Cyber ranges

Scalability & elasticity: Technical considerations when selecting a cyber range

November 23, 2020 by Graeme Messina

Introduction

Cyber ranges are excellent training tools. You can simulate advanced cloud infrastructure and create various test scenarios, or you can clone your entire network infrastructure in an on-premises solution for local testing and simulations of your live systems. Both approaches are valid, and each one comes with its own set of benefits.

Whichever solution you decide on, you will need to think about how scalable that solution is, and how flexible it is. The elasticity of your cyber range is critical in diversifying the exercises and different lessons that you can offer your users. The scalability of your cyber range will dictate how much you can grow your training capacity, so you need to find the solution that will give you the right balance between going on-premises or cloud-based.

Let’s look at why you would choose one approach over another, and when you should choose a public cloud-based cyber range over an on-premises solution, or even a mixture of the two. 

On-premises cyber ranges: Local hardware infrastructure considerations

Cost is normally the most prohibitive factor when trying to build your own cyber range environment. Assuming you already have a virtual environment that you can spin up machines in, there are additional resources that are especially scarce when hosting multiple sessions simultaneously across multiple virtual machines. How much of these resources you have available to you will determine how the scalability of your cyber range environment will ultimately be.

RAM

RAM is one of the determining factors about how your cyber range will perform with real-world conditions while users are logged in. Like everything relating to system resources, more is better. RAM (memory) capacities have ballooned in the past decade to keep up with the increasing demands of modern applications and operating systems.

How much you will need per virtual machine will depend on what type of systems you are hosting on your cyber range. Operating systems like Linux have certain operational modes that require no GUI (Graphical User Interface) and will use less RAM than a fully-fledged desktop environment with graphical components like a Windows 10 installation.

Virtual hosts allocate RAM to virtual machines based on their specs, and having more RAM to dish out to these virtual machines is better. If you have 20 virtual machines that need 4GB each, then your pool of RAM needs to cover both those overheads and still keep the wheels turning for the hypervisor that hosts them all.

Hard drive space

Much like your RAM requirements, hard drive space plays a big role in your cyber range environment. Each of the virtual machines needs to have space to store files for your users, even if it is temporary. Your exercise files and cyber range objectives will also need to be stored locally, so hard drive space really plays a big part of your local hardware infrastructure as well.

Public cloud-based ranges: cloud infrastructure and server-side considerations

Many of the same considerations that apply to on-premise resources also apply to public cloud-based ranges, but with some caveats. The first thing to consider with a public cloud-based range is that scalability is the name of the game.

Cloud systems are designed in such a way that it is very easy for companies to expand and contract their online infrastructure, based on the demand that is being loaded onto their systems.

Therefore, the same is true of your public cloud-based ranges: When you have multiple sessions occurring concurrently, your backend can take advantage of the cloud’s scalability and make resources available when and where they are needed.

Public-cloud infrastructure

Public-cloud infrastructure makes a lot of sense for cybersecurity training. As we alluded to earlier, there are many advantages to using a highly accessible cyber range that is hosted on a public-cloud infrastructure. 

The first advantage is convenience. Your teams can pick up on the training that they need when they have time, and when their schedules allow it. It is a great form of studying because it provides them with the hands-on, real-world scenarios that you would expect to find when assessing real threats on a live system.

The offshoot of this is that when you set up a cyber range of your own in a cloud environment, you need to have a deep understanding of the test environment that you are creating for yourself. Software-defined networking is an intrinsic part of cloud infrastructure, so your knowledge of network routing and setup is key to creating believable networking scenarios that your cyber ranges can make use of without unintentionally exposing parts of your cloud to the internet or any other unwanted visitors.

Server-side bandwidth

Bandwidth plays a very big role for concurrent connections to your cyber range. Depending on the volumes that you are expecting, you may find that bandwidth allocation will be one of the biggest factors that determines the user experience of your remote-based sessions. If your server-side bandwidth is overburdened, then connectivity issues and disconnects could be a problem.

Another issue to consider is latency. Depending on where your cloud infrastructure is based, you might find that certain operations take considerably longer to register in your remote session. Input lag is something that people have gotten used to on some cloud platforms, especially if they are located on opposite ends of the earth, but you really want to choose a provider that is close to your geographic location to avoid this altogether.

