5 Ways Security Leaders Are Using Cyber Ranges and Simulation to Improve Security Posture

Many people are all too familiar with the cyber skills shortage. Security leaders are painfully aware of it. There are simply not enough qualified, experienced people out there. Period. 

So, how do you, as a security leader, overcome this grave situation? 

It’s time to grow the team you need. The good news is that cyber ranges and simulation can be used for multiple purposes that will help you identify the right team members and train them into an elite group of cyber defenders that work well together to improve your security posture.

Cloud Range works with top enterprise security leaders around the world to solve this problem. Here are 5 impactful ways they use cyber ranges and simulation to improve their teams and reduce cyber risk for their organization. 

1. Individual Skills Development

The security operations center, or SOC team, is the last line of defense. That means people are actually the most valuable tool in your security stack.

Security leaders typically think of technology most of the time, but the people are the biggest investment you have. It’s important to nurture them – just as you have to nurture rule sets in your tools.

That typically starts with individual skills development – the tutorial-based training labs, challenge labs, and skills assessments that help people learn and grow in their professions. Skills development modules help ensure each person is well-versed on the knowledge, skills, and abilities (KSAs) associated with their current work role. That’s why every one of Cloud Range’s 1,500+ FlexLabs™ are mapped to the Workforce Framework for Cybersecurity NICE framework. 

Skills development labs have realistic environments and exercises, and they give security team members practical, hands-on experience in completing different tasks. Custom learning paths can be created to ensure security professionals take the proper steps to move into new roles and move up through the ranks of their organization.

2. Team Live-Fire Training 

I regularly hear from security leaders about how they see their teams’ experience levels and capabilities measurably jump up through true-to-life, live-fire training in the cyber range. A cyber range is not a video game, but a replica of a real environment with VMs, lots of segments, and actual licensed security tools. It is a hyper-realistic, virtual setting where teams can safely practice detecting and responding to cyberattacks as if they were really happening. That gives teams situational awareness and muscle memory – they understand what they’re looking for, and will be prepared with what to do when an attack actually happens. 

In addition to technical proficiency, team training also helps with soft skills. Cloud Range helps teams improve communication, collaboration, creativity, and more through our live-fire team training simulation exercises. 

Those soft skills have, historically, been the weakest link in the security chain. Team members may have amazing technical abilities, but during an incident, if they don't know how to work with each other and explain what is needed, it will hurt their detection and response time. 

Now, soft skills are part of what we track and analyze in the range, in addition to technical skills and performance. We have regular meetings with security leaders where we show the various metrics and go through our analyses. These mission debriefs also include our recommendations for how to fill gaps (which may include the skills development labs mentioned above) and what cyberattack scenarios a team should do next so everyone is challenged in new ways. The end result is that security leaders have a better understanding of their team, a plan for continued improvement, and metrics that can be shown to the board (and understood by the board!).

Here’s the thing – if somebody needs five years of experience to do something in cybersecurity, you can't wait five years for them to get that experience. You have to give it to them. The only way to do that is through accelerated simulation. It’s critical for organizations to proactively prepare by immersing their teams in simulated cyberattacks. And with today’s threat landscape, it cannot be a one-and-done training session – it needs to be an ongoing program. That not only helps SOC and IR teams improve, but it also helps reduce the risk for the entire organization.  

3. Hiring and Learning Plans

The cyber range can help with more than training. It provides different assessments that facilitate hiring and improve retention.

For example, a cognitive assessment can help people determine what cybersecurity role they are best suited for and get them started on a cybersecurity career. One reason for the industry’s skills gap challenge is that there are not enough people entering the cybersecurity workforce. When young people are determining what careers to pursue, if they think of cybersecurity, they tend to only think of hacking. That’s what they see in the movies. That may excite some people, even if they don’t have the skills for it, or it may turn some people away, even if they would be a great fit for a different cybersecurity role. We need to make cybersecurity more accessible.

There are 52 work roles in the NICE framework, and they each use different parts of the brain. An assessment like the RightTrak™ Cyber Aptitude Assessment can be given to people of any age. It has 14 different cognitive exercises – such as pattern recognition and spatial reasoning – that have nothing to do with cybersecurity. But the results map each person’s innate strengths to cybersecurity and where they may fit in terms of offensive operations, defensive operations, design and development, or analysis and forensics. The final report also outlines the person’s best-fit cyber work role and includes a learning path so they know exactly what they need to do. Managers use that kind of assessment to find the top candidates for a work role – whether they’re a new hire or someone moving into a new department.

Another dilemma in cybersecurity is the need to see beyond a resume or certification. They don’t tell the whole story. An assessment like the FastTrak™ Candidate Assessment uses the cyber range to put someone through a simulation of what their actual job would be. For example, if the hiring manager is finalizing candidates for a SOC analyst, a candidate would log-in and see all the tools, the SIEM, the network, the live alerts, the thousands of events per second – everything that would be part of their role. Then they are measured on how quickly they perform tasks and how they decide what they need to do. The results of the assessment show the hiring manager their actual knowledge, skills, and abilities (instead of only relying on what their resume said). 

Because these assessments are based on performance and metrics, they help organizations develop more diversity and inclusion in their hiring practices. Plus, they help supervisors know what kind of training new hires need, where there are any gaps in knowledge, and how to best set them up for success in their new role. When security leaders are effective in onboarding and build training programs for their team members to move up the career ladder, it leads to retention.

4. Enhanced Tabletop Exercises

Tabletop exercises typically start with an outline of what already has happened, and then organizations have to decide how to respond. Using a cyber range can provide the prequel to that – it can pull in what's happening in the SOC. 

What are those alerts? Where are they coming from? How does an attack get in undetected? How does it get investigated? How does the SOC team work together to ensure the quickest detection and response time? Then once the SOC team has gathered more information about the attack and is ready to bring in other people for decision-making, it can merge into a more traditional tabletop discussion. But now there is more information, and it is based on real data. 

These Tabletop 2.0™ next-generation exercises are more than hypothetical discussions or dusty playbooks. Hyper-realistic scenarios of cyber ranges incorporate the activity and drama of a real-life attack. They enable multiple areas of the company to be involved – just as they would be in a real incident, which improves communication and experience.

5. Test and Integration Lab

Cyber ranges can still be used as a sandbox. They allow for technology companies and startups to test their products in a real, secluded environment that includes real traffic, real attacks, real tools, and even competitors’ products. The cyber range can also be used to demonstrate products to potential customers so they can see it working in a live environment. For example, Cloud Range’s Range365™ is a dedicated cyber range that gives users the benefits of owning a custom cyber range without costly infrastructure and management. 

Overall, cyber ranges are extremely effective in improving your security posture. They are no longer a luxury – they are a necessity. Contact us to learn more about how to make the most of cyber ranges in your organization.

We discussed these 5 Ways to Use Cyber Ranges and Simulation to Improve Security Posture in depth in our recent webinar. Click the button below to watch!