Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:00 PM
Rocky Yuan
Rocky Yuan
Connect Directly
E-Mail vvv

Benefits of a Cloud-Based, Automated Cyber Range

A cyber range is an irreplaceable tool that allows cybersecurity professionals to improve their response capabilities as well as their ability to identify risks.

Cyber ranges — that is, virtual environments — are an ideal tool for testing and validating the cybersecurity posture of systems and software as well as for training cyber defenders with the latest knowledge on cybersecurity tactics. Ranges help defenders improve their cybersecurity skills with real-time practice on a safe version of their own critical IT systems. They help organizations select, integrate, and test new products and approaches without disrupting operations. For the past two years, I've been working on a cyber-range capability for increased cyber resiliency and decreased operational risk.

Technical Challenges of Cyber-Range Implementation
The first challenge I encountered while planning for the architecture of a physical range is the overwhelming investment cost in hardware and infrastructure. The computing power required for hosting a full suite of operating systems, network, and appliances typically translates to racks full of hardware equipment in order to support the types of testing and training environment necessary for enterprise-level missions. 

Another challenge is the speed to sanitize the range in-between different scenarios. This typically requires long cycle times and lengthy delays in-between scenarios, especially when tearing down and rebuilding the same infrastructure.

Finally, there are challenges when it comes to the speed and the agility to design and deploy specific environments for different customer missions. A significant amount of time can be spent to reconfigure an environment to satisfy a specific, different mission.

I began to explore ways to improve efficiency and agility as well as to save costs by looking at new technology and methodology that can be applied to developing cyber ranges. 

Cyber Ranges Going to the Cloud
The world is going to the cloud, and so can cyber ranges. The cloud provides a flexible, reconfigurable, and elastic computing infrastructure at affordable prices. Cloud-based ranges provide a safe, controlled, and isolated environment and can scale in size based on mission scenarios. You pay as you go based on the capacity you need.

In the cloud, there are easily accessible APIs that allow you to "spin up" and "spin down" virtual hosts, switches, and routers on the fly, instead of having to fidget with physical network cables and switches. It's also easy to leverage the standard images already available in cloud-based marketplaces to quickly find the operating systems and applications you need for each different use case.

More importantly, the cloud approach saves months, if not more, in time otherwise required in the acquisition, design, building, and testing of the computing and networking hardware, not to mention the time, effort, and costs required to maintain the "server farm."

Model-Based Range Operations
Integrating model-based systems engineering (MBSE) into cybersecurity further accelerates cyber-range development and deployment. Applying an MBSE approach enables early validation of its design, visualization of the business processes, assessment of complex network topologies, refinement of requirements, and configuration management of complex environments.

One of the key benefits of utilizing an MBSE integrated range is the ability to rapidly prototype and adjust the architecture of the range you are attempting to build. By leveraging the system modeling technique, you are able to model the range architecture in advance, share that model with key stakeholders to eliminate potential errors, and integrate the necessary changes far in advance of actual implementation.

Another benefit is the ability to build a library of design patterns over time. These patterns are reusable and can be adapted to new requirements as needed, without having to start from scratch. For example, it's easy to remove the Windows domain controller from one of our scenarios and drag in a cluster of Linux-based hosts instead, with just a few clicks of the mouse. This allows us to dramatically reduce the cycle time for each customer, mission, and individual operation.

Finally, by fully leveraging advanced scripting and automation features of an MBSE tool set, a range architecture can be automatically deployed to an actual range environment in the cloud with the click of a button. I've heavily leveraged open source Ansible scripts that are widely available for AWS and VMware to significantly improve the degree of automation in range deployment.

Automation Proves Value Over Time
I've compiled an analysis on how much time can be saved by using automation scripts for cloud deployment and it shows a stunning 5,500% time reduction (chart below). By reusing pre-existing models and leveraging automation, the potential savings every time the range is torn down and rebuilt is astounding. If you haven't looked into automation platforms such as Ansible, Chef, or Puppet, it's definitely worth seeing how much time you can save.

Source: Rocky Yuan
Source: Rocky Yuan

By streamlining cyber-range operations, cybersecurity experts can focus resources in the areas that count, including integration of threat intelligence to arm us with the methods, tools, and the most likely attack profile an attacker would employ. At BAE Systems, our blue team has learned invaluable lessons defending against a real-world attacker by determining reliable indicators and warnings, and developing new ways to discover and eliminate the threat.

A cyber range is an irreplaceable tool that allows cybersecurity professionals to improve their response capabilities as well as their ability to identify risks. Agile, automated, and affordable cyber ranges are the future of cybersecurity training and testing to meet ever-evolving customer missions and to protect our national security.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "The Entertainment Biz Is Changing, but the Cybersecurity Script Is One We've Read Before."


As a Cybersecurity Engineer, Rocky Yuan has been working on an efficient and automated Cyber Range solution to help train next-gen cyber defenders. Ask Rocky about anything related to cyber, certifications, penetration testing, and SOC/SIEMs. He currently works for BAE ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
5/28/2020 | 5:57:46 PM
Benefits of a Cloud-Based, Automated Cyber Range
Rocky is right on target. ORock Technologies offers a Cyber-Range capability in our open source cloud which runs Ansible natively. Many of our enterprise customers are looking for this sort of solution that does note include consulting or managed services costs. Just the environment for thier teams to test apps on the cyber range before moving them on prem or to their permanent Cloud environments.
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-23
In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function...
PUBLISHED: 2021-04-23
The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.
PUBLISHED: 2021-04-22
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...
PUBLISHED: 2021-04-22
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...
PUBLISHED: 2021-04-22
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...