Cloud Range Interview in TAG Cyber's 2021 Security Annual Release
Cloud Range Interview in TAG Cyber's 2021 Security Annual Release
“TAG Cyber, LLC, the leader in democratizing world-class cyber security research and advisory services ... has released its 2021 Annual Report."
Check out Cloud Range CEO Debbie Gordon's interview on simulation training and how it not only advances cyber defense, but also increases employee job satisfaction. (A two-birds-one-stone scenario we could all use, as we move into 2021).
AN INTERVIEW WITH WITH DEBBIE GORDON, FOUNDER AND CEO, CLOUD RANGE
Simulation Training to Improve your Employees’ Skills and Job Satisfaction
Cyber attack simulation training using a cyber range has emerged in the last several years as an effective way for SOC analysts to practice defense against real-life cyber threats. In the past, SOC operators and incident responders were relegated to incident response exercises, product training and awareness, certification/classroom education, and instructor-led workshops or training. All of these exercises provide benefit, but none can fully prepare operators for a bona fide attack. Those traditional methods aren’t enough to prepare SOC teams for the high pressure situations where every minute counts, and the lack of realism of a traditional incident response scenario often can’t match what analysts experience during an actual attack.
Cloud Range, a cloud-based cyber range training company and platform, provides cyber range training just as other industries use simulation training. In aviation, pilots are required to complete a certain number of hours in simulated flight training before they’re allowed to fly solo. Professional athletes use simulation to perfect their skills and better anticipate adversaries’ actions on the playing field. Cyber security should be able to take advantage of the same type of training to prepare for adversarial attacks, too. We spoke with Debbie Gordon, CEO & Founder of Cloud Range, about attack simulation training and how it advances cyber security defense.
TAG Cyber: Please explain how cyber ranges differ from and complement traditional incident response exercises?
CLOUD RANGE: There are a few significant differences between traditional incident response exercises and simulation on a cyber range. Traditional exercises are imperative, but actual SOC simulation is another dimension of preparedness that has not existed until now. As the last line of defense, SOC analysts must develop knowledge, skills, abilities, and ultimately “muscle memory” by going through simulations frequently. Each exercise represents a unique type of attack scenario, and the more immersed they are, the more prepared they are, both individually and as a team. Traditional incident response exercises may only be done one or two times per year, and they typically focus on what to do once a situation has already become dire. Additionally, they are usually theoretical and don’t involve simulation of the attack actually being detected, before it may become dire. Incorporating a virtual cyber range into a company’s toolset can be the difference of preventing a breach before it actually happens and a devastating attack. Traditional simulations should still be conducted, but having cyber range simulations will significantly and measurably reduce a company’s risk.
From a practical standpoint, true cyber preparedness by SOC analysts is rooted within a few different factors. While industry certifications and manufacturer product training are important, practical, hands-on experience is often the missing part of that equation. Traditional training and certifications, as well as incident response exercises, are theoretical and don’t provide a hands-on technical approach to simulating a cyber attack . Without real-life experience, security teams need to wait for a real cyber attack to happen to determine if they know how to handle it, but at that point, it is too late. Cloud Range provides a safe environment that can mimic an organization’s infrastructure and security tools in order to provide the most realistic and immersive experience where failure is an option. With frequent exercises and a variety of attack scenarios, security teams gain the skills and ability to effectively detect, respond, and remediate a multitude of threats without putting their organization at risk.
Cloud Range provides security teams the opportunity to gain real-life experience and develop the skills needed to identify, defend, and remediate against cyber attacks. By regularly engaging in simulated cyber attacks in a live network environment, cyber defenders can then develop the muscle memory necessary to be able to react in a split second against any given threat.
TAG Cyber: How do you come up with realistic scenarios?
CLOUD RANGE: Cloud Range’s Threat Intelligence Team is constantly studying the threat landscape including tactics, techniques, and methods that threat actors will employ to ensure our clients are staying ahead of impending threats. This is especially important with changes in trends and the global environment. Our content is all mapped to the MITRE ATT&CK framework. Additionally, our team designs scenarios based on business-specific and industry-specific vulnerabilities.
TAG Cyber: You’ve talked about dwell time a lot in the past. Is time the only measure of success in Cloud Range’s simulation exercise?
CLOUD RANGE: By engaging in Cloud Range’s simulation exercises, reducing overall dwell time is a measurable result that reflects an organization’s risk levels, however it is not the only measure of success. A security team functions like a sports team where the whole is greater than the sum of its parts. Each person must be evaluated on knowledge, skills, and abilities as an individual to ensure that they are contributing to the success of the team, which is measured separately. Cloud Range has developed proprietary evaluation methods that show a very clear picture of how effective a security organization is. This maps directly to the NICE Framework, while ensuring that results are simple and valuable to the C-Suite.
Secondarily, given the severe cyber skills shortage, it is imperative that companies retain employees. Cloud Range customers have a measurably higher chance of retaining their employees who participate in the simulation exercises, as it provides a greater sense of purpose and understanding, which leads to job satisfaction.
TAG Cyber: How has the hyper work-from-home environment changed the types of scenarios you may add to the offering?
CLOUD RANGE: With more analysts working from home, there are new dynamics introduced into incident detection, response, and remediation. Fortunately, our virtual cyber range was designed to provide simulation training to customers regardless of location, given the growth of distributed security teams over the last five years. By providing training remotely via video conference and RDP, our customers have benefited even more from our services because remote workforces require a new set of communication methods and processes over and above their technical skills. These are significant areas of focus— working with remote teams to ensure security skills and communication skills are developed and effectively implemented.
TAG Cyber: What are the types of benefits organizations can expect when they implement cyber range training?
CLOUD RANGE: Implementing regular cyber range simulation training gives every member of an organization’s security team the ability to learn and practice defending against attack vectors in a safe environment. In addition to honing their skills using actual security tools, SOC teams and individuals will feel more engaged in a gamified environment that reflects the most current, real-world attack scenarios. This type of gamified, realistic, hands-on training and exercises can lead to higher employee satisfaction and retention.
By incorporating cyber range training into their cyber defense regimen, SOC teams can also track their progress using metrics that reflect actual detection and response times for each team member. Being able to measure a team’s cyber preparedness using real data will inspire confidence in their abilities to detect, respond to, and remediate against virtually any cyber attack that may occur.