Why Every Enterprise Should Have A Cyber Range In Its Security Arsenal

5 tháng 5, 2022

In this digital age, there is no shortage of focus on cybersecurity. Gartner forecasts worldwide security spending will reach $96 billion this year, up 8% from 2017. While CIOs and CISOs worldwide have invested billions of dollars over the years in strengthening their security posture with tools and appliances geared toward prevention, detection and mitigation, we still see breaches like that of Equifax, Uber, Anthem and several others. The threats loom large, and hardly a month goes by without news of hacking, theft or data pilferage.

Interestingly, even as investment in cybersecurity grows, CISOs candidly admit that the next attack is not an if but rather a when. This despite tools that are becoming increasingly sophisticated and with many starting to embrace machine learning and artificial intelligence-based approaches focused on detection and mitigation.

Ironically, vendor research shows almost 75% of the threats to be originating from internal resources. Not all of these are malicious. In fact, in another poll conducted at the 2017 Black Hat security conference, 84% of the organizations that experienced an attack attributed it to human error. In other words, it was accidental and caused by things like misconfigurations, improper role-based privilege assignments and, perhaps, in some cases, good old plain stupidity. Even trained security personnel are prone to commit unforced errors due to the flood of protocols, devices and control systems -- all of which are constantly changing at a rapid pace.

Training employees on security proactively (and frequently) can go a long way in mitigating these threats. In order to train them, both security administrators and rank-and-file employees need to be exposed to authentic scenarios that mimic real life. A mere PowerPoint training or a few videos will not suffice.

This is where cyber ranges come into play.

With the likes of the Defense Information Systems Agency (DISA) taking the lead on cyber range initiatives, other institutions, including enterprises, are following suit.

So, What Is A Cyber Range?

The best way to describe it would be to compare it to a training range used to expose pilots to a variety of real-world scenarios that would allow them to be calm and in control when something happens in real life. There are good write-ups on this from National Institute of Standard and Technology (NIST). A recent incident where a Southwest Airlines plane landed safely despite one of the engines catching fire was attributed to several training scenarios the pilot had undergone during simulations that mimicked engine failure. So, when the incident really happened, the pilot knew what to do and didn’t panic. A gun range where police officers can perform target practice in a controlled manner is another example.

Applying these concepts back to the principles of cybersecurity, a cyber range allows an authentic IT environment to be spun-up that can mimic the real-world production environment. Such an environment can now be exposed to employees, administrators and the like allowing them to be better trained to deal with security vulnerabilities and harden their security posture.

Cyber ranges warrant some degree of investment and are most suitable in larger organizations where the IT environment is complex. The U.S. armed services use cyber ranges as they allow them to replicate communication systems and encryption elements that cannot afford compromise whether in a battle scenario or during peacetime. For instance, accurately modeling communication subsystems of battleships, tankers, aircraft subsystems and the like to ensure they’re all incorporated as part of a training program can be a complex undertaking given proprietary protocols, performance requirements and stringent encryption elements.

Today, the other battlefield is in corporate institutions, with data as the prized asset and Fortune 1000 enterprises are prime for cyber range adoption.

So, here are top three reasons why enterprises should follow the best practices of defense institutions and have a cyber range as part of their arsenal:

1. IT Environments Are Becoming Increasingly Complex And Dynamic

With applications and control systems residing on-premise, in the cloud and across various devices, the nature of the IT environment is complex, distributed and ever-changing. Even though a significant portfolio of IT workloads are virtualized, there is enough physical infrastructure that needs to be represented as part of the environment. A cyber range can help mimic and prototype such complex environments in an authentic manner. In addition to training, they could also be extended into testing compliance, certifying infrastructure or applications.

2. Enterprises Need To Promote Better Security Hygiene And Training To Minimize Internal Incidents

Cybersecurity threats simply boil down to better security hygiene. Training imparted in an authentic but controlled environment can prove beneficial to security administrators to deal with untoward situations as well as employees who may inadvertently cause incidents to occur.

3. Security Training Needs To Be Adaptable And Inexpensive

While it would be ideal to set up complex environments to mimic real-world scenarios, these can be prohibitively expensive and time-consuming to set up and tear down. Customization can also be an overhead. Cyber ranges with inbuilt automation and orchestration mechanisms can quickly spin up complex environments, and when the appropriate testing is done, the environment can be spun down quickly. This allows for efficient consumption of resources. Physical resources can be released back into the pool, and virtual machines will not incur the cost if they are spun down in a timely manner.


While video and PowerPoint-based training can certainly keep security top of mind, enterprises with more complex environments, sensitive data assets and complex security requirements would do well do build cyber ranges. A good cyber range should be able to handle all types of infrastructure (physical or virtual), be able to model elements that are representative of the security environment in that organization, allow for standardization and reusability of these environment templates, and be efficient in terms of cost and resource utilization.

Source: forbes.com

Bạn cũng có thể quan tâm

4 tháng 6, 2024
Bộ định tuyến chơi game TP-Link Archer C5400X dễ mắc phải các lỗi bảo mật có thể cho phép kẻ tấn công từ xa, không được xác thực thực thi các lệnh trên thiết bị.
3 tháng 6, 2024
Ngày 27 tháng 5 Check Point đã cảnh báo rằng các tác nhân đe dọa đang nhắm mục tiêu vào các thiết bị VPN truy cập từ xa của Check Point trong một chiến dịch đang diễn ra nhằm xâm phạm mạng doanh nghiệp.
31 tháng 5, 2024
Công ty quản lý đơn thuốc Sav-Rx cảnh báo hơn 2,8 triệu cá nhân ở Hoa Kỳ việc họ đã bị vi phạm dữ liệu và dữ liệu cá nhân của họ đã bị đánh cắp trong một cuộc tấn công mạng năm 2023.
Thêm bài viết
Share by: