Page 11 - Cyber Warnings
P. 11
“Practice Makes Perfect” Becoming New Catchphrase for Cyber
Security
By Joan Wrabetz, CTO Qualisystems and Maya Ber Lerner, VP Product, Qualisystems
Solving the problem of hacking after it occurs is not a solution. Cyber security investment needs
to shift from identifying the flaw after the damage has been done, and move to identifying flaws
before a hack has actually happened. This thinking is driving a whole new industry around cyber
testing.
For several industries, cyber testing is well underway and over the next few years many new
industries will find that they need to invest in it. Today, cyber testing occurs in government labs
under the moniker of “cyber ranges” and in critical industries like public utilities and financial
services, as “cyber testing.”
Security/Cyber Test Types
Security/Cyber testing encompasses a number of different types of testing that share some
common characteristics, but also have their own unique requirements:
Red Team vs. Blue Team (Cyber Range)
This type of testing is more common in military cyber defense for training of personnel
and assessing network security in both offensive and defensive scenarios. Generally, a
“cyber arena” is created that uses a network that looks as close to that of the production
network as possible.
Then a traffic generator creates traffic that simulates normal network traffic patterns. The
“Red Team” attacks the network using cyber hacking techniques, and the “Blue Team”
reacts in real time as the network monitoring group that identifies the hacks and attempts
to stop them.
Development, test, and experimentation of cyber tools and techniques
This type of testing is used primarily for evaluating the use of new security tools and
techniques and whether they will improve network security in organizations. With this
type of testing, organizations again attempt to model the typical production network.
They use traffic generators to simulate typical user traffic in that network. Then they
insert the new security tool (hardware and/or software) that is being developed and/or
tested into the network.
Disruptive events are added to the network and the new security tool is evaluated for
how well it captures and responds to the disruptive events.
11 Cyber Warnings E-Magazine – February 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide