Prevention is always better than a cure. With IT environments continuing to become more and more complex, even the most sophisticated cyber security teams find it hard to fully prepare, and they constantly need tools at their disposal to strengthen their security postures.
Simulation software, while helpful, often doesn’t cut it in reproducing real-world environments and their vulnerabilities. That’s why more enterprises, service providers and defense agencies alike are building cyber ranges that can help detect vulnerabilities and increase security protections for infrastructure and applications.
Cyber ranges give users a scalable, cost-effective platform to recreate real-world threat scenarios for training and system-hardening purposes. Often the challenge of set-up and tear down of these environments can be complex and time-consuming. This is an area where cyber ranges built with cloud sandboxes can allow participants to access self-service environments on-demand, and tweak them appropriately.
A popular cyber range use case with a real-world environment splits trainees into Red Teams to simulate the hackers, and Blue Teams to thwart attacks by defending targeted applications. A third White Team is often included to monitor critical infrastructure components throughout the exercise, including DNS, mail and application servers, along with various tools such as intrusion detection systems and traffic simulators.
Cloud-based sandboxes provide an ideal environment to rapidly provision full-stack, real-world cyber threats for such Red Team-Blue Team exercises. Because these tools can model hardware and software, i.e. physical and virtual elements, along with applications, data, services etc., in the context of the sandboxes, they are more representative of real-world scenarios and offer tremendous flexibility. This approach also allows for better posture management of legacy and often custom “made-to-order” devices that are found in defense agencies.
For example, the federal Defense Information Systems Agency (DISA) – also known as “The IT Combat Support Agency” for the U.S. Department of Defense – actively uses cyber range security techniques. DISA is responsible for sharing information between joint warfighters, national leaders and other partners, so the agency must remain extremely vigilant in how it safeguards IT assets.
It would not be surprising for organizations like DISA to consolidate multiple cyber range data centers into a single private cloud to increase cost savings and efficiencies. For example, such a solution from vendors such as Quali has given DISA the means to offer network security while delivering its MPLS stack at a fraction of the initial cost, according to Ernest McCaleb, ManTech International technical director and chief architect of the DISA cyber range.
On the more commercial and academic side of things, network security software firm Ixia recently partnered with a Chinese university to host a cyber range competition for computer science students in Beijing. Ixia implemented a cyber range orchestration platform that allowed the students to access a catalog of cyber range network topology environments.
In this way, the students could select and reserve a cyber range environment that was the best fit for their contest submissions. An automated provisioning workflow system configured all the components to ensure that every student had the same user experience. The students could then access a panel of automated commands to launch different stages of their cyber range tests.
As businesses increasingly rely on software, mobile and the internet, they are turning to such cyber range models to ensure that their broader teams are properly trained. Universities are using similar solutions with the likes of Quali, Ixia and others giving them the ability to spin-up and tear-down complex environments while having deep visibility into the network and other infrastructure components.
Overcoming the Inherent Challenges of Cyber Ranges
Testing for vulnerabilities in large heterogeneous environments can be a complex undertaking. It should be clear by now that users may face a steep learning curve for tool adoption due to so many different infrastructure components including switches, servers, firewalls and test tools, amid a growing multitude of APIs, GUIs and command line interfaces.
Adopting a cloud sandbox orchestration platform allows teams to operate tools and practice cyber-defense postures without the added difficulty of learning to navigate various software interfaces, command syntaxes and GUIs. Cyber ranges can also be used to perform automated security regression tests, and to streamline live responses to exploits for more effective threat mitigations.
For users to make sense from so much complexity, cyber ranges should provide clear visualization and automation processes through a single pane of glass UI. Such an interface simplifies the user experience by providing graphical views across all cyber range environments.
A complete cyber range solution can also automate the deployment and configuration of all the necessary infrastructure pieces. Cloud sandboxes can replicate the elements for physical networking, storage, servers and test equipment, along with virtual resources, cloud components, tools and applications. In addition, users can even model and provision complex L1, L2 and L3 networking layers.
Rapid blueprint models help manage the entire lifecycle of sandboxes with orchestration for automated setups, provisioning, monitoring, scaling and teardown. In this way, users can snapshot and restore sandbox environments to known states for reproducing specific threat scenarios.
On-demand cyber ranges can be adopted for training by the IT, QA and security teams. Each team can deploy a single tool to manage and automate multiple sites for federated cyber-labs and consolidated data centers. As a result, cyber ranges can help lower the costs of simulated security testing while increasing IT agility and network responsiveness.