Cyber Range Buyers Guide for Fortune 1000 Security Operations

Similar documents
Cyber Range Buyers Guide for Higher Education Select the right platform to prepare students for successful cybersecurity careers

MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT

How Can Indian Banks Comply with RBI cybersecurity Guidelines

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Cyber Range: Hands-on Academic Cybersecurity Degree Programs. White Paper.

BRING EXPERT TRAINING TO YOUR WORKPLACE.

EXPERT SERVICES FOR IoT CYBERSECURITY AND RISK MANAGEMENT. An Insight Cyber White Paper. Copyright Insight Cyber All rights reserved.

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Incident Response Services

RSA NetWitness Suite Respond in Minutes, Not Months

Managed Endpoint Defense

CYBER RESILIENCE & INCIDENT RESPONSE

Traditional Security Solutions Have Reached Their Limit

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

White Paper. How to Write an MSSP RFP

deep (i) the most advanced solution for managed security services

Building new cybersecurity pipelines. NICE Conference 2017 November 8, Strengthening Cyber Workforce Development sans.

Securing Your Digital Transformation

Security. Made Smarter.

BUILT TO STOP BREACHES. Cloud-Delivered Endpoint Protection

Cyber Security School

EC-Council Certified Incident Handler v2. Prepare to Handle and Respond to Security Incidents EC-COUNCIL CERTIFIED INCIDENT HANDLER 1

SIEM Solutions from McAfee

Security-as-a-Service: The Future of Security Management

RFP/RFI Questions for Managed Security Services. Sample MSSP RFP Template

to Enhance Your Cyber Security Needs

National Initiative for Cyber Education (NICE) and the Cybersecurity Workforce Framework: Attract and Retain the Best in InfoSec.

Continuous protection to reduce risk and maintain production availability

locuz.com SOC Services

Sage Data Security Services Directory

Staffing Services UnderDefense your source of experienced professionals to solve security staffing challenges today

SECURITY OPERATIONS CENTER BUY BUILD BUY. vs. Which Solution is Right for You?

SOLUTION BRIEF Virtual CISO

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Education Brochure. Education. Accelerate your path to business discovery. qlik.com

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Security Automation Best Practices

Cyberbit Range. A Global Success Story by CYBERBIT 2017 by CYBERBIT Proprietary CYBERBIT Proprietary

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

NEXT GENERATION SECURITY OPERATIONS CENTER

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

CYBER SECURITY TRAINING

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Strengthening Capacity in Cyber Talent sans.org/cybertalent

The Resilient Incident Response Platform

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Build Your Cybersecurity Team: Create a Strong Cybersecurity Workforce Using Best Practices in Development

How to Write an MSSP RFP. White Paper

Keeping Your SOCs Full. May 26, Strengthening Capacity in Cyber Talent sans.org/cybertalent

Secure Systems Administration and Engineering

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

Technical Review Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches

Your Challenge. Our Priority.

RSA INCIDENT RESPONSE SERVICES

Best Practices in Securing a Multicloud World

Cyber Analyst Academy. Closing the Cyber Security Skills Gap.

STUDENT LEARNING OUTCOMES Beacom College of Computer and Cyber Sciences

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

Integrated Access Management Solutions. Access Televentures

SECURITY AUTOMATION BEST PRACTICES. A Guide on Making Your Security Team Successful with Automation SECURITY AUTOMATION BEST PRACTICES - 1

Sustainable Security Operations

THE LIFE AND TIMES OF CYBERSECURITY PROFESSIONALS

ACHIEVING FIFTH GENERATION CYBER SECURITY

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

Kaspersky Industrial Cybersecurity Training Program

KNOWLEDGE GAPS: AI AND MACHINE LEARNING IN CYBERSECURITY. Perspectives from U.S. and Japanese IT Professionals

Professional Services for Cloud Management Solutions

Predictive Insight, Automation and Expertise Drive Added Value for Managed Services

Introducing Maryville University s CYBER SECURITY ONLINE PROGRAMS. Bachelor of Science in Cyber Security & Master of Science in Cyber Security

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

Information Technology

Cyber Security Program

Background FAST FACTS

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Information Security and Cyber Security

ForeScout Extended Module for Splunk

How NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity

CyberArk Privileged Threat Analytics

A Comprehensive Guide to Remote Managed IT Security for Higher Education

CyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships. from the most trusted name in information security

Securing Digital Transformation

Get more out of technology starting day one. ProDeploy Enterprise Suite

SECURITY AUTOMATION BEST PRACTICES. A Guide to Making Your Security Team Successful with Automation

