A robust cyber security training platform, or cyber range, is the foundation of the burgeoning cyber workforce. The world is seeing record demand for cyber security professionals, which is expected to reach 3.5 million unfilled positions worldwide by 2021. And while at first blush this figure may seem bloated, a cursory search shows otherwise: According to CyberSeek, there are currently over 300,000 unfilled cyber security positions in the US. ComputerWeekly projects that gap at 350,000 workers in Europe by 2022. And when it comes to unfilled positions in India and the rest of APAC, vacancies easily cross the two million mark.
Closing the Skills Gap with Hands-On Cyber Security Training Platforms
The shortage in the number of cyber security professionals is only part of the story. The other part has to do with a global training crisis, and how well qualified cyber security candidates are for the job they’re applying for.
Multiple research studies performed by professional organization such as SANS, ISSA and ISACA, have all shown that both organizations and practicing professionals see much room for improvement in their cyber security skills.
Cyber security is a skills-based occupation—the more you practice, the better you get. The more incidents you respond to, the more effective you become. And while theoretical knowledge is essential to understanding the basics of how networks, operating systems and security tools work, without practical, hands-on experience, a SOC analyst will be slow to detect a breach, investigate and foil it. And that is where a cyber range comes in.
What is a Cyber Security Training Platform?
A cyber security training platform, known as a cyber range, is a training platform that aims to provide a realistic simulation of cyber attacks in an environment that mirrors a real-life network and security operations center. Much like a shooting range, a cyber range lets cybersecurity practitioners hone their skills in a safe, self-contained environment—without jeopardizing anyone’s data or network. A cyber range is made up of the following components:
- Virtualized network – Mimicking all the complexities of a real network, including numerous nodes, switches, bridges, databases, servers, and end-user devices, and even a simulation of the public internet.
- Attack engine – Launching different kinds of cyber attacks into the virtualized network, in an automated and repeatable manner, the attack engine simulates attacks scenarios such as DDoS, ransomware, phishing, data exfiltration, and web defacement, among others. (In penetration-testing training scenarios, the trainee attempts to infiltrate the virtualized network, instead of it being automatically generated by an attack engine.)
- Traffic generator – Mimicking the benign traffic and ‘noise’ of a normal enterprise network, this component produces email and web browsing traffic
- A virtual SOC – Provides trainees the tools they need to detect, investigate and respond to cyber attacks.
Figure 1: A Cyber Range Simulation Platform
Cyber Security Training Platform (Range) – A definitive checklist
How can you tell if a prospective solution is a real cyber security training platform or just a wannabe cyber range?
Here’s a definitive list of what you should be checking for:
- Virtualized network
- Virtualized SOC
- Attack engine
- Traffic generator
- Strong training capabilities – Training environment with training recording, playback, debriefing, performance scoring, automatic feedback and evaluation for trainees
- Red team Blue team and war game training
- Scenario and network customization capabilities
- ICS/SCADA support
What kind of attack scenarios does a cyber security training platform simulate?
- Basic & Advanced attack scenarios for SOC analysts
- Attack scenarios for ICS/SCADA
- Red scenarios for penetration tests
What roles can one train for on a cyber security training platform (Range)?
- Incident Responder
- Security Analyst
- Forensics Expert
- Penetration Tester
- Malware Analyst
- Firewall Administrator
- OT Security Manager