Much like a flight simulator, a cyber range allows cybersecurity professionals to practice and perfect their skills in an environment that replicates a real-life“battle scenario”.
Pilots, doctors, law enforcement agents, and combat soldiers all spend hundreds of hours training in simulated environments to experience, and gradually master, real-life situations requiring split-second decision making, mastering complex systems, teamwork and communication.
The concept of ‘on the job’ training is unacceptable. A fighter pilot will never be sent to battle without having first experienced and mastered emergency procedures and combat scenarios, so they can be operationally ready in day-one.
A cyber range creates the same type of controlled training environment for cyber defenders. A well designed cyber range follows the approach of hyper-realistic simulation and replicates your organisations network. Attack scenarios are then run to allow your team to practice detecting and responding to cybersecurity incidents. Cyber range not only helps you train your staff but also assess the level of preparedness of your entire team, as well as each individual, so you can focus your training efforts on the right people. It also helps you assess the effectiveness of your existing procedures and test new technologies before deploying them.
Significance of Cyber Range
The financial sector is a top target for cybercrime. Today, due to the critical role financial institutions play in the functioning of the economy and critical services, banks are also a highly valued target for nation-state actors. A cyber range helps financial institutions improve their state of cybersecurity in three ways;
- Train Your Team
There is a global shortage of trained cybersecurity professionals, and India is no exception. The skill shortage is especially acute in the security-sensitive financial sector. Having the best tools and procedures is of little worth if you lack the skilled professionals who know how to put them to use to keep your network safe.
Cyber range training keeps SOC staff’s skills sharp. Training and preparedness should always include taking your team into a simulated range environment to practice detecting and responding to them in a realistic exercise. All skills need to be refreshed from time-to-time, so cyber range training should be an integral, ongoing part of SOC operations.
Your teams should also be sent to train on financial industry-specific attacks, like attacks on SWIFT servers that were used by hackers in the Bangladesh SWIFT heist. Hackers tend to invest in developing attacks to target an entire industry. Therefore, once the first bank has been hit with a new attack, every bank should assume they will be next and develop incident response procedures and practice them in a cyber range simulator.
The cyber skill shortage that is making it increasingly difficult to hire and retain the staff you rely on. Instead of seeking candidates with the experience you require, invest in developing skilled professionals within your organisation. A cyber range is a powerful platform to quickly train new recruits. The ability to practice what they are learning in the classroom significantly accelerates the certification process of new SOC analysts.
Elite military cyber units have been using cyber ranges to train their young recruits for over a decade. The military training programs incorporate intense range exercises from the very beginning of the course. Each theoretical subject that is taught in the classroom culminates with a cyber range simulation to gain hands-on mastery of the skillset. This shortens the certification process and ensures every new analyst is fully prepared to play his or her role in the SOC.
- Measure Security Operations Procedures
Cyber range simulation capabilities can also be used to assess security procedures and level of preparedness. When your team runs an attack simulation you get a clear picture of how well your team will be able to respond to that type of threat scenario should it occur for real.
Running a range simulation can surface faults in incident response playbooks and gives you a chance to update and practice the new playbook. It also helps you identify and solve bottlenecks in procedure, staffing and skills so they can be remedied. Finally, range simulation provides concrete metrics to show the impact of changes and improvements on security outcomes.
A cyber range also plays an important role in regulatory compliance as it allows you to test the procedures you have put in place. For example, the upcoming GDPR includes strict demands for both data security and incident notification. Make sure you can meet all the requirements by running simulations and measuring performance against regulatory standards to ensure you will maintain compliance in the case of a breach and avoid fines and penalties.
Test Technologies and Assess Vulnerabilities
A third use for your cyber range is to test existing and new technologies. Just as simulations can uncover faults in procedures, they can also be used for vulnerability assessments and architecture resilience of your existing capabilities. Something as simple as a misconfiguration can leave you wide open for exploitation. Discover vulnerabilities and fix them before hackers get a chance to.
Before deploying new technologies, use the cyber range to run a POC in a safe laboratory environment without putting your live network at risk. Only once you have seen in the cyber range simulator how the new tool will affect network operations you can be confident the deployment will be successful.
Cyber Range or Outsource, What do you Need?
There is no question that every financial institution must incorporate ample cyber range training and simulations in their cybersecurity operations. The only question is whether to contract with a local managed security service provider (MSSP) to run your cyber training programs or establish your own in-house facility.
It is important that the range solution you choose is capable of accurately replicating your network including specific components unique to a financial organisation. Also, the range must offer a robust library of attack scenarios, including the attacks that specifically target the financial industry.
Assuming you can find a managed security service provider whose cyber range is capable of meeting all your training needs, from onboarding to advanced skill building and emerging threat simulations, the question is one of volume and cost.
An in-house cyber range has the advantage of being customised to exactly replicate your network, create and run custom attack scenarios and enables more frequent training due to convenience and low marginal cost. The first step is to learn more about the types of cyber range technologies available and decide which is best for your organisation.
Views expressed in this article are a personal opinion of Adi Dar, CEO at Cyberbit.