Cyber ranges

On-premises vs. cloud-based cyber ranges: Why virtual learning environments are best

Graeme Messina
October 8, 2020 by
Graeme Messina

Introduction

Most companies have been struggling with making decisions about infrastructure. Cloud or on-premises? Cyber ranges are not immune to this kind of decision-making when it comes to planning and deciding on which path to take. Each approach has its own benefits, drawbacks, pros and cons.

If you are thinking of involving your cybersecurity team in some comprehensive training and practical exercises then you need to know the different kinds of cyber ranges and the different ways that they are set up. What is the difference between an on-premises solution or a cloud-based cyber range? What is a remote virtualization solution?

To answer this and more, we have compiled some interesting facts that will help you to make the decision about which one suits you best.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Types of cyber ranges compared

In order to properly compare the different types of cyber ranges, we should look at some terminology. On-premises solutions are generally integrated into your local hardware pool, either through virtual servers or physical ones. Cloud-based solutions are hosted on an external provider’s cloud platform and are accessible through the internet.

On-premises

On-premises is the traditional approach that most companies would take when wanting to create a cybersecurity training environment for their employees. This is primarily because the companies that use this type of training would already have quite an extensive hardware pool to install these environments onto.

On-premises solutions are seen by many as a legacy approach to cybersecurity training. Part of this is due to the costs involved with keeping a system such as this running properly and delivering relevant training. The amount of time and effort that is required for such a testing environment to be effective is not trivial. This means that you will generally find that more than one person will spend a lot of time making sure that there are meaningful and effective cyber ranges available for staff.

Cloud-based solution

Cloud-based solutions have become a popular way for companies to give their employees safe, secure and up-to-date cybersecurity training tools. Using a cloud-based solution also means that there is a better spread of different training scenarios to train on. They are updated more often and have more people working on them to produce fresh content.

There is also less maintenance involved in the day-to-day running of these systems. Auto-allocation of resources like virtual machines and switches is done on the fly, making it much easier.

Remote virtualization solutions

Remote virtualization can apply to both on-premises cyber ranges as well as cloud-based ones. If your network accepts remote connections to your virtualization platform, then you can accept your user’s logins remotely. 

This is a workable in-between solution because it offers the flexibility of remote access, but it lacks the convenience of cloud-based delivery while still requiring your organization to foot the bill for hardware, software and bandwidth.

What type of cyber range has the most hardware and software requirements?

Unsurprisingly, it is the on-premises solution that encumbers the organization the most. This is in terms of hardware, software and connectivity. This is because the company that decides to host their cyber ranges locally on-premises will find that they need to provide both the platform on which the virtual cyber range computers will run and the software and licenses for any of the applications or software that is run for the cyber range training. If a customized solution is necessary instead of an off-the-shelf product, additional development resources will need to be added onto the cost of the cyber range.

You also need to think about maintaining this equipment in order to allow it to run effectively enough for your students to have a smooth experience. If you are using software that requires a license, then you may need to renew it at certain intervals. Other software models are offered on a month-to-month basis which means that you will always be paying something towards running your cyber range.

What type of cyber range is most accessible?

Cloud-based cyber ranges offer a highly accessible means to get hands on experience with some of the most cutting-edge training techniques, the newest reports and methods for dealing with malware and much more. All that you need is an internet connection. Most cloud-based cyber ranges are accessible from within an internet browser, so no specialized software is needed. Simply log into the website with your credentials, find the cyber range that you are interested in and get started. Each of the different training modules can be accessed by simply clicking on them and following the on-screen instructions.

If the initial scope of your cloud-based cyber range just isn’t enough to keep up with the demand of your users, then you can simply allocate more resources to your environment. If accessibility is an option then items like virtual machines, virtual network switches and almost anything else that you would need to conduct a successful cyber range can be spun up on the fly and automatically. You simply pay for what you use.

What type of cyber range is most sophisticated?

In terms of content sophistication then cloud-based cyber ranges are the winners, hands down. There are many reasons for this, but the main one is that an environment that is maintained on a highly configurable, well connected system. Cloud-based systems are updated often and patched on the back end, keeping the environment secure.

On the front end, the people responsible for maintaining cyber ranges add the latest techniques, tutorials and exercises for your teams. These exercises can range from basics like Linux file system navigation to advanced malware analysis through memory dump analysis. The scope of what you can learn by participating in a cyber range is very wide.

The sophistication of a cyber range setup comes from the backend setup too. The software-defined network architecture present in all cloud-based platforms allows for the cyber range creators to create realistic network environments for you to run through your exercises in.

Automation plays a big role on cloud-based cyber ranges too. Every time a course is completed and a test machine needs to be rebuilt, an automated script takes care of everything. The same is true when a new virtual machine needs to be spun up for a new student. An automated process runs through the architecture on the backend and delivers a login to the user without anybody needing to do any manual configuration. When you scale this across multiple sessions from many different companies, then you can see just how sophisticated the systems really are.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Conclusion

Every learning solution is different, and when we look at the sophisticated world of cyber ranges, it seems all the more complicated. 

Now that we have delved a little deeper into the whole process, we know that automation plays a significant role in on the back end of these systems, which eases the day-to-day burden and operational requirements of running such a cloud-based cyber range. On-premises is no longer the only option for cyber ranges, and as additional technologies are developed, there will be many more remote virtualization solutions.

Graeme Messina
Graeme Messina

Graeme is an IT professional with a special interest in computer forensics and computer security. When not building networks and researching the latest developments in network security, he can be found writing technical articles and blog posts at InfoSec Resources and elsewhere.