With the cybersecurity landscape changing rapidly and cloud infrastructure becoming more prevalent than on-premises environments, how can we create cost-effective cyber range environments that accurately replicate multi-cloud and hybrid-cloud assets for all-domain scenarios?
Cyber ranges are designed to provide proactive cyber experimentation to research vulnerabilities, perform synthetic training, and validate cyber-hardening protocols. These exercises allow cybersecurity teams to simulate cyberattacks on a safe digital replica of an enterprise network, estimate the impact of ransomware or more sophisticated types of cyberattacks, and assess response protocols to malicious malware in a controlled manner.
Government and commercial organizations commonly use cyber ranges to simulate local networks, systems, tools, and applications. Traditional cyber ranges often consist of air-gapped networks with dedicated hardware and software to create a realistic replica of an environment.
In addition to cyber training, operators can safely test and evaluate hardware and software for potential zero-day vulnerabilities and provide guidance on how to fix or remove them prior to enterprise-wide deployment.
However, the challenge is that on-premises range architectures must evolve to reflect the ubiquitous nature of cloud infrastructures and provide hyper-realistic training environments that enable cybersecurity professionals to protect the global, highly interconnected cloud ecosystems effectively.
Cyber Ranges Of The Future
To keep up with the changing cybersecurity ecosystem and the increasing use of cloud infrastructure, cyber range architecture needs to evolve rapidly. This evolution includes using software-defined infrastructures (SDIs) and virtualized hardware components to create environments that perform like their hardware-based counterparts.
The challenge is to provide hyper-realistic training environments that simulate anomalous network behavior or integrate cloud-based “network-behavior-as-a-service” software to provide an effective defense.
Hosting a modern cyber range in the cloud using a “lift-and-shift” approach may not be effective since software used for cyber range experiments may need significant modification for cloud hosting. A more economical and flexible solution is a cloud-native cyber range built on a cloud-based, SDI-defined infrastructure.
This infrastructure approach requires customizable hypervisors, provisioning software, and automation to “digitally twin” a cloud environment. By using infrastructure as code (IAC), these ranges can be built in a customer’s own environment.
Mobile cyber ranges also take advantage of the edge computing evolution. The emergence of DevOps for edge delivery requires cyber range providers to deliver software on the edge and operate in edge computing environments. This will require a shift in the disconnected edge or DDIL (disconnected, denied, intermittent, and limited) approach currently used by the Department of Defense (DoD).
In most cases, the DoD assembles trainees and provides a range environment in a physical location. However, today’s cyber warriors need on-demand access to an immersive and interactive environment, wherever they may be.
The emergence of cloud-based and mobile cyber ranges presents challenges and opportunities for both new and existing players in the cybersecurity industry. The shared security responsibilities of multi cloud and edge computing demand a change in how cyber range engineering is approached. Companies that are quick to recognize this need and develop cloud-ready and mobile cyber ranges will be better positioned to capture a specialized market in cybersecurity.