28 Apr Using an Online Cyber Range to Improve Security
As cybercriminals continue developing new tactics and refining effective attacks, cybersecurity professionals must likewise seek new strategies for enhancing their skills and protecting digital assets. Recently, companies are turning their attention to a new tool, the online cyber range, which can improve security in 7 key ways:
- Facilitating experiential learning
- Identifying skill gaps and vulnerabilities
- Augmenting collaborative team power and engagement
- Allowing for custom deployment
- Field testing proofs of concept
- Maintaining system integrity
- Providing continual professional education credits
Given the pressing need for an increasingly proactive approach to cybersecurity, organizations have begun to appropriate enemy tactics in order to better arm themselves against potential attacks. Similar to penetration testing and ethical (white hat) hacking, online cyber ranges exist within an umbrella of tactical cybersecurity strategies that test company defenses in real time to discover operational weaknesses one step ahead of those who would wish to exploit them.
Read more to understand the role that online cyber ranges play in advancing modern cybersecurity operations.
What Is an Online Cyber Range?
An online cyber range is defined by Aries Security as a “platform that provide[s] hands-on cybersecurity practice to teams of professionals . . . [offering] a secure, legal environment for cybersecurity education, practice, and cyber warfare training.” In other words, cyber ranges are virtual battlegrounds that propel security personnel into scenario-based simulations, preparing them for real cyberattacks.
The operating principle of the cyber arms race affirms that because threats evolve at a constant rate, cybersecurity systems must do the same in order to remain viable. Since their conception, cyber ranges have been used by national strategists, military initiatives, academic institutions, IT researchers, security professionals, private corporations, and security operations centers (SOCs).
Cyber ranges often involve a combination of software and hardware, as well as both material and virtual processes. This enables them to generate simulated environments representative of an organization’s everyday operating system.
Ranges replicate everything from browsers and networks, to third-party applications and running services—mimicking the internet itself. They even simulate basic client activity, wherein fabricated “users” perform activities such as sending emails, watching videos, and engaging in P2P services.
In the age of the coronavirus and working remotely, online cyber ranges play an especially integral role in facilitating the next wave of cybersecurity resilience and skills development, especially during a period where cybercrime is at an unprecedented high. Several prominent Department of Defense (DOD) contractors and working capital fund commands—including the Naval Information Warfare Center (NIWC)—are actively developing cyber ranges and selling capabilities.
How an Online Cyber Range Functions to Improve Security
The benefits of cyber ranges are manifold for both security companies and the clients they serve, because cyber ranges provide both defensive and offensive experience in cyber ops, training and testing. Outlined below are just a few of the many benefits illuminating the vast industry potential that cyber ranges provide.
1. Facilitating Experiential Learning
The cybersecurity industry has historically been inundated by talent crunches. This issue persists today, and the Bureau of Labor Statistics predicts that jobs in the cybersecurity industry are slated to grow a staggering 31% over the next 8 years.
Security jobs often require the sort of hard-earned field experience that online cyber ranges natively provide. This makes their unparalleled experiential learning opportunities the cyber range’s most important professional benefit. Cyber range scenarios arm SOC analysts with enough experience to keep pace with threats that are constantly morphing and metastasizing on a day-to-day basis, preparing the next generation of security experts for digital combat.
Online cyber ranges can (and should) be used multiple times, ensuring that teams stay in alignment with new security developments and effective countermanuevers. Most cyber range scenarios are continuously randomized and updated, thus giving the technology high replay value. This is a stark contrast to one-off training sessions and informational courses offered elsewhere on the market.
In this regard, cyber ranges represent the actualization of risk management framework best practices, such as understanding operational goals, embracing the process as continuous, and accepting that the digital landscape is ever-evolving.
Similar to combating real security breaches, cyber ranges force teams to exercise critical thinking skills and technical resilience in high-pressure situations. But because the “imminent threats” are artificial, teams are able to benefit from their mistakes as learning opportunities, rather than failures resulting in dire material consequences.
2. Identifying Skill Gaps and Vulnerabilities
For all those in the Information Technology Engineering Support Services (ITESS) industry, vulnerability assessment constitutes the crux of most tactical IT solutions. Through the repeated usage of a cyber range, skill gaps and system vulnerabilities begin to present themselves and coalesce over time.
Many online cyber ranges offer session replay, user screen access, and recorded commands. These features make it possible for administrators or third-party moderators to collect and flag data, enabling them to provide specific feedback for individuals or for deployed units as a whole.
Through comprehensive reporting metrics and real-time results, teams will understand where their efforts were subdued or thwarted by opposing forces, thus generating a curriculum for improvement. Ideally, with custom cyber range systems replicating internal environments, users may also discover potential weaknesses within the operating ecosystem itself. The enterprise architecture (EA) in its entirety is laid open for evaluation at proper scale.
