Page 15 - Cyber Warnings
P. 15
A number of vendors have developed “cyber-range in a box” offerings as well as end-to-end
cyber range and security testing solutions. However, the critical component of these solutions is
the “sandbox” software.
Sandboxes create the “arena” in cyber ranges and the isolated testing environments in security
testing.
A sandbox is a personal replica of a real complex production environment that is isolated from
other sandboxes. Sandboxes include three key capabilities:
They model all of the physical and virtual infrastructure and applications so that a unique
configuration can be created on the fly that exactly mimics a production configuration.
They provide workflow orchestration that is used for automated setup and teardown and
snapshot and restore of the sandbox, as well as orchestration of traffic generators and
all other aspects of security scenarios.
They are initiated through a self-service catalog or an API with access controls, allowing
many users or groups to simultaneously run security testing in a shared lab while
providing full isolation.
Case Study: A Cyber Range Solution
One such implementation, developed through a partnership between QualiSystems and one of
its systems integrator partners, provides a private cloud security testing solution for customers.
The Quali enabled Cyber Range solution includes:
Simulation of the production environment, including its hardware and software
components and their connectivity. The network environment and components are 100%
virtual. In addition, the security products that the customer uses in their environment are
replicated, such as next generation firewalls, etc.
Finally, a virtual traffic generator is provided for creating typical traffic patterns. The
entire solution is provided on a rack of converged infrastructure.
This configuration is used to create on-demand cyber ranges using sandboxes. Each
sandbox provides built-in orchestration tools that allow the administrators of the cyber
range to automate the creation of “Blue Team” and “Red Team” scenarios.
These scenarios may be created using the virtual traffic generator to create threats, or
by recording in-house generated attack scenarios and scripts. These scenarios can be
repeated with high accuracy. In addition, it is possible for teams to perform fully manual
tests in a cyber range sandbox.
The cyber range solution is offered with private cloud capabilities, including a self-
service catalog of pre-built scenarios, scheduling of cyber ranges ahead of time, as well
as multi-tenancy to support multiple simultaneous active cyber ranges.
15 Cyber Warnings E-Magazine – February 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