On-premises vs. cloud-based cyber ranges: Pros and cons

Now that we know the basics of what each of the cloud provider systems are made up of, we can objectively map out some pros and cons for each approach. It should come as no real surprise that cloud-based systems are becoming more common, not just for cyber ranges.

Cloud-based cyber ranges: Pros

  • Highly accessible training, from anywhere: Your teams have access to the latest training material no matter where they are.
  • Low barrier to entry: All users can benefit from cloud-based cyber ranges, not just IT and cybersecurity staff.
  • User training costs are reduced: When people from different regions can complete training from where they are without needing to travel.
  • Cloud-based platforms are automatically updated and patched on the backend: System admins are much happier because there is less to maintain and manage.

Cloud-based cyber ranges: Cons

  • Some organizations prefer in-person training: 2020 has redefined the way we communicate and work, so this attitude towards a user’s physical presence is changing.
  • Not all users have stable internet connections at home: For the most part this isn’t a massive problem, as internet connections have become a ubiquitous part of modern living. There is more than a small chance that most users will have at least one broadband connection available to them at their current location.

On-premises cyber ranges: Pros

  • A perceived sense of tighter controls on intellectual property: Some training resources are proprietary and are not meant for public consumption. For these types of scenarios, a company might prefer to offer on-premises training on a secure local network. The reality is that cloud-based platforms are generally very secure when configured correctly.
  • The cyber ranges can be more highly customized: If you are hosting your own cyber ranges, then the chances are good that you employ your own development teams and resources to keep this up to date. This approach is great if you are nailing down some very niche training requirements, but not for much else.

 On-premises cyber ranges: Cons

  • Hardware costs: Hosting the infrastructure that is necessary to keep an entire organization up to date with the latest security threats needs a lot of physical hardware. The bulk of these costs come from rack mounted equipment and specialized storage solutions. This equipment needs to be maintained by your in-house IT teams.
  • Software costs: Setting up a cyber range will incur software costs, even if you are developing your own in-house solutions for training.
  • User access: By now, most companies have adapted to a pandemic-aligned working environment. This means that remote access to company networks is available to almost all companies that need their users to keep working from home. The same access should be available for your on-premises cyber ranges, but again, these connections will require bandwidth and resources that must be diverted to allow for them to function optimally. 

Elasticity of each type of cyber range compared

There is no comparison between an on-prem solution and a cloud-based one. The data centers that power a cloud-based platform are immense. If you have the budget for more capacity, then you can fire up as many instances as you need with most of the big cloud providers. Additional resources can be spun up and put into production in a very short span of time. When the need is no longer there, then those additional instances are rolled back and can be recreated when the need arises again.

While this can be true for an on-premises solution as well, there are much higher capital expenditures that need to happen before you have increased spare capacity. This makes no sense for most businesses, as new hardware and software are generally only procured as and when there is a business need. Once the demand for equipment falls away, then it is there to stay. It must be reworked and reconfigured to perform a different function in the business if it is to justify the capital outlay for it.

Cloud-based cyber ranges are a clear winner in terms of elasticity and dynamic allocations of resources.

Scalability of each type of cyber range, compared

Cloud-based systems will win almost every time, except for cases when an organization already has its own infrastructure such as data centers. As was the case with the elasticity of public cloud infrastructure, the scalability of them is also something that is very difficult to match without spending a large fortune.

Again, cloud provider systems come out on top in terms of scalability, elasticity and variable cost.

Conclusion

Deciding on a cyber range platform is similar, in many ways, to any other cloud-based solution. It needs to offer you the flexibility and elasticity to provide high-performance machines with varying specifications while maintaining the ability to scale up or down at a moment’s notice. 

The modules and exercises that your users start learning from need to change with the times, so it makes sense to have the ability to modify, add and remove features as your cyber range environment grows. The back-end technologies will determine how flexible and scalable your solution is, so choosing the right platform for your needs is essential.

Posted: November 23, 2020
Articles Author
Graeme Messina
View Profile

Graeme is an IT professional with a special interest in computer forensics and computer security. When not building networks and researching the latest developments in network security, he can be found writing technical articles and blog posts at InfoSec Resources and elsewhere.

Leave a Reply

Your email address will not be published. Required fields are marked *