NISTCSF.COM. NIST Cybersecurity Framework (NCSF) Workforce Development Solutions

Adversary Playbooks. An Approach to Disrupting Malicious Actors and Activity

Cyber Resilience. Think18. Felicity March IBM Corporation

Department of Management Services REQUEST FOR INFORMATION

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

Reducing the Cost of Incident Response

RSA INCIDENT RESPONSE SERVICES

PROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Transcription:

Cyber Range Buyers Guide for Fortune 1000 Security Operations Select the right training and simulation platform for your enterprise cyber range White Paper www.cyberbit.com sales@cyberbit.com

Table Of Contents Introduction 3 What Is a Cyber Range? 3 Cyber Range Checklist 4 Architecture 5 Essential Training Models 6 Beyond Training: Assessing Processes and Technologies 7 Benefits of Establishing an In-house Cyber Range 8 Create Tailored Courses for Your Enterprise 9 Cyberbit Range Training Experience 10 Facility & Staff Checklist 11 Build Your Enterprise Cyber Range with Cyberbit 12

Introduction The cyber skill shortage is quickly becoming one of the most serious threats facing the industry and your organization. The demand is far outpacing the supply and the resulting pressure is making it nearly impossible to hire the quantity and quality of security analysts you need. One of the most important parts of your cybersecurity strategy should be addressing the emerging skill gap threat. Establishing your own in-house cyber range training and simulation facility will allow you to onboard new SOC analysts faster, deliver ongoing advanced scenario training to your entire staff and offer challenging specialty courses in topics like advanced investigation training and forensics. In short, a cyber range can help you hire, qualify and retain a highly effective professional, SOC staff. What is a Cyber Range? A Cyber Range is a simulation platform for training information security professionals, assessing incident response processes, and testing new technologies. A cyber range recreates the experience of responding to a cyberattack by replicating the security operations center (SOC) environment, the organizational network and the attack itself. As a result, it enables hands-on training in a controlled and secure environment. The more realistic the simulation experience, the better a cyber range can prepare trainees to deal with real world incidents, and reduce the probability of a security breach happening on their watch. In a highly competitive hiring market, a cyber range can help you stand out, by offering candidates and team members hyper-realistic hands-on cybersecurity training experiences. A robust training platform should allow you to: Simplify Analyst Training: Deliver fast, effective onboarding training for new hires and ongoing skills training for experienced analysts. Create internal certification processes to track analysts progress over time and motivate them to continually strive for better training results. Evaluate Processes and Procedures: Use the cyber range simulation to examine how a change in a process or a procedure inside a your network can affect the enterprise security posture. Provide an Effective Testbed: Your cyber range is an exact model of your SOC environment and therefore can also be used as a dynamic security testbed for evaluating architecture and testing out new security products in a controlled environment. 3 Cyber Range Buyers Guide for Fortune 1000 Security Operations www.cyberbit.com

Cyber Range Checklist The success of your cyber range is built on technology. When evaluating platforms consider the following capabilities: Off-the-Shelf Content Just as a game console is useless without games, a cyber range platform should include, in addition to the simulation technology, a sufficient amount of content to support your curriculum. A library of cyberattack scenarios and courses in increasing levels of difficulty, will help you get started quickly, without the need for time-consuming curriculum development or programmers to code the scenarios. Content Creation Tools The cybersecurity landscape changes quickly. A user-friendly scenario builder will allow faculty to easily create new attack scenarios to challenge analysts without the need to write code. In-depth Scenario Documentation Clear and concise documentation for each scenario contributes to trainee success and reduces frustration. Thorough documentation also supports the onboarding of new instructors as your cybersecurity training grows. Instructor Feedback To be a truly valuable learning technology your cyber range should include session debriefing with a full video of the simulation session, real-time instructor commenting, multi-phase goal setting, and automated personal and team scoring for all relevant skills. Support for IT and OT Environments Protecting critical infrastructure Operational Technology (OT) networks is a growing need in sectors like finance, government and critical infrastructure. Your cyber range platform should be adaptable for a variety of network environments and attack types including both IT and ICS/SCADA environments. On-Premise or Cloud Deployment The range platform should be flexible and available as both on-premise and cloud-based deployments. If you opt for cloud-based, the vendor should offer end-to-end management and support. Easy Deployment and Implementation Avoid frustration and delays by getting a clear understanding of what the deployment process involves in terms of personnel, time and other resources. Automatic Scenario Emulator The cyber range should be able to automatically emulate benign traffic as well as complex attack sequences over the network. This allows any instructor to run simulation sessions, without needing to hire expensive external instructors. An automatic scenario emulator allows recurrent scenario emulation which can be measured and compared to in a reliable way. 4 Cyber Range Buyers Guide for Fortune 1000 Security Operations www.cyberbit.com

