CONFERENCE NOW LIVE: Threat Detection & Incident Response (TDIR) Summit - Join the Event In-Progress
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Training & Awareness

Upskilling Cyber Defenders Requires a Readiness Environment

The cybersecurity threat landscape never stands still.  New threats and threat actors appear all the time. They are highly trained, well-funded, and leverage the newest tools to pursue some form of cybercrime — extortion, terrorism, data theft, the list goes on. 

The cybersecurity threat landscape never stands still.  New threats and threat actors appear all the time. They are highly trained, well-funded, and leverage the newest tools to pursue some form of cybercrime — extortion, terrorism, data theft, the list goes on. 

To defend against the endless wave of threats, cybersecurity professionals need to upskill constantly so they can keep up with criminals’ evolving tactics. One of the best ways to gain cybersecurity readiness is to conduct hands-on, interactive exercises using real IT infrastructure, tools, and attack scenarios.

Controlled Setting for Skills Development

This can be accomplished using an environment that is secure, controlled and isolated from all development and production infrastructures, ensuring that the users of the emulated network (sometimes referred to as a cyber range) cannot compromise working systems, networks, or corporate data.

A cyber readiness platform can be entirely hardware-based, built around a server or cluster of servers, and may require the installation of client-side software. However, this traditional approach is disappearing fast as it is difficult to scale and more expensive compared to flexible, cloud-based, virtualization models.

An advanced skills development and readiness platform typically is made up of a simulated enterprise network including endpoints, servers, databases, routers, and internal and external traffic.

In this closed world, users can perform a host of activities, such as learning new tools, testing different configurations of these tools, and understanding and responding to real-world threats. 

The most sophisticated environments include gamification. This enhances user participation, while improving knowledge absorption and retention. 

Advertisement. Scroll to continue reading.

Finally, cyber readiness environments often contain a variety of reporting and metrics tools, which make it easy for security administrators to monitor and assess users’ performance over time. 

Benefits of Cyber Readiness Training

A strong and flexible environment delivers numerous benefits to individuals and teams, and to the organization as a whole.

On the individual level, security professionals can improve their skills, gain certifications, and boost their prospects for promotion and career advancement inside or outside their current organization.

Teams are beneficiaries, also. Predictably, blue teams and red teams can use a cyber readiness environment to upskill in their current respective practices, but they can use it to step out of the box — to see both sides of the threat. This allows pen testers and defenders to become more rounded professionals, better able to analyze and prevent threats in real-time, and develop innovative strategies and tactics for securing the organization.

Security executives, meanwhile, benefit by having better trained and informed staff, many of whom are cross-trained; and knowing that their security controls and policies are well understood and implemented. 

Core Elements of a Cyber Readiness Environment

Private or Public Cloud?

A private cloud is inexpensive since it can be built using one or two repurposed servers, and loaded with open source tools. However, the downside is the expertise and time required to run such an environment.

Hosting the environment in the public cloud is easy and scalable. Another big advantage is that public clouds generally come with built-in segregation between tenants. Plus, the pay as-you-go model means little upfront cost. The main disadvantage is that costs can spiral quickly.

Licensing Issues

While most open source tools are free, not all are, and some have licensing restrictions. For most organizations, licensing concerns arise when they want to use existing licensed vendor products in a non-production or non-development environment. The answer generally lies in the business agreement.

Maintenance

When possible, maintenance should be minimized. The best way to do this is by planning the usage and connectivity of the cyber readiness environment from the get-go. Basic issues to consider: how to get simple and complex data in and out of the environment; and how to extract log files, machine images, memory images, and crash files.

Documentation is Key

Documentation is like gold; you can never have too much of it. Regardless of the environment, it is vital to have a repository of documents that records actions and scripts, and offers insights into them. Each product should have a snapshot and reset functionality to ensure users can always return to a known good state after doing some malware analysis.

Future-proofing

To future-proof their investment in a cyber readiness environment, an organization should implement automated provisioning and deployment tools, which have improved tremendously over the past few years — and hold the promise of redefining emulation capabilities. Some of these tools can load in a fraction of a second, compared to 30 seconds or more just a few years ago.

To sharpen and learn cybersecurity skills, security professionals need to ‘play’ in a safe, yet stimulating place that provides hands-on, interactive upskilling. Experience proves that the best place is in a purpose-built cyber skills readiness environment.

Written By

Jeff Orloff is Vice President of Products and Technical Services at RangeForce, a cybersecurity training company. He has over ten years of experience in cybersecurity, computer and network security and system administration. Prior to RangeForce, he was Director of Product Management and UX at COFENSE, a company specializing in email security, phishing detection and response. He also served as Technology Coordinator for the Palm Beach County Florida School District.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Jeremy Koppen has left Mandiant after 13 years to become the CISO of Equifax.

Engineering and technology solutions provider Amentum has appointed Max Shier as its CISO.

PAM provider Keeper Security has appointed Shane Barney as its Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.