What Is Cyber Range Training?

By Dr. Edward Amoroso, TAG Cyber

Cyber range training has become an important component of the learning ecosystem for security operations center (SOC) practitioners and teams. This article explains the basic elements of cyber range training in the context of the commercial Cloud Range offering.

Any observer of threats to the modern enterprise will agree that a learning program for security is essential across virtually all aspects of an organization. Great attention, for example, has been placed on providing security-related awareness and training to employees and executives. This makes perfect sense given the risk that emerges when a human being makes a bad decision about cybersecurity.

As one might expect, a different sort of security training is required for expert practitioners who are tasked with setting up, managing, and administering the cyber protection controls of an enterprise. Such training is less about providing tutorial awareness of the basics and more about preparing staff and teams to handle tough and unexpected situations. The situation is somewhat analogous to airplane pilot training, which tends to focus on unusual or even dangerous conditions.

In most environments, expert security training is required most intensely in the “nervous system” of enterprise protection architectures – namely, the security operations center (SOC). It is here that most organizations ingest their critical security data, analyze that data for evidence of anomalies or compromise, and generate actionable guidance for management to either prevent, detect, or respond to attacks.

Requirements for Cyber Range Training

The selection of a suitable cyber range training partner demands that the right set of functional requirements be considered when comparing commercial offerings. Below we list 10 requirements to consider during source selection. These are offered as a starting point rather than as a complete list suitable for every environment. Teams should tailor the list below to match up with local conditions and constraints:

1. Simulations – Live-fire, real-world cyberattacks for teams must be a primary component of any range offering.

2. Response – IT and OT incident response (IR), or blue team, training is essential to ensure coverage across all aspects of an enterprise.

3. Exercises – Red team vs. blue team training, purple team training, and capture the flag exercises are also essential to practice both executing and defending against attacks.

4. Attack Scenarios – It’s vital to have a library of different cyberattack scenarios that can be tailored to the team’s experience and maturity levels.

5. Measurement – There should be a way to track personal and team progress during the learning process. These metrics will also help in setting goals and analyzing cyber risk.

6. Skills – Self-learning and skills development are essential aspects of the overall range solution. 

7. Certification – Range offerings must include effective means to prepare for and support any required certifications.

8. Assessments – It is important to include aptitude, skills, and role-based cyber assessments for new and recruited staff to determine their capabilities and create learning paths.

9. Mapping – The range offering should include means to map offensive simulations to applicable frameworks, including the MITRE ATT&CK Framework and NICE Workforce Framework for Cybersecurity.

10. Testing – It is essential that the simulated cyber range can be customized as needed to allow for testing of new technologies and environments.

Blog Series on Cyber Range Training

In this blog series, TAG Cyber Analysts explain why cyber range training is now mandatory for SOC teams. Rationale is based on hundreds of enterprise teams using cyber range training to improve their SOC. The topics we will address are:      

1. How cyber range training prepares teams for the next attack

2. How cyber range training optimizes hiring and retention

3. How cyber range training makes life easier for SOC managers

4. How cyber range training offers an accurate measure of cyber risk

5. How cyber range training improves soft skills

Each of these benefits alone serves as a valuable rationale for engaging the SOC in routine and ongoing cyber range training. Together, these benefits demonstrate that cyber range training is imperative to optimize SOC effectiveness. In short, cyber ranges are no longer a luxury but have instead emerged as a necessity — especially now that commercial solutions such as from Cloud Range are readily available.

Stay tuned for the next blog in two weeks!

Contact Cloud Range to learn more about live-fire cyber range training.

About TAG Cyber 

TAG Cyber is a trusted cyber security research analyst firm, providing unbiased industry insights and recommendations to security solution providers and Fortune 500 enterprises. Founded in 2016 by Dr. Edward Amoroso, former SVP/CSO of AT&T, the company bucks the trend of pay-for-play research by offering in-depth insights, market analysis, consulting, and personalized content based on thousands of engagements with clients and non-clients alike—all from a practitioner’s perspective. 

Copyright © 2023 TAG Cyber LLC. This report may not be reproduced, distributed, or shared without TAG Cyber’s written permission. The material in this report is comprised of the opinions of the TAG Cyber analysts and is not to be interpreted as consisting of factual assertions. All warranties regarding the correctness, usefulness, accuracy, or completeness of this report are disclaimed herein.