Architecture Most cyber training solutions involve a group of defenders (blue team), facing either a computer managed attack scenario or a human attackers team (red team). The simulation management application creates a simulated network with various security capabilities (and vulnerabilities) and a scenario emulator which will be responsible for creating both valid and malicious network streams. The threat generator creates various attack scenarios and the training operators follow the scenario from their own dashboard in order to monitor the training and in some cases, provide tips and assistance. A large enterprise needs the ability to set up a general training network that includes all deployed or planned security tools from multiple vendors. The range must also be customizable to mirror your organization s exact network and incorporate the security tools and traffic typical of your own network environment. Customizable Network, Traffic and Threats Blue Team Traffic Generator Simulated Networks Traffic Generator Red Team (optional) COMPLETE NETWORK SIMULATION Your cyber range should be able to support all SOC capabilities and threat vectors, to create a training environment that will precisely meet your organizational security needs and threat scenarios. 5 Cyber Range Buyers Guide for Fortune 1000 Security Operations www.cyberbit.com

Essential Training Models Your training simulation platform should provide the necessary content and features to train your organization s entire security and IT staff, regardless of skill level or role. It should provide a curriculum that trains in offensive and defensive techniques, and be scalable for large or small teams. Blue Team SOC and IR team members of any level learn to better detect, prevent and respond to cyber incidents, ensuring that when the real thing happens, they are prepared for whatever comes their way. Red Team Red team training allows pentesters and security architects to get the hands-on training they need to perform their roles better and gives IR and SOC teams the tools they need to think like the enemy. Individual The training platform should be flexible and scalable enough to cater to even the most tailored needs. Individual training gives professionals the opportunity to customize sessions to strengthen their specific weaknesses and create a personalized training road map. Capture the Flag Competitions A Capture the Flag module allows you to add a dimension of gamification and competition to training, keeping exercises exciting and fresh. Moreover, a proper Capture the Flag module can be used for recruiting purposes to create a buzz about employment opportunities at your SOC and drum up interest at hackathons, conferences and academic institutions. TRAIN THE ORGANIZATION Cyber security is only as strong as its weakest link. Beyond the SOC team, your cyber range should be able to offer custom cybersecurity training sessions for every member of the IT and R&D in your organization. 6 Cyber Range Buyers Guide for Fortune 1000 Security Operations www.cyberbit.com

Beyond Training: Assessing Processes and Technologies If your enterprise builds a cyber range capable of fully simulating any environment, tools, traffic and attacks you can leverage it to assess processes and technologies to improve the quality of all your security posture. Product POC: The range solution must have a robust simulation platform that allows you to test out new tools and products before implementing them to ensure that they work as planned with the rest of the environment. Sub-Network Pentesting: Your cyber range solution should grant the ability to pentest networks in a safe and controlled environment, allowing your security team to find vulnerabilities before the bad guys do. Cyber Research: Cyber range simulation is an effective way to examine the behavior of various malware and existing attacks. It can also provide valuable insights when investigating the impact on your network, if it was discovered post-attack. 7 Cyber Range Buyers Guide for Fortune 1000 Security Operations www.cyberbit.com

Benefits of Establishing In-house Cyber Range Adding cyber range training simulation capabilities to your security operations allows you to: Train and Retain Excellent Analysts: Investing in training is your best defense against the cyber skill shortage. Simulation training makes your existing team members more effective and can help reduce churn by providing ongoing challenge and learning that is highly valued by top security analysts. Reduce Training Time and Costs: External training is costly both in terms of budget and time. Establishing your own cyber range can both cut costs and increase the frequency of training session for the SOC team and all members of the organization. Onboard New Analysts Faster: The realistic, hands-on experience of a cyber range simulator accelerates the onboarding process for new analysts and gets them ready to start their first shift in the SOC. New analysts will gain valuable experience operating in your network environment, using tools deployed in your SOC. You can be confident they are ready by evaluating their performance in a variety of attack scenarios. Train on Exact Replica of your Network: A cyber range should provide an exact replica of your real network and SOC environment to ensure training is highly effective. Custom Attack Scenarios: Train on the attack scenarios most important to your organization so you can sleep well at night fully confident your team is ready for the most menacing threats. 8 Cyber Range Buyers Guide for Fortune 1000 Security Operations www.cyberbit.com

