In a world where it seems new cybersecurity tools are launched and released daily, it can be difficult to determine what will actually work in your – and your clients’ – specific security stack.
I was three years into running my MSP when COVID struck. At that time, I decided to make the company more cybersecurity centric, leaning more toward an MSSP. We built out our tech stack and felt we were ready to tackle anything, but were we? This question would linger over me for the next two years, and it wasn’t until I became more familiar with cyber ranges that I was able to lay those concerns to rest. In fact, I became so interested in cyber range platforms that I accepted a full time position as a senior product manager with a range provider in April of 2022.
So let me ask you: What if you had a way to replicate your production environment, install the security tool you’re vetting, and even throw a ransomware attack (or two) at it to see how it performs? Do you know how your SOC would truly react to a real-time attack, say zero-day or ransomware? If you follow both of these roads, they end at the same destination: a cyber range.
I admit, I didn’t truly understand the purpose of a cyber range when I first heard about them. I know I did not want or need another “gamified training platform,” but to my surprise, cyber ranges provide many more capabilities. I quickly learned the three main purposes of a cyber range for an MSP of any size:
- A platform for running LAEs (live action events such as capture the flag, red vs blue, king of the hill, etc.) in a virtual environment that mirrors my production environment.
- A platform for experimenting with and testing security products without exposing my production environment – stack validation.
- A platform to educate myself and my team on emerging threats and vulnerabilities, prior to crossing paths with them in the real world.
LAEs were something I was already familiar with, but had never had the opportunity to participate in. What I thought, and soon found out for sure, is that running these events regularly with my team would greatly increase our understanding of how these attacks took place and how we could prepare and defend against them. Running these LAEs in a simulation of our production environment makes these events more realistic and builds practical, hands-on experience. With a cyber range, our team can defend against a brute force attack or ransomware attack in real time, while defending using the tools they work with daily.
Stack validation is something we have questioned for as long as I can remember. You install the shiny new security software in your environment, wait for it to report some sort of suspicious activity and hope it will be able to perform the way it was intended. We spend time wondering if we set it up correctly or what will happen if a vulnerability slips through unrecognized. When we start looking at this from a bird's eye view, with thousands of assets being protected, this can become a very unsettling prospect. One of my favorite use cases for a cyber range is the ability to install one or a group of softwares to a replication of my production environment and deploy any vulnerability or attack to see how it responds. Not only can I verify that I am deploying the software correctly, but I can ensure that the software does exactly what I intend it to do — and before it hits production.
Continued education is always important, but it becomes critical in the ever-evolving landscape of cybersecurity. The methods and tactics used by cyber criminals change daily, maybe even hourly, and we see this all the time with vulnerabilities that become exposed. Think about how you and your team might handle the Apache Log4j vulnerability for the first time? Now, what if the first encounter with this vulnerability was within a confined cyber range where a split second decision doesn’t result in a compromised production environment? A cyber range gives you that freedom as well as providing hundreds of hours of content to keep your team on high alert and prepared to defend against anything that knocks on your door.
There is a quote by Benjamin Franklin that tells it best: “By failing to prepare, you are preparing to fail.” With the world of cybersecurity always, and more quickly evolving, not having a way to validate your stack, provide training and test organizational readiness will no longer suffice. From increased team competence to increased ROI for your customers and a lower loss avoidance, utilizing a cyber range has never been more important.