content isn’t free and comes at a cost.

The system administrators

    • Maintaining your cyber range is often a smaller line item but important to consider. This is usually included in the solution and may be hosted by the provider.  If it’s an on-premise deployment, your IT team may be able to administer the cyber range, but if you plan to deliver the training on a regular basis, this may not be a scalable option. You may eventually need a team member dedicated to maintaining and managing all the elements of the cyber range solution.

One-time cyber range training vs pay-as-you-go solutions

 As you can imagine, with all of the different cyber range components, costs can escalate quickly.  With budget in mind, two options to consider are running a one-time training event or choosing a pay-as-you-go solution. 

For example, you can use your entire budget to stage a one-time training event where a solution provider creates the scenario, stands up all the hardware, manages licensing, and runs the platform during the event. Some can even supply the red-team for a good defense.

This may look like a comprehensive option but it only delivers the experience of a specific scenario, is challenging to train all team members at one time, and doesn’t leave you options for ongoing training.

The second option is to find a solution that fits within your budget and scales with your needs. Some solutions are flexible enough to enable you to start small and pay a per-seat license on content. This pay-what-you-use model will allow you to evaluate the different members of the team individually or as a group, target your training as needed using on-demand content, and eventually modify or create your own content as needed.

Getting started

Choosing the best cyber range solution for your budget requires a good understanding of your training needs, all of the elements required in a cyber range, and careful evaluation of the solutions available.

To get a better sense of the capabilities of a cyber range, contact hello@fieldeffect.com for a demonstration of our Cyber Range platform.

 

 

Request Demo

Fill out the form and we will send you details about our demo.

 

Send Us A Message

Fill out the form and we will get back to you!

 

Think you are ready?

We are always on the look-out for amazing people. Think you are one of them? Complete the form here!

  • Accepted file types: pdf, jpg, png, doc, docx.

Solutions

Field Effect’s experience has taught us that every organization is different – different workflows, different personnel and different threats.

Products

We believe in modularity, simplicity and effectiveness. Our expert developers have lived the challenges you want solved. Build and operate more secure and resilient networks with Field Effect Software.

Company

We are proven leaders in the development of network application solutions, low level systems development, and cyber security analytics.

Partners

Partner with Field Effect and gain the cyber security solutions, services, and support to secure your customer’s operations, drive client success, and realize profits.

Careers

We’re always looking for highly-skilled security and engineering professionals to join our team…

Contact

Field Effect Software helps strengthen the IT security operations of organizations large and small. We understand that different organizations face different challenges, and we’re incomparably qualified to match the perfect solution to your unique challenges. Drop us a line, we’d love to help.