Cyber ranges

Best cyber ranges for cybersecurity professionals and teams

February 15, 2021 by Patrick Mallory

According to one count, there are 3.5 million unfilled cybersecurity jobs across the country. Solving the skills shortage in a time of growing cyber threats is one of the top priorities for chief information officers. Add to the challenge the fact that most positions required advanced skills and on-the-job experience, and it is obvious why more and more organizations are leaning on cyber ranges as a way to overcome the growing deficit and prepare for the threats of tomorrow. 

A cyber range is a virtualized and controlled environment that organizations can use to simulate situations that security professionals would see on the job. Cyber ranges can also be used for cyber training and software testing thanks to the ability to utilize high-fidelity simulators and network emulation. 

While an organization can host their own cyber range on their own infrastructure, management of the various software, hardware and network components can be difficult and time-intensive, especially when attempting to replicate forensics, hacking, incident response, mobile device and threat-hunting scenarios. 

This is why more and more organizations are offering their own cyber ranges to public and private sector users, and even students looking to supplement their formal training. But with a lot of cyber range providers on the market, it can be hard to decide which are the best and have the features to fit your needs.

This article highlights some of the best cyber ranges out there to help you make the right decision for cybersecurity professionals and their teams.

Round-up of top cyber ranges

Here are seven of the most established, diverse and robust cyber ranges out in the marketplace.

Infosec Skills Cyber Range

Organizations and professionals already come to Infosec for their award-winning training, content and industry news, but Infosec also has a powerful cyber range designed to handle the demands and needs of experts and beginners alike. Their software-based platform is available anywhere in the world, anytime with the click of a button with no maintenance or overhead on your organization to worry about.

Infosec Skills has live, instructor-led training, capture-the-flag events, and over a hundred on-demand domain-specific learning situations established, each paired with on-hands practice labs and scenarios inspired by real-world situations. 

New trainings and labs are added each month. Some of those available include:

  • Analyzing network traffic using Wireshark, NetworkMiner and VirusTotal
  • Identifying code vulnerabilities in languages such as PHP, Python and C++
  • Investigating watering-hole attacks, SQL injection and other potential incidents
  • Performing a penetration test — from reconnaissance to exploitation to reporting

Your team can also build, share and maintain their own custom configurations from the available virtual machines to replicate your own environment or build scenario-specific networks that meet your training needs.

Cloud Range

Cloud Range focuses on providing material perfect for advanced security teams, including incident detection response and remediation training exercises. Cloud Range also offers the ability to customizable the network environment to meet a particular training goal using the same real tools from the world’s leading software, hardware and technology manufacturers on a secure, real virtual enterprise network.

The Raytheon Cyber Operations, Development and Evaluation (CODE) Center

Raytheon’s Cyber Operations, Development and Evaluation (CODE) Center offers a state-of-the-art cyber range that has been in operation since 2011. The CODE Center is used to help organizations test existing and future enterprise systems against cyberattacks, evaluate new tools and techniques and provide professional cyber training. 

Initially a proving ground for federal government cyber professionals, the cyber range is now set up to be a realistic cyber range for a host of exercises, including SCADA, industrial control systems, air traffic control, water supplies and security operations centers. The CODE Center is also able to connect and collaborate with other Raytheon cyber and research centers around the world. 

The United States Cyber Range

The U.S. Cyber Range is a service center of Virginia Tech in Blacksburg, Virginia. It offers a scalable, cloud-hosted infrastructure created to help instructors and students with the virtual environments they need to supplement their coursework or professionals to fulfill their professional training needs. The U.S. Cyber Range also offers its own realistic, hands-on labs, training, and exercises covering over 125,000 virtual machines, able to support users across the country.

RangeForce

RangeForce’s scalable cloud-based platform provides hands-on simulation training for cybersecurity professionals, as well as skills-based assessments to assist with role-specific development. Organizations can create red and blue teams, assign users and apply the different labs, training and modules to each team or user as needed to help build retention and increase applicability to their everyday jobs. Role-specific topics include SOC analyst, threat hunter, web application security, engineering and more. 

RangeForce’s cyber range also offers additional features, such as a virtual teaching assistant, automated attack bots and comprehensive reports.

Accenture Security Industrial Control Systems (ICS) Cyber Range

For cybersecurity professionals looking for a highly specialized industrial control systems cyber range experience, Accenture’s Security Industrial Control Systems (ICS) Cyber Range in Houston, Texas is a powerful option. 

The Accenture ICS Cyber Range gives cybersecurity professionals at oil and gas companies the ability to test and replicate the responses of industrial control system processes and tools against sophisticated attacks against their unique environments. Organizations can also test potential changes to their operational technology or practice threat response exercises in a risk-free setting so they can continuously train to identify, respond and repel a real attack.

The X-Force Command Cyber Tactical Operations Center

For a unique cyber range option that can literally come to you, IBM’s X-Force Command Cyber Tactical Operations Center (C-TOC) is the industry’s first mobile cyber range with “23 tons of cyber capabilities on wheels.” The C-TOC can be configured to replicate breach scenarios, deliver cyber skills training, offer incident response evaluation or provide a platform for red teaming and capture-the-flag competitions. 

In addition to the C-TOC, IBM also has several command centers around the world that can offer customizable scenarios, workshops, security team challenges and role or organization-specific training. 

Wrap-up

No matter where your organization’s maturity level is when it comes to cybersecurity, there is a cyber range out there to meet your training, system evaluation and infrastructure testing needs. From getting new hires up to speed quickly to testing your teams so they are prepared to stay calm and act in the face of a real cyberattack and providing new opportunities to grow and reward your experienced professionals, cyber ranges can offer all of these benefits and more. 

Sources

Cybersecurity workforce skills gap rises to over 4 million, Help Net Security

Posted: February 15, 2021
Articles Author
Patrick Mallory
View Profile

Patrick’s background includes cyber risk services consulting experience with Deloitte Consulting and time as an Assistant IT Director for the City of Raleigh. Patrick also has earned the OSCP, CISSP, CISM, and Security+ certifications, holds Master's Degrees in Information Security and Public Management from Carnegie Mellon University, and assists with graduate level teaching in an information security program. Patrick enjoys staying on top of the latest in IT and cybersecurity news and sharing these updates to help others reach their business and public service goals.

Leave a Reply

Your email address will not be published. Required fields are marked *