Page 14 - Cyber Warnings
P. 14
Central control of the testing environment. Controlling the security scenarios and
ensuring the accuracy of testing requires central control of the testing environment and
testing processes. It is critical that security tests run in isolated environments that can be
kept uncontaminated at all times.
At the same time, for efficiency, it is also important to provide a simple self-service
experience where teams can easily reserve and automatically set up and rehearse
scenarios.
Cyber testing facilities must be fully isolated. Since the purpose of the testing is to
practice hacking into networks in a variety of ways, it is very important for that testing to
be fully isolated from an organization’s networks. While it might seem obvious, cyber
testing cannot be done on the production network where it could put organizations at
risk.
Fundamentally, the challenge is to reproduce the production network with high fidelity in
an isolated, non-production environment and let many people test simultaneously in that
simulated environment.
Security Testing Solution Requirements
Based on testing problems above, any security testing solution must respond to the following
requirements:
The ability to create an isolated environment for testing that mimics the production
environment as accurately as possible (i.e. with high fidelity);
The ability to create a clone of the network configuration as well as to simulate realistic
traffic patterns and load on that network;
Support system-wide testing of a mix of physical and virtual network infrastructure as
well as applications;
Be able to automate the setup and teardown of the network infrastructure, traffic
generation, security device configuration, and testing processes;
The ability to snapshot the environment at any point and restore it back to that state;
Provide a simple self-service experience where users can easily reserve and
automatically set up security tests; and
Support for many testing environments to be run simultaneously.
Sandboxes for Security/Cyber testing
In order to meet these requirements, many security testing firms, government security testing
labs and enterprises implementing security tests have implemented cyber ranges or cyber
testing solutions.
14 Cyber Warnings E-Magazine – February 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
