RangeForce Blog | Cybersecurity training for teams

Why Choose Combined eLearning with Cyber Range Training Platform

Written by Will Munroe | Aug 17, 2020 9:25:02 PM

RangeForce is a unique training platform because it combines an eLearning environment with a cloud-hosted Cyber Range. The hands-on portions of our training modules occur in the cyber range, as do our individual and team security challenges. These exercises deliver objective assessments of individual skills and a team’s ability to communicate and coordinate activities during a cyberattack crisis.

What do these challenges look like?

Individual Challenges 

Individual challenges assess the skills of the learner after they have completed a series of training modules. The challenges cover the subjects learned, including the use of tools, understanding of vulnerabilities, and the ability to recognize and defend against an attack. 

Here are a few examples:

SOC Challenge Bulkhead: This challenge is focused on log monitoring and the mitigation of malicious behavior using the IDS/IPS tool Suricata. In this challenge, the learner uses Suricata to identify malicious traffic and secure an actual transactional website that is under attack.

SOC Challenge Kernel Exploit: Learn to weaponize the iconic “Dirty Cow” exploit. While pen testing a client’s network, you pivot to an older server that seems largely unused. The configuration appears okay, but to be thorough, you want to get to the root. From there, things start to get interesting.

SOC Challenge Back Door: As an IT engineer at a small company, you are alerted that one of your servers is acting strangely. A user continuously logs in via SSH somehow and creates files in the root directory. Find out how this hacker is getting in and close the security hole.

SOC Challenge Grass Hopper: Post security breach, you are tasked with assessing the security of the company servers. Using Nmap, it should not take long to find problems; SNMP misconfigurations and lateral movement start you on your path.

 
Team Challenges — known as CyberSieges

Team challenges or CyberSieges are large-scale blue team exercises to test the ability of a security team as they work together under a high-stress environment. CyberSieges are complex multi-stage cyberattacks that teams must detect, contain, and defeat. The sieges do not end until a team has patch and updates applications and closed backdoors to lock out the attack. If not done correctly, the attack will start again. The value of completing a CyberSiege lies in the surfacing of weak processes and communications points in the incident response process. Issues surfaced may include what data is shared with whom, how it is shared, and in what order. Teams can learn how feedback from system and application control owners moves back down the incident response process (something most teams have never thought of, let alone practiced), and where critical information collected about the attack resides, as well as who has access to it, and how it is used. Even highly skilled security professionals will struggle in their first CyberSiege exercise as they uncover gaps in their processes. 

RangeForce customers typically undertake one or two CyberSiege exercises per year. Because it is a cloud-hosted cyber range, it can be easily completed by remote teams. RangeForce also has a library of pre-built exercises that are easy to implement. 

 
 

The CyberSiege pits learners against simulated cyber attacks in RangeForce’s cloud-based Cyber Range

 

Here are some examples.

Siege of Banania (7-hour blue team exercise) – You are defenders of a country’s e-society. A nation-state has you in its sites. Suddenly, your world falls apart as XSS, shellshock, rootkits, and backdoors come from every direction. Can you save your society?

Enterprise Defence (8-hour blue team exercise) – As a top security team from a global 100 company, you are the best in the business. Suddenly, targeted attacks against emulated network users and websites lead to the compromise of your entire infrastructure. Let your team’s talent shine as you work to detect and block attacks, remove footholds from Windows systems, stop privileged escalations, and lateral movements before your critical data is lost.

API Bleed (6-hour blue team exercise) Your team is tasked to defend the critical infrastructure of your county. You cannot let services go down. You must keep communications up and running. The opposition has different ideas.  As vulnerable code is revealed and network compromises discovered, things become critical. You must contain the attacks, protect the network, and close backdoors before the enemy shuts you down.

RangeForce currently offers eight different CyberSiege blue team exercises. These can be customized to meet the specific needs of our clients, and they can all be re-used. There are currently over 30 individual challenges that match up with our 120 different training module groupings. 

Most importantly, training alone, without assessments and the resulting metrics will never give a security manager the tools he or she needs to improve the skills and operations of their teams. By integrating training with a fully operational cyber range, RangeForce delivers a highly effective platform to upskill individuals and improve the operational capabilities of the entire team.