Getting your Trinity Audio player ready...
|
One of the biggest mistakes you can make with your cybersecurity is to treat it like a project with a clear endpoint. It’s not. In today’s threat landscape, security is an ongoing commitment — you and your team need to constantly be evolving.
Fail to do that, and you might as well just paint a target on your back for threat actors.
Aside from working with modern, agile security vendors, the best way to make sure you’re keeping pace is through regular testing and training. That way, you’ll know whether your defenses can protect you against the latest threats. More importantly, you’ll know if your people are ready to respond to those threats.
Trouble is, you can’t exactly release malware into your ecosystem or crash your network with a DDOS attack. The point of cybersecurity simulation training, after all, is to avoid disruption. It sort of defeats the purpose of the entire initiative if you crash the network yourself.
Instead, you should use a cyber range platform. That way, you’ll be able to run live-fire simulations that actually test your defenses. And if those defenses aren’t up to snuff, you can figure out why without having to worry about your ecosystem collapsing in on itself.
Let’s go over the best way to use a cyber range for testing and training, starting with a quick overview of the technology.
A cyber range is a complex virtual environment that can be used to simulate any number of different real-world scenarios. Live-fire simulations are just one of several use cases for the technology, which include training and onboarding, professional development, compliance management, and testing new configurations or optimizations. This makes cyber range simulations invaluable for both your security team and your larger IT department.
Per IBM, a cyber range usually consists of the following technical components:
You’ve probably guessed, based on the description above, that cyber ranges come in a few different flavors. That’s because, like virtualization, cyber range technology is a whole lot older than you might expect. They also weren’t originally created for cybersecurity — they were actually first used for training in the United States Air Force.
Generally, a modern cyber range will come in one of the following forms:
Also known as a simulation range, virtual ranges create a closed, artificial network environment that functions identically to real-world infrastructure. While they tend to require a great deal of configuration when they’re first deployed, virtual ranges are relatively simple to maintain and use. As you might expect, they tend to be heavily impacted by network performance, so you’ll want to make sure you’ve got enough bandwidth to avoid jitter and lag.
An overlay range essentially runs on top of your existing infrastructure, meaning it’s able to interact with network devices and endpoints. While this allows you to run incredibly realistic simulations and directly test your defenses against social engineering, overlay ranges aren’t really suitable for most live-fire exercises. If you infect an overlay range with malware, for instance, it has the potential to spread to your actual network.
An emulation range provides by far the most realistic testbed, being an exact physical mirror of your real-world network, albeit completely isolated from your systems, people, and assets. Unfortunately, emulation ranges require immense upfront investment and highly specialized equipment. As a result, they’re usually way outside the price range of most businesses.
A hybrid range combines two or more of the above. You might, for example, use an overlay range for the network intrusion portion of a live fire exercise before moving to a virtual range to test your ransomware response. Just bear in mind that hybrid ranges tend to be fairly complex to manage and maintain, so operating one could be challenging without a ton of in-house expertise.
Now that we’ve gone over the basics of cyber range technology, let’s talk about what’s involved in actually using a cyber range.
First things first, you’ll want to find a third-party vendor to work with you, both to develop your cyber range platform and to run your simulations. While you can technically handle everything in-house if you have the expertise, we wouldn’t recommend it. One of the reasons for live-fire and red team exercises is to identify blind spots in your security — you aren’t likely to do that without a fresh pair of eyes.
Next, you’ll want to think about what sort of threats you’re facing, and more importantly, what assets you’re trying to protect. If you’re a financial services organization, for example, threat actors are probably going to be after financial data. A technology startup, meanwhile, has valuable intellectual property that someone might want to co-opt as their own.
Once you’ve figured out your threat landscape and risk profile, the next step is to set up your cyber range. If you have the time and resources to do so, it’s very worthwhile to deploy one in-house. Otherwise, you can ask the security vendor you’re working with if they have a cyber range or know of any businesses that do.
The primary objective of deploying a cyber range is pretty obvious: You want to improve your security posture. But that’s neither measurable nor specific. It also doesn’t provide any details on how you’re meant to achieve that.
You’re going to need to be a lot more specific. Each cyber range exercise should be developed with a specific goal in mind. For instance:
If you’re having trouble figuring out where to start, the National Institute of Standards and Technology (NIST) has developed the National Initiative for Cybersecurity Education (NICE) framework.
Finally, prior to running any live-fire simulations, you’ll want to give your team time to and prepare. Make sure they know exactly what sorts of threats they’ll be facing, and provide them with any study materials they might need. This might include:
Alright. You’ve got your cyber range platform ready to go, and you’ve prepared your live-fire exercises. You have a red team and a blue team standing by, and all that’s left is to get the ball rolling.
You’ll want to keep a few things in mind, though:
By now, you should have a pretty good idea of what’s involved in running a successful cyber range simulation. But maybe you aren’t quite sold on why you should use a cyber range. If so, check out 8 Major Benefits of Cyber Range Platforms. Meanwhile, if you’re trying to figure out what cyber range platform your business should use, have a look at The 5 Best Cyber Range Training Solutions in 2024.