Cyber Ranges and How They Improve Security Training

WHAT ARE CYBER RANGES?

Cyber ranges were initially developed by government agencies looking to better train their cyber operators on new skills and techniques. To do this, a physical range or ranges were installed on-premise.  Cyber range providers built representations of actual networks, systems, and tools that helped cyber professionals safely train in virtual, secure environments without compromising the agency’s operational network infrastructure.

Today, cyber ranges are used in the cyber security sector to effectively train IT professionals in all industries and help improve defenses against cyberattacks. As technology advanced, cyber range training advanced as well, both in scope and potential. More on this later. 

To schedule a demo of Circadence’s cyber range platform, visit https://www.circadence.com/request-a-demo/

The National Initiative for Cybersecurity Education reports that cyber ranges provide:

  • An environment where new ideas can be tested safely and teams and work to solve complex cyber problems
  • Performance-based learning and assessment
  • A simulated environment where teams can work together to improve teamwork and team capabilities
  • Real-time feedback
  • Simulate on-the-job experience

Most cyber ranges come in one of two forms: A network environment without pre-programmed content; or a network environment with prescriptive content that may or may not be relevant to a user’s industry. Either cyber range type limits the learner’s ability to develop enriched skill sets beyond what their specific work role may dictate.  

UNDERSTANDING & EVOLVINGCYBER RANGES IN A BOX 

Typically, Cyber range in a boxhas been a collection of virtual machines hosted on an on-premise systemHowever, Circadence has taken the concept of a cyber range in a box and placed it the cloud to better scale cyber training. We lovingly call this CyRaaS, or Cyber Range-as-a-Service, which is integrated into our Project Ares cyber learning platform.

Instead of purchasing a physical set of machines to take up space in a room, virtual machines exist in the cloud and can be accessed by more professionals from any location who want to train persistently and develop cyber skills. The cloud is recognized as one of the most secure spaces to house network components (and physical infrastructure). To ensure cyber ranges spin up environments quickly, deliver the latest training content, and engage users in productive training activitiesaccessing cyber ranges in the cloud is the latest and greatest approach for professionals training in ‘sandbox’ environments. 

in-game-screeenshot-of-network-map

By offering cloud based, cyber range in a box services to support cyber training in Project Ares, we are able to deliver more relevant tools and technologies to help professionals gain the best cyber security training possible

The service allows Project Ares to emulate industry-relevant network configurations within learning activities that help trainees practice defensive tactics. Cloud-based cyber ranges also offer hands-on keyboard experience with real world tools and emulated network traffic to reflect the authentic feeling of an actual cyberattack.  

Advances in Artificial Intelligence and machine learning allow us to use cloud ranges to their full potential by tracking patterns in training data to reveal player learning progression with minimal human intervention and oversight. Those patterns are then used to inform the recommendations of an in-game advisor (Athena) that has chat bot functionality so players can get help on cyber range training activities in the platformFurther, cloud-based cyber range training gives security professionals better predictive capabilities when defending and anticipating threats—and according to Microsoft, even  “improve the efficacy of cyber security, the detection of hackers, and prevent attacks before they occur.” 

GAMIFIED CYBER RANGES

Not only have we taken physical cyber ranges and placed them in the cloud but we’ve added in elements of gamification to further drive the effectiveness of cyber training. 

With many studies touting the benefits of gamification in learning, it only makes sense that cyber ranges come equipped with sets of gamified elements (e.g. leaderboards, scoring mechanisms, points, badges, levels, etc.). Project Ares has a series of cyber learning games that teach foundational cyber concepts and termsbattle rooms that teach tools, tactics, and procedures, and team-based missions that bring learning full circle when players are tasked with defending against a realistic cyber threat scenario.  This level of cyber learning is done in the cloud so professionals can work together from anywhere in the world to collaborate and defeat modern-day attacks.  

We hope this post helped you understand the true potential of cyber ranges in the cloud and how they are evolving today to automate and augment cyber workforce training and learning.  

REQUEST A DEMO

Keeping Critical Infrastructure Strong and Secure

November is Critical Infrastructure Security and Resilience Month, a nationwide effort to raise awareness and reaffirm the commitment to protect our Nation’s critical infrastructure.  Circadence’s mission is to build awareness about how next-generation cybersecurity education and training can improve cyber preparedness. This month is an excellent time to talk about that in relation to critical infrastructure.

“We are seeing government agencies and companies work to make systematic, holistic, and cultural changes through improved cybersecurity standards, best practices, processes, technology, and workforce,” said Josh Davis, Director of Channels. “The massive, distributed, and legacy infrastructure we have today demands a layered security approach that focuses on building a true understanding of what’s at risk within critical infrastructure systems —and that requires a targeted focus on the people who operate these systems both digitally and physically.”

We know critical infrastructure as the power we use in our homes and businesses, the water we drink, the transportation systems that get us from place to place, the first responders and hospitals in our communities, the farms that grow and raise our food, the stores we shop in, and the communication systems we rely on for business as well as staying connected to friends and family. The security and resilience of this critical infrastructure is vital not only to public confidence, but also to the Nation’s safety, prosperity, and well-being.

During November (and year-round), Circadence focuses on engaging and educating public and private sector partners to raise awareness about the security posture of the systems and resources that support our daily lives, underpin our society, and sustain our way of life. Safeguarding both the physical and cyber aspects of critical infrastructure is a national priority that requires public-private partnerships at all levels of government and industry.

Managing risks to critical infrastructure involves preparing for all hazards and reinforces the resilience of our assets and networks.

This November, help promote Critical Infrastructure Security and Resilience Month by:

Our virtualized cyber ranges-as-a-service (CyRaaSTM) provide public/private entities the opportunity to train in realistic cyber environments that mirror their actual interconnected, internet-of-things networks. These virtualized ranges can model the digital footprints of companies, agencies, entire city networks and even Nation State operation exercises, into living physical and fifth domain environments. Teams can collaborate and train together to test and improve their cyber skills in protected environments that can scale and flex as their organizations’ inter-connected structure does, but without impacting live systems and networks.

By combining Circadence’s Project Ares®, Orion Mission Builder™, and StrikeSet™, your organization can learn and grow without impacting your operations. This next-generation combination transforms traditional lecture-based learning, taking it out of the classroom and into interactive real-world environments, at any scale, anytime, anywhere.

We all need to play a role in keeping infrastructure strong, secure, and resilient. We can do our part at home, at work, and in our community by being vigilant, incorporating basic safety practices and cybersecurity behaviors into our daily routines, and making sure that if we see something, we say something by reporting suspicious activities to local law enforcement.

To learn more, visit www.dhs.gov/cisr-month.