Cyber Range

How to pick the best cyber range for your cybersecurity training needs and budget

October 7, 2020 by Patrick Mallory

Introduction

Whether your organization is tired of being held back by the cybersecurity workforce skills gap or your management team has watched the worst that a cyberattack could do to a peer organization, the time has come to do something about it. One of the best decisions your organization can make is to explore how a cyber range can take your cybersecurity team to the next level, while also preparing them for the cyberthreats of tomorrow. 

A cyber range is a virtual, controlled environment that organizations can use for cyber training and software testing, using high-fidelity simulators and network emulation. Cyber ranges are perfect for allowing professionals to practice handling specific real-world scenarios and training employees without fear of impacts to production systems.

But with so many options available in this rapidly growing marketplace, how does your team find the right type of cyber range to fit your needs without breaking the budget? 

This article will explore a few of the key questions and considerations to help your organization make the right decision.

Identify cyber range needs: Does your cybersecurity team have a skill gap?

Does your team have critical cybersecurity positions vacant? Are too many responsibilities put on the shoulders of too few people? Is your team worried about continuity or cross-training? If these are common questions, your team is not alone; over 65 percent of organizations around the world are reporting a shortage of cybersecurity staff while about 36 percent report a lack of key skills among cybersecurity personnel being a top organizational concern.

As the digital economy continues and more and more work and entertainment is occurring online, the demand for workers with these already-limited cybersecurity skills is only going to rise. This crunch in demand for key skills is complicated by the need for personnel who have tool- or network-specific cybersecurity skills and experience. 

Cyber ranges are the answer. One of the most effective ways to onboard new employees, cross-train existing staff and provide your current cybersecurity professionals with industry-leading opportunities for continuing professional development — while also working on your own organization’s cybersecurity workforce gap — is through the high-fidelity simulations that cyber ranges can facilitate.

Courses and training environments can present staff with foundational work in networking, programming, system administration, threat detection and incident remediation. More custom virtual environments can be made to test more advanced skills, industry-based scenarios (e.g., industrial control systems) or even provide a forum to evaluate new products.

Identify cyber range technical requirements: On-premises vs. cloud-based solution vs. remote virtualization solutions

Much like the rest of the information technology field, organizations also need to decide which platform is best to host their cyber range: on-premises, cloud-based or remote virtualization solutions. Each implementation model has its pros and cons that each organization must weigh.

On-premises

Organizations often choose on-premise cyber ranges because of the ability to customize their environment exactly as they choose. On-premise implementations also give organizations the ability to segment their training environment from other organizations that may be sharing an existing public or private cloud environment’s infrastructure. Combined, these benefits allow organizations to deliver a very specific cyber range experience for their staff, with control over the tools, software and equipment in place. 

However, establishing and managing an on-premise cyber range also comes with the complexities of having to architect and manage the physical space where it is hosted, as well as managing user access and account privileges, the virtual environment itself and the training and simulations that employees experience. Similarly, cloud-based providers today are able to securely customize and segment environments, keeping proprietary information safe and overcoming this hurdle. 

Over time, these efforts can be time-consuming, costly and complex, especially if implementation requires the participation of staff that likely already have many competing demands for their time.

Cloud-based

As with other IT solutions, much of the world is going to the cloud. The same can apply for cyber ranges. The cloud provides flexible, easily reconfigurable, and cost-effective infrastructure that can provide an isolated, safe and controlled environment that is also easily scalable, based on training needs and budget. Additionally, as cloud-based environments are often managed by third-party providers, cyber ranges hosted in the cloud can offer more predictable costs while implementation and maintenance costs are left to the vendor as part of the service fees. 

Finally, your organization can leverage existing training designed by experienced professionals or create custom-training that meets your organization’s training needs, further helping to minimize the potential costs of utilizing cyber ranges. 

