Cyber Range Training Improves Security Operations

Date:   Friday , October 07, 2016

Headquartered in U.S, Ixia (NASDAQ: XXIA) proffers testing, visibility and security solutions to the customers by delivering seamless, stable and secure experience through its actionable insight into the performance, stability and security of their applications and networks.

Security Operation Centers, and the professionals that are charged with supporting them, are struggling with an ever increasing number of security alerts, generated by constantly evolving technologies and their rapid pace of adoption. It is clear that in terms of security, you’re either agile or a dinosaur, and we all know what happened to the dinosaurs. This constant barrage of security alerts can easily create ‘alert fatigue’ and result in missing the really important ones that can wreak havoc on a business.

Most companies understand the need to test their security solutions on a regular basis to ensure they deliver the threat intelligence needed to identify critical security alerts. But what about the professionals relying on these solutions?

The best way for these professionals to remain up to date is to practice, practice, practice, and then practice some more. Practicing with Cyber Range training improves security operations by teaching these professionals how to reduce noise by quickly identifying the alerts that need their attention.

In December of 2013, we began hearing of a very large credit card breach at the U.S. based company Target. We learned that more than 60 million Target customers had their credit card, debit card, name, mailing address, email address, and phone numbers stolen. What is less well known, or publicized, is that security specialists in Bangalore, India, who were monitoring the retail chains computer logs, identified malware alerts in November and notified Target officials.There is no certainty or evidence as to why these alerts were not acted upon, but this is a perfect example of important alerts that did not get the timely attention they needed. Because we know that the busiest time of U.S. shopping begins at the end of November through end of December, we are certain that the most damage was caused due to lack of attention to these alerts.

If you operate in a world where compliance to a standard is required, such as PCI, just like Target, you are spending cycles running vulnerability assessments that are meant to help you determine whether you are compliant or not. As we saw with Target, being compliant to standards doesn’t mean you will not get hacked. What is needed is a more thorough examination of security defenses, and how the people/processes handling the alerts will respond. We all hear about breaches every day, but the truly sad part of the story is how long these breaches persist before being identified. In most cases this is due to a lack of preparedness, not a lack of compliance. The situation is not dire, this doesn’t have to be your fate, you have the ability to take control of your future and prepare for the inevitable breach.

Today’s security systems are not automated to the point of handling the alerts and remediation steps needed to stay ahead of an ever changing threat onslaught. We are, in fact, only human. We have strengths and weaknesses. Cyber Range training can help security professionals find and utilize their strengths, while identifying and learning how to mitigate weaknesses. Using Cyber Range training you can start by executing all known types of attacks, simulating lateral network movement, and behavioral, scenarios through a controlled environment to help you identify weaknesses and strengths. This helps your security personnel improve their skills at configuring and using technology. It also helps hone their knowledge of the tools used to triage and identify the important alerts. And most importantly, they will be able to turn down and tune out much the noise causing alert fatigue that allows breaches to succeed, like the one against Target.

Cyber Range training is not just for security. Equally important is business uptime and network performance. Cyber Range training can and should include IT and Network Architects. This is because you have equipment to route, switch, proxy, load-balance, provide high-availability, and business scalability to think about and this equipment is generally outside the scope of your Security Operations group. Understanding how this equipment will perform with an ever-evolving threat landscape is not a nice to have, it is must have. A smokescreen DDoS, for example, may be used to hide data exfiltration or fraudulent activities, and is a good Cyber Range scenario to run. It’s surprising how obvious it is to the observer who knows what’s happening versus the operations people who will often go into panic mode and get tunnel vision leaving them oblivious to the real threat. Similar to fire fighters, law enforcement and armed services, practice and knowledge are proven methods for eliminating panic and developing best practices in any situation.

There is no question that operations and security professionals want to do the best they can in any situation, but without proper Cyber Range training they are left to practice during live play. This can be costly in so many ways. And if you’re a fan of the movie the ‘Matrix’ like myself, then you’ll know the quote: ‘Lieutenant: I think we can handle one little girl. I sent two units, they’re bringing her down now. Agent Smith: No lieutenant, your men are already dead’.