Upskilling Cyber Defenders Requires a Readiness Environment
The cybersecurity threat landscape never stands still. New threats and threat actors appear all the time. They are highly trained, well-funded, and leverage the newest tools to pursue some form of cybercrime — extortion, terrorism, data theft, the list goes on.
To defend against the endless wave of threats, cybersecurity professionals need to upskill constantly so they can keep up with criminals’ evolving tactics. One of the best ways to gain cybersecurity readiness is to conduct hands-on, interactive exercises using real IT infrastructure, tools, and attack scenarios.
Controlled Setting for Skills Development
This can be accomplished using an environment that is secure, controlled and isolated from all development and production infrastructures, ensuring that the users of the emulated network (sometimes referred to as a cyber range) cannot compromise working systems, networks, or corporate data.
A cyber readiness platform can be entirely hardware-based, built around a server or cluster of servers, and may require the installation of client-side software. However, this traditional approach is disappearing fast as it is difficult to scale and more expensive compared to flexible, cloud-based, virtualization models.
An advanced skills development and readiness platform typically is made up of a simulated enterprise network including endpoints, servers, databases, routers, and internal and external traffic.
In this closed world, users can perform a host of activities, such as learning new tools, testing different configurations of these tools, and understanding and responding to real-world threats.
The most sophisticated environments include gamification. This enhances user participation, while improving knowledge absorption and retention.
Finally, cyber readiness environments often contain a variety of reporting and metrics tools, which make it easy for security administrators to monitor and assess users’ performance over time.
Benefits of Cyber Readiness Training
A strong and flexible environment delivers numerous benefits to individuals and teams, and to the organization as a whole.
On the individual level, security professionals can improve their skills, gain certifications, and boost their prospects for promotion and career advancement inside or outside their current organization.
Teams are beneficiaries, also. Predictably, blue teams and red teams can use a cyber readiness environment to upskill in their current respective practices, but they can use it to step out of the box — to see both sides of the threat. This allows pen testers and defenders to become more rounded professionals, better able to analyze and prevent threats in real-time, and develop innovative strategies and tactics for securing the organization.
Security executives, meanwhile, benefit by having better trained and informed staff, many of whom are cross-trained; and knowing that their security controls and policies are well understood and implemented.
Core Elements of a Cyber Readiness Environment
Private or Public Cloud?
A private cloud is inexpensive since it can be built using one or two repurposed servers, and loaded with open source tools. However, the downside is the expertise and time required to run such an environment.
Hosting the environment in the public cloud is easy and scalable. Another big advantage is that public clouds generally come with built-in segregation between tenants. Plus, the pay as-you-go model means little upfront cost. The main disadvantage is that costs can spiral quickly.
While most open source tools are free, not all are, and some have licensing restrictions. For most organizations, licensing concerns arise when they want to use existing licensed vendor products in a non-production or non-development environment. The answer generally lies in the business agreement.
When possible, maintenance should be minimized. The best way to do this is by planning the usage and connectivity of the cyber readiness environment from the get-go. Basic issues to consider: how to get simple and complex data in and out of the environment; and how to extract log files, machine images, memory images, and crash files.
Documentation is Key
Documentation is like gold; you can never have too much of it. Regardless of the environment, it is vital to have a repository of documents that records actions and scripts, and offers insights into them. Each product should have a snapshot and reset functionality to ensure users can always return to a known good state after doing some malware analysis.
To future-proof their investment in a cyber readiness environment, an organization should implement automated provisioning and deployment tools, which have improved tremendously over the past few years — and hold the promise of redefining emulation capabilities. Some of these tools can load in a fraction of a second, compared to 30 seconds or more just a few years ago.
To sharpen and learn cybersecurity skills, security professionals need to ‘play’ in a safe, yet stimulating place that provides hands-on, interactive upskilling. Experience proves that the best place is in a purpose-built cyber skills readiness environment.