Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:00 PM
Rocky Yuan
Rocky Yuan
Connect Directly
E-Mail vvv

Benefits of a Cloud-Based, Automated Cyber Range

A cyber range is an irreplaceable tool that allows cybersecurity professionals to improve their response capabilities as well as their ability to identify risks.

Cyber ranges — that is, virtual environments — are an ideal tool for testing and validating the cybersecurity posture of systems and software as well as for training cyber defenders with the latest knowledge on cybersecurity tactics. Ranges help defenders improve their cybersecurity skills with real-time practice on a safe version of their own critical IT systems. They help organizations select, integrate, and test new products and approaches without disrupting operations. For the past two years, I've been working on a cyber-range capability for increased cyber resiliency and decreased operational risk.

Technical Challenges of Cyber-Range Implementation
The first challenge I encountered while planning for the architecture of a physical range is the overwhelming investment cost in hardware and infrastructure. The computing power required for hosting a full suite of operating systems, network, and appliances typically translates to racks full of hardware equipment in order to support the types of testing and training environment necessary for enterprise-level missions. 

Another challenge is the speed to sanitize the range in-between different scenarios. This typically requires long cycle times and lengthy delays in-between scenarios, especially when tearing down and rebuilding the same infrastructure.

Finally, there are challenges when it comes to the speed and the agility to design and deploy specific environments for different customer missions. A significant amount of time can be spent to reconfigure an environment to satisfy a specific, different mission.

I began to explore ways to improve efficiency and agility as well as to save costs by looking at new technology and methodology that can be applied to developing cyber ranges. 

Cyber Ranges Going to the Cloud
The world is going to the cloud, and so can cyber ranges. The cloud provides a flexible, reconfigurable, and elastic computing infrastructure at affordable prices. Cloud-based ranges provide a safe, controlled, and isolated environment and can scale in size based on mission scenarios. You pay as you go based on the capacity you need.

In the cloud, there are easily accessible APIs that allow you to "spin up" and "spin down" virtual hosts, switches, and routers on the fly, instead of having to fidget with physical network cables and switches. It's also easy to leverage the standard images already available in cloud-based marketplaces to quickly find the operating systems and applications you need for each different use case.

More importantly, the cloud approach saves months, if not more, in time otherwise required in the acquisition, design, building, and testing of the computing and networking hardware, not to mention the time, effort, and costs required to maintain the "server farm."

Model-Based Range Operations
Integrating model-based systems engineering (MBSE) into cybersecurity further accelerates cyber-range development and deployment. Applying an MBSE approach enables early validation of its design, visualization of the business processes, assessment of complex network topologies, refinement of requirements, and configuration management of complex environments.

One of the key benefits of utilizing an MBSE integrated range is the ability to rapidly prototype and adjust the architecture of the range you are attempting to build. By leveraging the system modeling technique, you are able to model the range architecture in advance, share that model with key stakeholders to eliminate potential errors, and integrate the necessary changes far in advance of actual implementation.

Another benefit is the ability to build a library of design patterns over time. These patterns are reusable and can be adapted to new requirements as needed, without having to start from scratch. For example, it's easy to remove the Windows domain controller from one of our scenarios and drag in a cluster of Linux-based hosts instead, with just a few clicks of the mouse. This allows us to dramatically reduce the cycle time for each customer, mission, and individual operation.

Finally, by fully leveraging advanced scripting and automation features of an MBSE tool set, a range architecture can be automatically deployed to an actual range environment in the cloud with the click of a button. I've heavily leveraged open source Ansible scripts that are widely available for AWS and VMware to significantly improve the degree of automation in range deployment.

Automation Proves Value Over Time
I've compiled an analysis on how much time can be saved by using automation scripts for cloud deployment and it shows a stunning 5,500% time reduction (chart below). By reusing pre-existing models and leveraging automation, the potential savings every time the range is torn down and rebuilt is astounding. If you haven't looked into automation platforms such as Ansible, Chef, or Puppet, it's definitely worth seeing how much time you can save.

By streamlining cyber-range operations, cybersecurity experts can focus resources in the areas that count, including integration of threat intelligence to arm us with the methods, tools, and the most likely attack profile an attacker would employ. At BAE Systems, our blue team has learned invaluable lessons defending against a real-world attacker by determining reliable indicators and warnings, and developing new ways to discover and eliminate the threat.

A cyber range is an irreplaceable tool that allows cybersecurity professionals to improve their response capabilities as well as their ability to identify risks. Agile, automated, and affordable cyber ranges are the future of cybersecurity training and testing to meet ever-evolving customer missions and to protect our national security.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "The Entertainment Biz Is Changing, but the Cybersecurity Script Is One We've Read Before."


As a Cybersecurity Engineer, Rocky Yuan has been working on an efficient and automated Cyber Range solution to help train next-gen cyber defenders. Ask Rocky about anything related to cyber, certifications, penetration testing, and SOC/SIEMs. He currently works for BAE ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
5/28/2020 | 5:57:46 PM
Benefits of a Cloud-Based, Automated Cyber Range
Rocky is right on target. ORock Technologies offers a Cyber-Range capability in our open source cloud which runs Ansible natively. Many of our enterprise customers are looking for this sort of solution that does note include consulting or managed services costs. Just the environment for thier teams to test apps on the cyber range before moving them on prem or to their permanent Cloud environments.
NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Vulnerability Management Has a Data Problem
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber,  1/14/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-01-20
A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).
PUBLISHED: 2021-01-20
XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section.
PUBLISHED: 2021-01-20
A stored Cross-Site Scripting (XSS) vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).
PUBLISHED: 2021-01-20
Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privile...
PUBLISHED: 2021-01-20
Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be triggered by) admin users. All TOS versions with SecureChange deployments prior to R19.3 HF3 and R20-1 HF1...