Gartner hype cycles are known for highlighting technologies and solutions expected to evolve over time to change business and society. Cyber ranges are one technology that appears to have been stuck in a hype cycle, spinning endlessly in the chaos between the promises of in-depth realism and the realities of the million-dollar investments required to get them—and keep them—up and running.
It’s long been obvious there is a critical need for real-world breach training.
RangeForce originally developed its cyber range from the work done supporting NATO’s Cooperative Defense Center of Excellence used to simulate cyberattacks on military infrastructure. Our battle-tested cloud platform for business is delivering the same level of training capabilities at a fraction of the cost of NATO’s facility. Initially designed to be delivered on site using RangeForce’s expansive cyber siege library of pre-built exercises and run by our training experts, RangeForce’s blue team exercises have helped us stand above the crowd by being part of the only training platform to combine hands-on keyboard, real-world experiential learning with a cloud-hosted cyber range.
Then came Covid-19 and the remote SOC era, and with it, the ongoing cybersecurity challenges of a threat landscape that persists and has expanded.
Today’s enterprises need technical training solutions for SOC, IR, DevOps, Web App and other security teams that are increasingly interoperable and help teams collaborate not only in a virtual SOC, but across the organization from engineering to IT and beyond.
Detecting and responding to cyber threats and system vulnerabilities require practice. Ongoing, continually improved upon practice in cyber ranges prepares the security teams and the teams that support any threat response for the stress, panic, and communication barriers they will face during a real cyberattack. But legacy cyber ranges have only been affordable to the very largest organizations. According to the Financial Sector Sharing and Analysis Council, ranges cost $500,000 or more just to stand up. Each exercise then has to be planned and built, at a cost of $50,000 to $100,000 per exercise. That’s not something everyone can afford —and it explains why insurance companies, banks, and other financial institutions even tried banding together to share the costs. Sharing the burden across organizations may reduce the cost for any single organization. However, it doesn’t guarantee each organization will be training on familiar-to-them technology.
Operationally, some of these very costly ranges could do more than others. Some could add in security tools; others focused on a single vendor’s tools. Some created extensive networks and supported both blue and red team exercises, others created simple networks and supported only red team capture the flag games. All had limited lives as the cost of keeping the range running and expanding existing exercises was just too great for even the largest vendors.
With Battle Fortress, a cloud-based cyber range is now affordable and deploys in weeks vs. months. Pricing starts at just $100K with the capability to spin up exercises from a library of pre-built engagements. Battle Fortress comes with an extensive IT architecture, including popular security tools. This allows a Battle Fortress client to emulate their environment vs. a “standard” environment. Enterprises can also add their own tools with their own licenses. Team members can train in their roles. RangeForce’s scalable backend environment and the core underlying technologies needed to keep a virtual environment running live means exercises can be built for large groups, re-used and built upon. Post-exercise, teams can work out their process or playbook limitations, communications issues and areas for skills improvement - and immediately begin training with RangeForce’s cyber skills training platform all under a single platform.
Working on a cybersecurity team in which the participants know how to use their tools, have learned how to work together effectively and have reached a point where attacks are regularly stopped is going to be a brand new experience for most security professionals. We believe that organizations that make this type of environment the norm will win the battles for cyber readiness and retention and, ultimately, the war for cyber resilience. Click here to request a demo to see Battle Fortress in action.