Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

5/26/2020
02:00 PM
Rocky Yuan
Rocky Yuan
Commentary
Connect Directly
Facebook
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

Benefits of a Cloud-Based, Automated Cyber Range

A cyber range is an irreplaceable tool that allows cybersecurity professionals to improve their response capabilities as well as their ability to identify risks.

Cyber ranges — that is, virtual environments — are an ideal tool for testing and validating the cybersecurity posture of systems and software as well as for training cyber defenders with the latest knowledge on cybersecurity tactics. Ranges help defenders improve their cybersecurity skills with real-time practice on a safe version of their own critical IT systems. They help organizations select, integrate, and test new products and approaches without disrupting operations. For the past two years, I've been working on a cyber-range capability for increased cyber resiliency and decreased operational risk.

Technical Challenges of Cyber-Range Implementation
The first challenge I encountered while planning for the architecture of a physical range is the overwhelming investment cost in hardware and infrastructure. The computing power required for hosting a full suite of operating systems, network, and appliances typically translates to racks full of hardware equipment in order to support the types of testing and training environment necessary for enterprise-level missions. 

Another challenge is the speed to sanitize the range in-between different scenarios. This typically requires long cycle times and lengthy delays in-between scenarios, especially when tearing down and rebuilding the same infrastructure.

Finally, there are challenges when it comes to the speed and the agility to design and deploy specific environments for different customer missions. A significant amount of time can be spent to reconfigure an environment to satisfy a specific, different mission.

I began to explore ways to improve efficiency and agility as well as to save costs by looking at new technology and methodology that can be applied to developing cyber ranges. 

Cyber Ranges Going to the Cloud
The world is going to the cloud, and so can cyber ranges. The cloud provides a flexible, reconfigurable, and elastic computing infrastructure at affordable prices. Cloud-based ranges provide a safe, controlled, and isolated environment and can scale in size based on mission scenarios. You pay as you go based on the capacity you need.

In the cloud, there are easily accessible APIs that allow you to "spin up" and "spin down" virtual hosts, switches, and routers on the fly, instead of having to fidget with physical network cables and switches. It's also easy to leverage the standard images already available in cloud-based marketplaces to quickly find the operating systems and applications you need for each different use case.

More importantly, the cloud approach saves months, if not more, in time otherwise required in the acquisition, design, building, and testing of the computing and networking hardware, not to mention the time, effort, and costs required to maintain the "server farm."

Model-Based Range Operations
Integrating model-based systems engineering (MBSE) into cybersecurity further accelerates cyber-range development and deployment. Applying an MBSE approach enables early validation of its design, visualization of the business processes, assessment of complex network topologies, refinement of requirements, and configuration management of complex environments.

One of the key benefits of utilizing an MBSE integrated range is the ability to rapidly prototype and adjust the architecture of the range you are attempting to build. By leveraging the system modeling technique, you are able to model the range architecture in advance, share that model with key stakeholders to eliminate potential errors, and integrate the necessary changes far in advance of actual implementation.

Another benefit is the ability to build a library of design patterns over time. These patterns are reusable and can be adapted to new requirements as needed, without having to start from scratch. For example, it's easy to remove the Windows domain controller from one of our scenarios and drag in a cluster of Linux-based hosts instead, with just a few clicks of the mouse. This allows us to dramatically reduce the cycle time for each customer, mission, and individual operation.

Finally, by fully leveraging advanced scripting and automation features of an MBSE tool set, a range architecture can be automatically deployed to an actual range environment in the cloud with the click of a button. I've heavily leveraged open source Ansible scripts that are widely available for AWS and VMware to significantly improve the degree of automation in range deployment.

Automation Proves Value Over Time
I've compiled an analysis on how much time can be saved by using automation scripts for cloud deployment and it shows a stunning 5,500% time reduction (chart below). By reusing pre-existing models and leveraging automation, the potential savings every time the range is torn down and rebuilt is astounding. If you haven't looked into automation platforms such as Ansible, Chef, or Puppet, it's definitely worth seeing how much time you can save.

By streamlining cyber-range operations, cybersecurity experts can focus resources in the areas that count, including integration of threat intelligence to arm us with the methods, tools, and the most likely attack profile an attacker would employ. At BAE Systems, our blue team has learned invaluable lessons defending against a real-world attacker by determining reliable indicators and warnings, and developing new ways to discover and eliminate the threat.

A cyber range is an irreplaceable tool that allows cybersecurity professionals to improve their response capabilities as well as their ability to identify risks. Agile, automated, and affordable cyber ranges are the future of cybersecurity training and testing to meet ever-evolving customer missions and to protect our national security.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "The Entertainment Biz Is Changing, but the Cybersecurity Script Is One We've Read Before."

 

As a Cybersecurity Engineer, Rocky Yuan has been working on an efficient and automated Cyber Range solution to help train next-gen cyber defenders. Ask Rocky about anything related to cyber, certifications, penetration testing, and SOC/SIEMs. He currently works for BAE ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
donwpoole
50%
50%
donwpoole,
User Rank: Apprentice
5/28/2020 | 5:57:46 PM
Benefits of a Cloud-Based, Automated Cyber Range
Rocky is right on target. ORock Technologies offers a Cyber-Range capability in our open source cloud which runs Ansible natively. Many of our enterprise customers are looking for this sort of solution that does note include consulting or managed services costs. Just the environment for thier teams to test apps on the cyber range before moving them on prem or to their permanent Cloud environments.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17475
PUBLISHED: 2020-08-14
Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000.
CVE-2020-0255
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10751. Reason: This candidate is a duplicate of CVE-2020-10751. Notes: All CVE users should reference CVE-2020-10751 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-14353
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-18270. Reason: This candidate is a duplicate of CVE-2017-18270. Notes: All CVE users should reference CVE-2017-18270 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-17464
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2020-17473
PUBLISHED: 2020-08-14
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.