How to make cybersecurity training more engaging with cyber ranges
Over the years, cybersecurity training has relied on building capture-the-flag (CTF) challenges for trainees to learn computer hacking skills. The introduction of cyber ranges has greatly advanced cybersecurity training, taking it to a level higher than conventional and traditional training methods.
Cyber ranges not only accurately resemble a real IT environment, but also provide a more challenging and realistic feel to hacking an IT system or network. Cyber ranges also require more technical and calculated approaches when compared to traditional ethical hacking real-world simulations.
In this article, we discuss the benefits of cyber ranges and see how we can make cybersecurity training more engaging by taking the cyber range approach.
Benefits of cyber range solutions
Cyber ranges come with several benefits when compared with traditional cybersecurity training methods. Most of these advantages hinge on the fact that cyber ranges are meant to completely mimic/emulate a real-world working IT environment.
The following are some advantages of implementing cyber ranges within your cybersecurity training environment.
1. Experience real-world threats in a safe environment
When you set up a cyber range, you are aiming to emulate a real-world environment, albeit within a safe network or virtual environment. The importance of setting up a secure environment is so that you may prevent malicious activities from bouncing off the vulnerable network and into your production and working environment. Vulnerable network environments, such as the hosting environment for the cyber range, might be a leverage for malicious hackers who might pivot into the network through the vulnerable environment.
The opposite is also true: your researchers are able to test exploits and vulnerabilities within the secure environment, without causing harm to the production environment. It is therefore important to ensure that the vulnerable environment is properly isolated and separated from the internal network.
2. Learn how to recognize and handle threats
Cyber ranges enable trainees to learn how to detect and handle cyberthreats. The setup allows for the detection and tracking down of a breach to the activities performed within the network. This is especially true for the SoC team, since it allows them to be able to handle threats, and document Indications of Compromise (IoCs).
Cyber ranges are especially relevant in this age of Advanced Persistent Threats (APTs), where malicious actors breach a network and remain persistent within it over an extended period, monitoring and planning a large heist. Research performed within an isolated environment can be thorough and can inform the larger information security community.
When we think of cyber ranges in such a wide scope, we can begin to see why it is important to invest in setting up such an environment.
3. Validate your proof of concepts (PoCs)
Cyber range environments allow researchers to create and validate working PoCs to vulnerabilities. Research into valid PoCs can advance knowledge of the execution of malware and exploits and can inform decisions when the respective vulnerabilities are discovered within the network.
The creation of these PoCs has greatly assisted the information security community in developing tools that can be used to detect malware. These tools are normally used to discover vulnerabilities within IT environments during penetration testing, Red Team assessments and vulnerability discovery exercises. There exists, for instance, an open-source database of PoC exploits, available for researchers to download at ExploitDB.
4. Save your business time and money
Cyber ranges allow your organization to save on time and money by allowing your security researchers to develop mitigations for security vulnerabilities before they can become exploited by malicious hackers.
Another way to look at how cyber ranges can save you time and money is by considering the alternative methods of training. Instead of investing in employee training alone, which costs lots of money and time before employees can be accredited, investing in a good cyber range environment can ensure that researchers or employees are equipped with the latest and best knowledge in information security — while, at the same time, choosing whether or not to go for cybersecurity training.
5. Configure and run on up-to-date virtual environments
One of the most important benefits of setting up cyber range environments is the availability of support from service providers, manufacturers and vendors. The virtual environment is built from various resources such as open-source tools, virtual machine software and other various proprietary software and hardware. These are supported with regular updates for long periods of time. Patches here could account for software glitches, discovered vulnerabilities and even improvements to make for a better experience.
6. Keep your employees and customers trained
Cyber range environments ensure that your customers and employees are well-trained, especially with the latest technologies. Though they are sometimes expensive, it is quite possible to set up your environment to emulate production environments every time an extensive cybersecurity breach is discovered and announced. This can, should and often is done so that you can train your employees and customers on what to do in case they are faced with similar scenarios.
The cyber range environment can very easily be configured to fit any desired simulation of a real-world scenario. This is what makes cyber ranges stand out from traditional cybersecurity training methods.
7. Scale up as you grow
Cyber ranges allow you to scale up as you grow. As seen above, when a vulnerability has been made known by the cybersecurity community, you can set up your environment to fit the scenario.
Say another vulnerability is disclosed; you would then simply need to increment or tweak your cyber range environment to fit the required scenario instead of having to set up a fresh environment. You would only acquire new hardware to support technologies that are currently supported by the environment. Once you are ready to tweak your environment to fit a different scenario, you would simply store away the irrelevant hardware for a different scenario.
This scaling up in terms of hardware capabilities also leads to scaling up of your knowledge based on the discovered vulnerabilities and exploits. This makes security research and training more solid since your customers, employees, students or researchers can search through what was previously documented and apply that into a relevant situation.
In this article, we have discussed some of the benefits of including a cyber range within your IT environment. It is important to note that there are many more benefits that we have not covered!
Nevertheless, we can see that cyber ranges are a much better approach to cybersecurity training when put side by side with traditional cybersecurity training methods. We can be sure that as cybersecurity advances and more people become cyber-aware, cyber ranges will grow in popularity and cybersecurity research will advance.
10 Reasons Cyber Range Simulation Is Vital to Incident Response, SecurityIntelligence
Benefits of a Cloud-Based, Automated Cyber Range, DARKReading
3 Reasons your Bank Needs a Cyber Range, 1st Global Cyber Security Observatory
The Cyber Range: A Guide, NIST
Cyber Range: Who, What, When, Where, How and Why?, Government Technology