3. Augmenting Collaborative Team Power and Engagement
Unlike run-of-the-mill training sessions, online cyber ranges can be genuinely thrilling due to their astute gamification. The most noted cyber range case study lies within one of its first-ever implementations: the inaugural Michigan Cyber Range Initiative.
During the initiative, a virtual city known as Alphaville was subjected to a large-scale cyberattack. Security professionals on the Blue Team and Red Team were pitted against one another in a contrived high-pressure arms race. The Red Team made use of black-hat tactics such as SQL injection and cross-site scripting to compromise Alphaville’s infrastructure. Meanwhile, the Blue Team mobilized as incident responders protecting the city’s valuable IT resources.
For all involved participants, online cyber ranges and training exercises such as this aim to sharpen teamwork and communication abilities. They push teams to translate digital defense skills from the realm of individual expertise into a cohesive, collaborative effort. This model fortifies an understanding of modern cyberdefense as a communal bastion against rogue intruders and threats.
4. Allowing for Custom Deployment
Custom deployment options have further improved the overall utility of cyber ranges since their introduction into the mainstream. With advanced training models across an array of IT disciplines, clients are empowered to participate in curriculums that evaluate for definitive performance criteria or simulate specific attacks. Contracted cyber ranges often manipulate their target environments to involve the same elements, applications, and tools that an organization uses on a daily basis, ultimately providing more relevant scenarios for their users.
Advanced ranges may also offer customization for sophistication, scale, bandwidth, elasticity, and realism. Clients may provide real information to cyber range providers—from endpoint software and IP addresses, to routing information and enterprise network configuration—in order to generate accurate replications and scenarios during team exercises. Custom deployment provides the framework for complex and demanding cyber mission force training.
5. Field Testing Proofs of Concept
Online cyber range environments provide the perfect conditions for beta testing new services, strategies, or technologies that combat cybercrime. They’re also incredibly useful for gathering information and feedback during the development process. Whereas traditional concept testing must reckon with scalability limitations and a lack of external interface testing, cyber ranges allow for greater flexibility.
Proofs of concept put to the test on a cyber range allow security and software development professionals to identify viable new ideas quickly and cost effectively. These ideas may then be tailored and improved through repeated active implementation before companies invest valuable resources into the prototyping process. Cyber ranges provide isolated networks for concept risks to play themselves out before exposing real channels to programmatic insecurities.
6. Maintaining System Integrity
Because online cyber ranges run on platforms that are programmed to be entirely autonomous and separate from normal operating systems and internal networks, they are safe (and completely legal) to implement and experiment with in both public and private sectors. It’s entirely possible to connect contractor labs with cyber ranges (regardless of their overall classification), because the security levels within range architecture are firmly segmented by closed-loop overlays.
7. Providing Continual Professional Education Credits
Certain cybersecurity certifications require that working personnel continue to accrue continual professional education credits (CPEs). Many cyber range vendors enable participating organizations to award CPE credits to staff members who demonstrate “ongoing competency,” adding further utility to this training methodology.
Comparing Physical and Online Cyber Range Models
Today, there are two main delivery models for organizations looking to use a cyber range. Compare the respective offerings of ranges as a service versus internally developed labs.
Cyber Ranges As a Service
Cyber ranges as a service are available through external providers that can be contracted by interested third-party organizations. Range services may be online (accessed remotely) or physical (wherein clients travel to specially outfitted facilities for range sessions). This model provides two main types of curricula:
Within a pre-packaged curriculum, gamification modes are more simplistic, as training packages are programmed with specific pathways from beginning to end. While generalization affords a pre-packaged curriculum with a high degree of accessibility, it also makes it less customizable.
Ad Hoc Curriculum
An ad hoc curriculum involves much more specificity than its counterpart. Providers may customize scenario pathways and situations for their clients, allowing for more experimental and integrated simulations that may increase the overall utility of cyber range training.
Organizations may choose to internally develop their own ranges as well. While these ranges are markedly more expensive, they’re far more customizable for specific needs or data sets, and they bestow organizations with total control over generated content. They necessitate high bandwidths, virtualization layers (to decrease hardware footprints), and private cloud architecture.
Join Us on the Cutting Edge of Cybersecurity
Here at Sentient Digital, Inc., we’re proud to employ knowledgeable, innovative, and talented security professionals who are dedicated to our mission of making the digital landscape a place of greater integrity and resilience. Our team has countless hours of valuable experience in implementing cutting-edge technology solutions before and after the unexpected occurs.