Understand the pros and cons of high-fidelity simulations, emulations and simulations

In a world of rapidly changing threats and evolving technology, it often isn’t enough for your cybersecurity professionals to just read about industry-leading tools and techniques; they need to experience them. 

If your organization is looking to build preparedness and advanced skills in an immersive training environment that replicates realistic production environments and real cyber threats, high-fidelity simulations can be a huge benefit for your organization. Not only are these emulations highly practical and serve as a method to build confidence, cyber range simulations offer numerous opportunities for real-time feedback, cross-functional training, network logs and performance data and insights into system behavior. Scenarios can be designed for employees based on specific skill needs and can be easily restarted, refreshed or redesigned quickly until the learning goals are achieved. 

Balance cyber range practicality with reality

According to a recent study by ISACA, only two percent of cybersecurity leaders believe that university graduates are ready to meet today’s cybersecurity challenges. At the same time, if your organization is looking to see how your existing team responds under the pressure of a cyberattack, simulation drills will show just how prepared your team is. 

If your organization is looking to automate and augment cyber workforce training and learning, cyber ranges deliver relevant, professional and hands-on learning scenarios that balance practicality with reality. Simulations can build a strong foundation for new employees and strengthen tactics for more practiced members, offering opportunities for collaboration and presenting staff with immersive replications of real and sophisticated attacks so defensive playbooks can be put to the test.

Understand costs and get buy-in for your training budget 

If your organization has made the decision to leverage the benefits of a cyber range, the last step is to understand the potential costs and get buy-in from management. 

For on-premises cyber ranges, there are a number of potential costs that must be considered. These include:

  • The infrastructure platform: The physical space and networking environment that is hosting the cyber range
  • Hardware: This could be the most expensive portion of implementing an on-premises cyber range, including the hosts, servers, networking components, firewalls and monitoring equipment needed to run and log training activity
  • Software: Whether you are attempting to replicate an existing environment or build a custom scenario, obtaining the necessary license as well as installing and patching software is critical too
  • System administration and maintenance: These specialists maintain, customize and administer your cyber range to meet the training objectives and ensure the platform performs as expected
  • Course material: Creating content to effectively deliver training can be time-consuming and expensive, especially as topics get more complex and require continuous updating to reflect best practices
  • Human resources: From managing the budgets to designing the course materials, delivering training, providing feedback and administering the cyber range, all of these require time from staff that could be performing other critical tasks.

For all of these reasons, all of these costs can add up quickly. With keeping a predictable budget in mind while also accounting for the pressures on your current staff, cloud-based cyber ranges can effectively balance cost with practicality for your organization. Similarly, by partnering with an existing cyber range provider, your organization can benefit from immediate access to established training environments with one-time or pay-as-you-go solutions, existing training materials or custom courseware, and none of the stress of managing and maintaining your own cyber range.

With the average total cost of a cyberattack standing at $1.1 million, according to a 2018 study, justifying the investment in a cyber range is that much easier. 

 

Sources

Cybersecurity workforce skills gap rises to over 4 million, Help Net Security

Report, Cyberspace Solarium Commission

State of Cybersecurity 2019, Part 1: Current Trends in Workforce Development, ISACA

The Trust Factor: Cybersecurity’s Role in Sustaining Business Momentum, Radware

Posted: October 7, 2020
Articles Author
Patrick Mallory
View Profile

Patrick’s background includes Strategy and Cyber Risk Services consulting experience with Deloitte Consulting with both States and large Federal transportation and security agencies. He also served 3 years as a Deputy CIO for the City of Raleigh, where he assisted with the implementation of security policies, tools, and employee education initiatives as well as PCI, CJIS, and HIPAA compliance. He currently supports the IT infrastructure for the U.S. State Department.

Patrick also holds CISSP, CISM, and Security+ certifications as well as a PMP. He holds an MS in Information Technology – Cybersecurity and MS Public Policy from Carnegie Mellon University, where he assisted with graduate level teaching in the information security program.