Comprehensive Cybersecurity Training Solutions And Unique FlexRange Programs
Comprehensive Cybersecurity Training Solutions And Unique FlexRange Programs
An Interview with Debbie Gordon, Founder And CEO, Cloud Range
In an interview conducted by the TAG analysts, Cloud Range's expertise in SOC (Security Operations Center) training takes center stage. As the cybersecurity landscape continues to evolve, Cloud Range's pragmatic approach to enhancing organizations' cyber resilience has garnered attention across the SOC community. This conversation addresses the core methodologies underpinning Cloud Range's mission to prepare organizations for managing and mitigating cyber threats through comprehensive training programs.
TAG: Can you explain how Cloud Range's FlexRange Programs contribute to the preparedness of security teams, and what makes them unique in the industry?
Cloud Range: With an acute shortage of cybersecurity professionals worldwide, organizations are challenged to find, hire, and retain experienced, battle-ready cyber defenders. Security personnel are the last line of defense against cyber attacks, but traditional education and certifications are not enough and “on-the-job training” is not an option.
It’s critical that security teams regularly train and practice detecting and responding to cyber threats, understand attack vectors and tactics, test their playbooks, and, for IT and OT teams, that they speak the same language and know how systems are integrated.
Cloud Range fills the experience and skills gap with FlexRange™ Cyber Range and Simulation Training, an ongoing program of live-fire IT and OT/industrial incident response simulation exercises. Just as pilots must train in a flight simulator, FlexRange enables security teams to practice defense against real-world cyber attacks, maximize toolsets, and improve operational efficiency. Security leaders and teams are drawn to Cloud Range’s FlexRange program because it solves a universal problem with a quality readiness solution that strengthens resilience, shows measurable results, and reduces the organization’s risk.
FlexRange is unique in the industry with customizable, cloud-based virtual ranges and the only live-fire OT/ICS cyber range for team training. The safe enterprise network environments include application servers, email servers, OT components, switches, routers, traffic, alerts, and integrated industry-leading security products such as SIEMs, firewalls, IDS’s, endpoint security systems, analysis tools, and more. Plus, Cloud Range regularly develops new IT and OT cyber attack scenarios based on threat intelligence.
Cloud Range's full-service model makes cyber training easy with live instructors, customized program design, range administration, and program management, ensuring teams meet their objectives. All progress is tracked in an integrated learning management system with scoring and analysis that factor in KSAs from the NICE Framework, TTPs from MITRE ATT&CK frameworks, industry-specific regulations, job requirements, technical proficiencies, soft skills, and mean and actual time to detection.
This comprehensive, customized learning approach is not found anywhere else in the market today.
TAG: Could you elaborate on the types of team simulation exercises offered by Cloud Range?
Cloud Range: Unlike other types of “team” training that are simply a group of people working on solo courses in parallel, Cloud Range’s simulation exercises ensure each person works as part of a true team, each with a different role and contributing to the team’s success.
Examples of Cloud Range’s dynamic attack scenarios include: ransomware, phishing, DNS tunneling, website defacement, OT/ICS attacks, DDOS attacks, supply chain attacks, and more.
There are multiple learning formats with thousands of simulation options including red, blue, red vs blue, and purple team training exercises; capture the flag events; skill development labs; challenge labs; and next-generation tabletop exercises.
TAG: How does Cloud Range tailor its FlexRange Programs to meet the specific needs of different organizations?
Cloud Range: FlexRange programs are tailored according to each organization’s goals and team members’ experience levels. Within the range, customizations options include the network environment, architecture, tools, attack type, amount of traffic, complexity level, and more. For OT/ICS environments, the range includes virtualized HMIs, PLCs, and monitoring tools, as well as hardware-in-the-loop (HIL) capabilities enabling the range to directly connect to a customer’s live, physical lab environment.
Cloud Range’s tech team is on hand to create new scenarios, incorporate additional tools, and provide other customizations as needed.
Plus, in addition to team training, each team member receives individual coaching. Customized learning plans are generated in Cloud Range’s Performance Portal based on each person’s goals, roles, assessments, progress, and organizational criteria. That ensures every cyber practitioner is regularly growing in their field and careers, all while reducing the burden on leadership to manage this for their teams.
TAG: What role do soft skills, such as communication and collaboration, play in Cloud Range's training programs, and how do they contribute to cyber readiness?
Cloud Range: In addition to improving the SOC's technical ability to respond to a major attack, Cloud Range's training programs help teams improve critical thinking, problem-solving, communication, judgment, and teamwork. These soft skills are included in the evaluation and executive debrief that Cloud Range provides to security leaders.
Soft skills are crucial in cybersecurity because cybersecurity is a team sport. When teams work well together under pressure and communicate effectively, they can resolve incidents quicker, provide relevant and timely information, and articulate the risk factors impacting the organization. That in turn facilitates more effective discussions within their team and with other groups, including the board, executive management, legal, and the organization’s partners and customers. FlexRange training is designed to help security operations teams learn how to manage threats and exploits holistically, mitigate them as a team, grow in their experience and roles, and be prepared for whatever comes their way.
TAG: Could you explain the significance of OT (Operational Technology) training scenarios and how they help address the rising threats to critical infrastructure?
Cloud Range: The digital convergence of OT and IT has increased the number of cyber attacks that affect OT/ICS environments, accelerating the need to equip security teams with the training and experience to protect these assets. However, many times OT and IT teams are not aware of the other’s techniques, objectives, or protocols. They require unique training to ensure they can speak the same language and overcome the distinctive OT/ICS threats and challenges they face.
Cloud Range’s OT cyber range simulation training environments include dynamic, live-fire OT/ICS, OT/IoT, and IT/OT incident response and security operations exercises. They can be tailored for any industrial sector, including energy, water systems, nuclear, transportation, and buildings/facilities. The innovative solution not only helps strengthen the resilience of security teams, but also enhances operational efficiency by fostering collaboration between IT and OT teams, mitigating the typical organizational friction and complexity.
As cyber threats increasingly target devices and systems governing industrial operations, it is crucial for organizations to broaden their cybersecurity capabilities beyond data protection and encompass cyber safety and human life protection. Our OT/ICS scenarios enable teams to gain experience responding to real cyber attacks, mapped to the MITRE ATT&CK Frameworks. The immersive, live-fire, cloud-based, cyber range environment gives teams the expertise, judgment, skills, and muscle memory required to be ready when an actual attack occurs, safeguarding both data and human lives.
Get the latest TAG Cyber Quarterly here.