Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

5/26/2020
02:00 PM
Rocky Yuan
Rocky Yuan
Commentary
Connect Directly
Facebook
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

Benefits of a Cloud-Based, Automated Cyber Range

A cyber range is an irreplaceable tool that allows cybersecurity professionals to improve their response capabilities as well as their ability to identify risks.

Cyber ranges — that is, virtual environments — are an ideal tool for testing and validating the cybersecurity posture of systems and software as well as for training cyber defenders with the latest knowledge on cybersecurity tactics. Ranges help defenders improve their cybersecurity skills with real-time practice on a safe version of their own critical IT systems. They help organizations select, integrate, and test new products and approaches without disrupting operations. For the past two years, I've been working on a cyber-range capability for increased cyber resiliency and decreased operational risk.

Technical Challenges of Cyber-Range Implementation
The first challenge I encountered while planning for the architecture of a physical range is the overwhelming investment cost in hardware and infrastructure. The computing power required for hosting a full suite of operating systems, network, and appliances typically translates to racks full of hardware equipment in order to support the types of testing and training environment necessary for enterprise-level missions. 

Another challenge is the speed to sanitize the range in-between different scenarios. This typically requires long cycle times and lengthy delays in-between scenarios, especially when tearing down and rebuilding the same infrastructure.

Finally, there are challenges when it comes to the speed and the agility to design and deploy specific environments for different customer missions. A significant amount of time can be spent to reconfigure an environment to satisfy a specific, different mission.

I began to explore ways to improve efficiency and agility as well as to save costs by looking at new technology and methodology that can be applied to developing cyber ranges. 

Cyber Ranges Going to the Cloud
The world is going to the cloud, and so can cyber ranges. The cloud provides a flexible, reconfigurable, and elastic computing infrastructure at affordable prices. Cloud-based ranges provide a safe, controlled, and isolated environment and can scale in size based on mission scenarios. You pay as you go based on the capacity you need.

In the cloud, there are easily accessible APIs that allow you to "spin up" and "spin down" virtual hosts, switches, and routers on the fly, instead of having to fidget with physical network cables and switches. It's also easy to leverage the standard images already available in cloud-based marketplaces to quickly find the operating systems and applications you need for each different use case.

More importantly, the cloud approach saves months, if not more, in time otherwise required in the acquisition, design, building, and testing of the computing and networking hardware, not to mention the time, effort, and costs required to maintain the "server farm."

Model-Based Range Operations
Integrating model-based systems engineering (MBSE) into cybersecurity further accelerates cyber-range development and deployment. Applying an MBSE approach enables early validation of its design, visualization of the business processes, assessment of complex network topologies, refinement of requirements, and configuration management of complex environments.

One of the key benefits of utilizing an MBSE integrated range is the ability to rapidly prototype and adjust the architecture of the range you are attempting to build. By leveraging the system modeling technique, you are able to model the range architecture in advance, share that model with key stakeholders to eliminate potential errors, and integrate the necessary changes far in advance of actual implementation.

Another benefit is the ability to build a library of design patterns over time. These patterns are reusable and can be adapted to new requirements as needed, without having to start from scratch. For example, it's easy to remove the Windows domain controller from one of our scenarios and drag in a cluster of Linux-based hosts instead, with just a few clicks of the mouse. This allows us to dramatically reduce the cycle time for each customer, mission, and individual operation.

Finally, by fully leveraging advanced scripting and automation features of an MBSE tool set, a range architecture can be automatically deployed to an actual range environment in the cloud with the click of a button. I've heavily leveraged open source Ansible scripts that are widely available for AWS and VMware to significantly improve the degree of automation in range deployment.

Automation Proves Value Over Time
I've compiled an analysis on how much time can be saved by using automation scripts for cloud deployment and it shows a stunning 5,500% time reduction (chart below). By reusing pre-existing models and leveraging automation, the potential savings every time the range is torn down and rebuilt is astounding. If you haven't looked into automation platforms such as Ansible, Chef, or Puppet, it's definitely worth seeing how much time you can save.

By streamlining cyber-range operations, cybersecurity experts can focus resources in the areas that count, including integration of threat intelligence to arm us with the methods, tools, and the most likely attack profile an attacker would employ. At BAE Systems, our blue team has learned invaluable lessons defending against a real-world attacker by determining reliable indicators and warnings, and developing new ways to discover and eliminate the threat.

A cyber range is an irreplaceable tool that allows cybersecurity professionals to improve their response capabilities as well as their ability to identify risks. Agile, automated, and affordable cyber ranges are the future of cybersecurity training and testing to meet ever-evolving customer missions and to protect our national security.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "The Entertainment Biz Is Changing, but the Cybersecurity Script Is One We've Read Before."

 

As a Cybersecurity Engineer, Rocky Yuan has been working on an efficient and automated Cyber Range solution to help train next-gen cyber defenders. Ask Rocky about anything related to cyber, certifications, penetration testing, and SOC/SIEMs. He currently works for BAE ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
donwpoole
50%
50%
donwpoole,
User Rank: Apprentice
5/28/2020 | 5:57:46 PM
Benefits of a Cloud-Based, Automated Cyber Range
Rocky is right on target. ORock Technologies offers a Cyber-Range capability in our open source cloud which runs Ansible natively. Many of our enterprise customers are looking for this sort of solution that does note include consulting or managed services costs. Just the environment for thier teams to test apps on the cyber range before moving them on prem or to their permanent Cloud environments.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15208
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
CVE-2020-15209
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
CVE-2020-15210
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
CVE-2020-15211
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
CVE-2020-15212
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...