Added: Jorge Hilliker - Date: 23.12.2021 09:59 - Views: 43352 - Clicks: 6447
The COVID pandemic has shifted the way we work, and a large variety of teams have either gone virtual or hybrid, working remotely in some capacity, including IT and security teams. In a pandemic or other crisis, security teams that wish to stay sharp and continue to work on their incident response capabilities should consider opting for a virtual cyber range that can offer better resilience and ease of setup without sacrificing training efficacy.
So, how can an enterprise build an effective cyber range? A quick caveat — the majority of organizations coming to us are asking for some on-premise capabilities as they value the in-person experience, but all want to be able to run cyber ranges virtually in case of unforeseen circumstances like pandemics, wildfires or floods.
First, you should ask the following question: What is the right fit for our organization? As with many other security investments, there are different answers for different types of organizations. Universities typically want generic training to introduce students to the world of cybersecurity. But while that might seem rather basic, some schools are inclined to delve deeper, performing specific research, such as behavioral research, to look into ways to enhance their user experience.
To that end, they build more intuitive interactions with incident response or attack forensics. Government entities generally want training for reskilling, cross-skilling and building inter-agency or intra-agency response capabilities across broad teams. Governments also often use cyber ranges to train contractors or to bring people up to speed to advanced levels from scratch, training prospective cyber warfighters. Usually, government training is more technical and focused on espionage or national security risks such as attacks against infrastructure, utilities, government decision-making bodies or key government leaders.
A key part of government training, which is a great tool for other sectors as well, is vendor validation. Cyber ranges can be a useful method of test-driving a cybersecurity product and working directly with the vendor on exercises. Enterprise interests are similar to government interests but focus more intently on protecting business assets and mitigating business risks, such as loss of financial data or personally identifiable information.
For all types of cyber ranges, you will need a of common key attributes. At a minimum, cyber ranges require:. For universities or cost-prohibited projects looking for more generic training, deploying a suite of open-source and free tools and platforms is usually the best course of action. Students typically learn concepts, so products matter less. Instructors are teaching the baseline skills required for security operations center analysis, such as reverse engineering malware or performing basic threat analysis from freely available feeds.
Because Linux and other pieces of common open-source software are freely available and easy to modify, they can also be deed to be hacked and probed for practice. For governments and commercial enterprises, the list grows more specific. These types of organizations are likely using one or two types of SIEM platforms as well as one or two types of firewalls and load balancers. There may be a wider variety of endpoint management and other lower-end security controls in play, but putting too much diversity into a cyber range can needlessly complicate exercises.
Broadly speaking, if an organization knows that it wants to train someone on a specific platform or security tool, it should seek free training s from vendors. Most vendors offer them and are also happy to provide hands-on technical support during exercises. Aside from s, if you are building a dedicated virtual cyber range you will need dedicated expert staff to manage the range.
This can be an IT person but one with a security background. Any time someone from outside of your organization touches the range, the system will later need to be scrubbed to ensure security. We can use it to blow away an entire virtual cyber range, including the content and coursework, security controls in place, networks and virtual assets or endpoints. This is an important consideration because at present there is no single dedicated piece of software that is purpose-built for managing cyber ranges. First, you should run a few shakedown exercises with your IT and security team to ensure that everything is working as planned and to spot obvious issues around user experience, network connectivity and tooling.
This also includes blowing away and restoring the range several times to make sure that functionality is working well before you start scheduling live training sessions. Equally important is the readiness of your content and curriculum. Universities may want to set up for classic cybersecurity problems and attacks, while government and enterprise will need to program more contextually relevant content. If possible, you should add a dynamic content engine that can easily supply new scenarios and up-to-date tactics, techniques and procedures TTPs and threats. Adding this capability will both make exercises more relevant and allow you to do a better job of chaos security engineering.
SafeBreach has a team of researchers that constantly add new content to the platform, drawing on the latest common vulnerabilities and exposures CVEs , often a mere few days after they are reported. This dynamic content is used in the SafeBreach platform for risk-based vulnerability management of the production environment, but we also use SafeBreach to generate customer-, industry- and situation-specific content to populate our cyber ranges.
Dynamic content also helps create progressive curricula that are essential in building on lessons and continually introducing new skills. To guide this process, we help each customer create a learning plan with distinct progressions and goals. The goal-driven theme works best if there are metrics associated with each level and session, and benchmarks are set. For broader crisis response exercises, where business and operations teams are brought in to focus on software skills, such as customer support response, social media management and public relations control, ratings may be more subjective.
We encourage our trainers to set up rough metrics for these exercises for softer skillsets to encourage a similar level of intensity and aim toward improvement. A well-trained instructor will help a group understand when and how they went off the rails and how to improve. Above all, the best cyber ranges instill enthusiasm and joy in learning; the exercises should be challenging but fun, like an excellent video game or escape room.
We believe that in the future every organization above a certain size will have a cyber range. The virtual versions will be cost effective, easy to use and ubiquitous. For now, building a cyber range — either physical or virtual — requires a bit of work. So, you should consider whether you want to build or buy to save time and leverage the experience of security experts that have spent decades on the range. To learn more about building effective preparation and incident response capabilities with a cyber range, check out this site.Looking for cyber fun maybe more
email: [email protected] - phone:(597) 646-5393 x 5208
Discover your hidden talent and start your cybersecurity learning journey with CyberStart America