The RangeForce founders met while working on a project to build out a Cyber Range and cyberattack simulations for the NATO Cooperative Cyber Defense Center of Excellence (CCDCOE).
The NATO Cyber Range created a safe “red team/blue team” space to recreate realistic attacks so that detection and containment operations would improve. Member countries are invited to take part in these simulated attacks to help train their cyber defenders.
Three people working on the project were Taavi Must, Margus Enrits, and Jaanus Kink – the three founders of RangeForce. Margus, a long-time cybersecurity expert, saw the immediate value of creating a hands-on training environment for cyber defenders. Much like pilots train for emergencies in flight simulators, a cyber range creates a real-world simulation of an attack in which defenders must use their defensive security tools in an operational environment to detect and contain the attack. It is one thing to read training manuals and threat intelligence reports, but it is an entirely different, highly stressful and confusing world, to actually be attacked and be forced to defend.
But Margus realized that what NATO can create with its resources, a university or business could not. The hardware was expensive to purchase and operate. The scenarios took weeks to design, program, and orchestrate, and every type of business has a different network and it would be difficult to create hundreds of different environments.
How can you create a complex, affordable, scalable and relevant cyber range and all the operational training experience that come with it, for commercial businesses and universities? Margus, a lecturer at IT College at the time, realized another issue – NATO cyber experts are well trained and highly skilled. That is not the case in the university or business world. The ultimate solution would need to be more than a cyber range and attack scenarios, it would need to include cyber training to be complete.
So Margus took the idea to school at IT College. He sketched out and built the foundations for an integrated, interactive training and cyber range solution. He built the initial attack scenarios and training modules and then tested them at a student competition. The students loved the hands-on learning and showed better retention of even the more complex cybersecurity operations.
That is when Margus reached back out to Taavi and Jaanus with his preliminary architecture and a path to developing what is truly anext-generation training solution. In 2015, the three founded RangeForce, and 4 years later the company has grown to over 50 people, hundreds of training modules and cyber exercises, but the founding design principles of the solution remain the same.
To truly learn how to defend against a cyberattack, defenders must work in a realistic and hands-on environment.
The training modules must stay up-to-date, covering the latest attack methodologies and exploited vulnerabilities.
The student must be engaged in training and hands-on (command line level hands-on) practice sessions all on a single UI and the UI must include the security tools the student will work in.
The learning must be interactive and gamified to keep the student’s attention, and available whenever the student wants to learn.
The learning must be punctuated by cyber siege exercises to test the student’s individual skill, and test the team’s overall skill.
The entire environment must be fast and responsive, easy to deploy and manage.
If you cannot measure it, you cannot get better – so there must be a way to measure each student’s strengths, weaknesses, and progress.