Increasing complexity within the enterprise IT environment has created the need to conduct larger scale cybersecurity exercises to train personnel and develop business and IT processes to handle cyber incidents. Excerpts from a recently-published white paper produced by Cyberwatching.eu provide insights  into the what and how of cyber range technology and explain why it’s a key asset in the training of cybersecurity professionals.

In a Nutshell….

Cyber Ranges provide a multipurpose virtual environment in which organisations can test critical capabilities and reveal how effectively they integrate people, processes, and technology to protect their strategic information, services, and assets.

By facilitating high-fidelity simulations, they can improve stability, security and performance of cyberinfrastructures and information technology (IT), operations technology (OT), and industrial control systems (ICS). Because of their ability to represent real-world cyber threat scenarios in a virtual environment, they also present an opportunity to enhance organisational training capabilities.

The Market

While formal definitions of the cyber range have been proposed, notably by the European Defence Agency in their Common Staff Target for Military Cooperation on Cyber Ranges in the European Union, and NIST (National Institute of Standards and Technology of the US Department of Commerce), market offerings around the world vary in terms of their scale and complexity.

Larger, global vendors include IBM, Cisco and Palo Alto Networks. Regionally there is a plethora of commercial or state-owned providers. Examples are the Finnish JYVSECTEC, KYPO (Czech) and CRATE (Swedish).

Cyber Range Technology

The cyber range environment is run on a virtualised infrastructure (networks, servers, end user workstations). The use of commercial solutions varies from cyber range to cyber range but almost all utilise open source solutions. These may  vary from basic information security controls (IDSs, firewalls, and end-point protections) to more advanced machine learning and data analytical solutions. In addition, many traditional IT infrastructure solutions, for example Windows domains, proxies, and DNS, are used to create realistic situations for exercises.

For threat actor modelling, many cyber ranges utilise both openly available pen-testing and red-teaming tools as well as custom tools and malware.

For performance tracking, cyber ranges typically provide a means for trainers to record sessions and evaluate and grade trainees.

Cyber Range Functionality

Based on their functional capabilities, cyber ranges are typically grouped as follows:

• A simple, pre-defined, network-accessible but limited environment such as a single virtual machine which provides the infrastructure for Capture The Flag (CTF) exercises
• A locally accessible infrastructure into which malware cannot be introduced and participants use their own laptops and business emails
• A large, complex, locally accessible infrastructure where all equipment and devices are provided by the cyber range vendor/operator, and malware may be safely run without fear of contaminating the business network

The cyber range platform which is being developed within CYBERWISER.eu is of the last type.

CYBERWISER.eu Cyber Range Platform

As an H2020 Innovation Action, the ultimate aim of CYBERWISER.eu is to build a complete, integrated and fully customisable cybersecurity training solution designed in a modular format to meet the specific needs of individual learners or corporate teams alike.

As such, our solution will incorporate an independent cyber range platform as well as a comprehensive suite of both free and paid-for web-based certificate courses.

Click here to read an in-depth analysis of the technology behind the CYBERWISER.eu platform

Click here to download the Cyberwatching.eu white paper.