Create Tailored Courses for your Enterprise New Analyst Skill Development Courses Help new hires get the skills they need with courses tailored specifically to their needs. The hands-on experience provided in a Cyber Range setting allows less-experienced analysts to develop their skills in a safe and controlled environment. With courses created specifically with their skill level in mind, you can ensure that they come out with the competencies they need to defeat real-life threats in far less time than traditional methods. Expert Skill Enhancement Courses Provide experienced analysts (and other security professionals) with specifically tailored courses that allow them to advance their abilities across any skill set, such as malware forensics, network security, pentesting and IR. Not only do these courses enhance skills, they help seasoned professionals remain engaged in a workplace that can become otherwise monotonous. Team and Individual Training Courses A truly customizable platform is one that s entirely scalable. A cyber range is the right answer for training large teams together as a unit or even one professional at a time using hyper realistic scenarios. Certification Courses Due to the cyber skill shortage, every SOC manager is facing an enormous challenge to hire and train enough qualified analysts. When a new analyst is hired they must go through an onboarding process in which they learn everything about the enterprise SOC, its architecture, traffic, security tools and procedures. Develop customized SOC Analyst Onboarding Certification that is tailored to your SOC and gets new hires up to speed quickly and efficiently. A cyber range can also be used to administer a final check out exam before the new analyst is assigned their first shift in the SOC. You can also offer special advanced courses for more experienced professionals in topics like security incident investigation and forensics. 9 Cyber Range Buyers Guide for Fortune 1000 Security Operations www.cyberbit.com

Cyberbit Range Training Experience: The Range training is really hands-on, not just a PowerPoint, so we learn by doing. Working through every step of the incident response process, using our tools and communicating with other analysts are important parts of the job that you can t practice in any other kind of training setting. -Tier 1 Security Analyst, MSSP I ve been through many training courses over the years, but it s impossible to remember everything that was taught. Now that I have implemented the things I learned in the Range simulator, it already feels like second-nature and I m much more confident I can apply what I learned correctly. -SOC Manager, F1000 Executing playbooks in the Range helps me assess how effective our analyst training is and see where we need to improve. Now I know where to focus our training and education. -CISO, financial institution 10 Cyber Range Buyers Guide for Fortune 1000 Security Operations www.cyberbit.com

Facility & Staff Checklist In addition to the range platform itself, consider the following facility and staff requirements: Classroom(s) Each classroom should be able to accommodate 5-20 trainees and 1 instructor. Additional classrooms can be added as needed. Servers Will you need to supply servers or will they be supplied by range vendor? Trainee Workstations Each trainee needs a standard workstation with 2 screens. Training Instructors One instructor is needed per class session. Plan for 1.5-2 instructors per classroom to allow for optimal scheduling. A range classroom can run around the clock, so consider splitting each classroom into two instructor shifts to maximize simulation capacity. Vendor should train instructors to ensure optimal performance. Logistics Assign a person to handle the scheduling of trainings and all that it entails; scheduling instructors, trainees and scenarios. 11 Cyber Range Buyers Guide for Fortune 1000 Security Operations www.cyberbit.com

Build Your Enterprise Cyber Range with Cyberbit From day one, Cyberbit Range was developed to be robust, flexible and simple to deploy so you can easily customize training offerings as needed. The simulation experience is deeply immersive and leaves a powerful impression on everyone who tries it and provides clear metrics to show improvement of trainees. Your dedicated account manager wants your cyber range training facility to succeed and will be right by your side offering support, guidance and real solutions. Cyberbit will help you get your new Cyber Range training center up and running as quickly as possible so you can start scheduling training sessions. Cyberbit Range is the most widely deployed cybersecurity training and simulation platform, delivering hyper-realistic training scenarios that dramatically improve cyber security team performance for enterprises, public sector organization, academic institutions and security service providers on three continents. Cyberbit provides advanced cyber security solutions for high-risk, high-value enterprises, critical infrastructure, military and government organizations. The company s portfolio provides a complete product suite for detecting and mitigating attacks in the new, advanced threat landscape, and helps organizations address the related operational challenges. Cyberbit s portfolio includes advanced endpoint detection and response (EDR), SCADA network security and continuity, security incident response platform, and security team training and simulation. Cyberbit s products were chosen by highly targeted industrial organizations around the world to protect their networks. ABOUT CYBERBIT Ltd. Cyberbit provides a consolidated detection and response platform that protects an organization s entire attack surface across IT, OT and IoT networks. Cyberbit products have been forged in the toughest environments on the globe and include: behavioral threat detection, incident response automation and orchestration, ICS/SCADA security, and the world s leading cyber range. Since founded in mid-2015 Cyberbit s products were rapidly adopted by enterprises, governments, academic institutions and MSSPs around the world. Cyberbit is a subsidiary of Elbit Systems (NASDAQ: ESLT) and has offices in Israel, the US, Europe, and Asia. sales@cyberbit.com www.cyberbit.com US Office: Cyberbit Inc. 3800 N. Lamar Blvd. Suite 200 Austin, TX 78756 Tel: +1-737-717-0385 Israel Office: Cyberbit Ltd. 22 Zarhin St. Ra anana Israel 4310602 Tel: +972-9-7799800 12 Cyber Range Buyers Guide for Fortune 1000 Security Operations www.cyberbit.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback