What is a cyber range?
When it comes to cyberthreats, it is not a matter of if, but when an organization is going to be targeted by cybercriminals. Will you and your organization be ready?
Fortunately, the real thing does not have to be the first time that you or your team has their skills put to the test. Cyber ranges provide you and your security team with a proving ground to apply the latest skills, techniques and best practices needed to stay at the top of their game and ahead of industry trends.
Much like their military predecessors, cyber ranges are realistic, controlled, virtual training environments designed to train professionals with hands-on learning scenarios that replicate reality with high-fidelity simulations of cyberthreats, complete with interactive network devices, servers and hosts specifically tuned for training purposes. In other words, cyber ranges are interactive representations of local organizational networks and systems, complete with tools and applications standing by to provide an equally realistic, safe and legal environment for students to apply what they are learning or test new defensive measures.
Because no organization wants to actually expose their critical infrastructure to the worst that cyberattackers have to offer, a cyber range is the next best thing. This practice is critical to improving skills, tactics and techniques, and refining technology for today’s current security professionals and those preparing to take on what lies ahead.
Who builds and hosts cyber ranges?
Because of their many benefits, more and more organizations are developing their own or joining existing cyber ranges, leading to an explosion in interest and options for professionals to choose from. In fact, there are cyber ranges that are maintained and utilized by organizations across the government, the private sector, nonprofit organizations and in academic settings. Similarly, there are cyber ranges that focus on specific types of networks, such as industrial control systems, more complex multi-host networks and application-specific test environments.
The first grouping of cyber ranges are those associated with universities, which are typically focused on more foundational network and cyber security training. Access to these cyber ranges are typically offered to students in specific degree and certification programs, but they can also be great ways to attract new students and conduct research at a university.
The second line of effort comes from government entities. State governments and the US federal government also sponsor cyber ranges for their staff, the US military and even their residents to utilize. For example, the US military’s Cyber Command has their own cyber range, while the US Army partners with Augusta University to train soldiers on cybersecurity topics. The National Cyber Range, managed by the US Defense Department’s Defense Advanced Research Projects Agency (DARPA), offers a place for classified and unclassified researchers to test their systems in a safe environment. At the local level, Virginia, Michigan, Arizona, Arkansas, Florida and Georgia, among others, have cyber ranges in various stages of development for training and testing purposes.
Finally, professionals looking for more specialized and advanced proving grounds to test and grow their skills can obtain access to cyber ranges hosted by private organizations. As the practice and the technology around hosting and managing cyber ranges have evolved, more organizations have begun to use these virtual environments to counter organizational threats, offer more avenues for personal development, offer certification programs and even host competitions.
What types of cyber ranges exist today?
Cyber ranges can also be hosted in several different environments, depending on the scale and needs of the organization. These include on-premises, cloud-based and remote virtualized environments.
On-premises cyber ranges are hosted on-site within a specific organization’s infrastructure, often designed to replicate their existing production systems, policies and configurations or a certain test environment. Unlike cloud environments where infrastructure may be shared across several customers of the cloud services provider, on-premises cyber ranges use dedicated equipment owned by the organization and are designed in a lab-like environment.
While on-premises cyber ranges do have their benefits in terms of the ability to tailor it to specific needs or security concerns, the level of effort and resources to implement and maintain this type of range is higher due to the need to identify physical space, procure systems and maintain and customize these environments.
The cloud-based cyber ranges provide organizations with flexible, easily reconfigurable and cost-effective infrastructure that can also be isolated, safe, and controlled environments. Additionally, when provided by a third-party cloud services provider, cloud-based cyber ranges can also be easily scalable and modified based on training needs and budget.
As with other cloud-based environments, cyber ranges hosted in the cloud can offer more predictable costs, as implementation and maintenance costs are left to the vendor as part of the service fees and are shared across other customers.
Finally, organizations can leverage existing training designed by experienced professionals or create custom-training that meets your organization’s training needs, further helping to minimize the potential costs of utilizing cyber ranges.
Remote virtualization solutions
The final method is remote virtualized solutions, which combine aspects of both cloud and on-premise infrastructure. In these delivery models, cyber ranges are hosted either locally or in cloud-environments through a centralized virtual machine network and are delivered to students or staff through remote access. These allow for centralized management of the cyber range, but with more diverse and flexible connectivity through a virtual private network or remote access service.
What are the benefits of a cyber range?
When organizations are presented with the choice to invest resources to defend against cyber threats or live with the growing risk of a devastatingly costly attack, the choice is often very clear. But cyber ranges can offer professionals and organizations so much more than just a proving ground to practice in.
Learn how to identify and defend against attack vectors
It is one thing to put a network security professional in a security operations center. It is another to test their skills against the latest threats actively being used by cybercriminals. As technology advances, so too do the vectors and tools that attackers use against computer systems and networks. Further complicating even multi-layered defenses are the vectors and vulnerabilities that are unique to specific systems and implementations.
One effective approach to train security staff is through realistic scenarios, arming them with the skills they need to apply the right mitigation, policy, configuration or action when faced with a real-life attack scenario. Cyber ranges can be practical environments where professionals can be confronted with malware, bugs and malicious network activity, testing how they react and even to identify additional mitigations organizations can make to prevent a real-life attack.
Over time, your team can then identify and respond to threats faster and more effectively. For example, your team can specifically train to:
- Identify patterns displayed by common security threats
- Recognize abnormal network or system behavior to identify threats faster and practice proper incident response protocols
- Protect critical systems and infrastructure components that are vital to their organization’s operations
- Work as a team and follow incident response procedures to build collaboration and help to mitigate damage
Learn cybersecurity by practicing in a safe, sandbox environment
No matter your experience level, cyber ranges give professionals a safe, secure environment from which to apply their knowledge and skills. Whether you are learning how to set up a network, perform a penetration test, or try a new tool, go beyond the textbook and apply what you have learned with hands-on labs that emulate reality.
Did something not go as planned or did a new tool affect something unexpected? A cyber range can be blown away and easily restarted without any worry about lasting impacts on your production environment. From there, try a new approach until your team gets everything just right.
More experienced IT professionals can even create their own custom cyber ranges to match their own organization’s network environment so that new tools can be evaluated or their incident response plans can be put to the test through a high-fidelity simulation. From learning advanced network analysis techniques to application testing and secure code evaluations, cyber ranges offer a full range of advantages for your organization.
Provide professional development opportunities to cybersecurity teams
If there is one industry that demands its professionals stay ahead of the curve when it comes to innovation and adapting to evolving threats, it’s cybersecurity. Whether your team has existing continuing education requirements, is exploring cross-training, or if you are just beginning your own career in the field, a cyber range offers a perfect supplement to formal learning with a safe, cost-effective way to gain new skills with confidence.
Onboard and upskill new employees quickly
Organizations around the world continue to face a dangerous cybersecurity workforce gap, leaving positions key to defending their networks unfilled or undermanned. When paired with formal training in foundational topics and skills, providing new employees with access to a cyber range is a very effective way to address this key skills gap.
These simulated environments are a true testing ground to put newly acquired skills into action, offering organizations a way to train new employees to recognize key aspects of a cyberattack, configure network security components unique to their environment or conduct key mitigation steps in the event of a breach, among other activities. Just as no one can learn how to drive a car just by reading a textbook or an owner’s manual, new employees can learn hands-on how to interact with key systems and learn unique features of an organization’s enterprise environment rather than just studying the texts.
Not only does this make for more well-rounded and confident employees, but organizations can more quickly benefit from their hiring investment.
Refine skills needed for real security tools used in your environment
Whether you are evaluating a new technology or considering implementing a new addition to your defenses, cyber ranges can also be used for realistic testing that goes beyond the sales presentation. Cyber ranges can be customized to accurately replicate your network configuration, hosts, servers and other policies to evaluate the effects of changes to firewall rules, the effectiveness of new security tools, or the strength of antivirus platforms.
Before a change is made to your production environment or a new tool is implemented, your team will know exactly how your enterprise operations will respond and your staff will know exactly how it works without the fear of the unknown.
Putting it all together
Whether for an individuals’ own professional development, a means for an organization to take their cybersecurity defense posture to the next level or for staff to quickly onboard and learn the key nuances of defending complex networks, cyber ranges are excellent tools to get the practical training IT personnel need to stay ahead of today’s expanding cyber threats.
CYBERCOM tests cyber range under coronavirus conditions, Federal News Network
National Cyber Range (NCR), PEO STRI