How Does Cyber Range Training Offer an Accurate Measure of Cyber Risk?
How Does Cyber Range Training Offer an Accurate Measure of Cyber Risk?
By David Neuman, TAG Cyber
This blog is part of a series from TAG Cyber that focuses on using cyber range and simulation training for security operation center (SOC) teams to improve individual and team effectiveness. The Cloud Range platform is used throughout the blog series to illustrate world-class range training for these teams. Check out the first, second, third, and fourth blogs of the series.
Cyber range training is an essential tool to align cyber operations readiness as a measure of cyber risk. This article illustrates how this type of training is used to measure that risk in the context of the commercial Cloud Range offering.
“How do you know your level of cyber risk?”
This is the fundamental risk question asked by every CISO, CEO, audit committee, and board. It’s a question about security operations performance or protection of critical business assets, and it may be prompted after a cyber incident at another company. Cyber range training is an impactful way to answer the question and measurably demonstrate proof that you are reducing risk and ready to respond to cyber events.
Cyber range training is a critical part of the risk mitigation planning and process. A comprehensive cyber range training program delivers validated technology capabilities, effective processes, and fully qualified professionals that can be measured at every stage.
To note: Cyber risk should measure not only the technology and processes but the efficacy of the professionals using them.
Cloud Range provides a risk score that gives organizations insight into their team members’ knowledge, skills, and abilities. The score is aligned with the NICE Cybersecurity Workforce and MITRE ATT&CK frameworks and weights factors according to each organization’s need. The metric is perfect for board reporting and makes it easy to measure team performance and track progress. Cloud Range is the only vendor doing this.
Where does cyber range training fit in the risk measurement process?
Cyber range training connects critical components of capability-based risk mitigation:
Business risk
Threat environment
Vulnerabilities
Mitigation and response
To thread these together we will use a supply chain scenario and the end-to-end process for using cyber range training to plan, implement, and accurately measure risk.
Understanding the business risk is a critical first step.
Global supply chain attacks are growing in sophistication and impact. The two most common risks are supply chain disruption and the potential for product integrity compromise because they represent the potential loss of revenue, brand damage, and not meeting customer commitments. Cyber range training can be used to emulate the technical and process environment so operators (and supply chain system administrators) understand critical dependencies and applications at risk.
Cyber range training is used to model threat tactics.
With an understanding of the business risk, cyber range training can incorporate the threat actor’s capability, intent, and possible course of action against supply chain processes and critical applications. This component also delivers the agility to model threat actor behaviors as they change or evolve. Cyber range training can ensure teams are planning against top-performing adversaries, so they are always ready.
Prioritizing vulnerability remediation.
Threat actors typically look for certain vulnerabilities that their tactics, techniques, and procedures (TTP) are designed to exploit. Cyber range training enables security operations teams and supply chain systems administrators to map threats to vulnerabilities to be prioritized for remediation. This can shut down potential angles of attack an adversary expects to be available.
Mitigation and response planning is where cyber range training helps organizations answer, “this is how we know.”
Cloud Range’s live-fire training puts all these components into play to exercise attack-based scenarios against the supply chain. Each scenario is created with a set of measures of performance and effectiveness. The scenarios are then aligned to exceed the known performance of threat actors. The conditions in the cyber range can also provide insights into the necessary calibration required with non-cyber teams who may operate other technology such as domain name service and enable joint security TTPs between organizations.
Measures that demonstrate the value of cyber range training
As organizations participate in Cloud Range’s various cyber-attack scenarios and complexity levels throughout the cyber range training program, cyber risk can be measured accurately. The score includes performance in Cloud Range’s live-fire team training, its 1,500+ training and challenge labs, and third-party training and certifications. Cloud Range also measures soft skills such as communication, collaboration, and problem-solving. These measures represent an organization’s ability to protect and respond to cyber hostilities before they cause material impact. Collectively, business risk, threats, vulnerabilities, and cyber range training measure the effectiveness and capabilities of technology, processes, and people. The metrics show the impact that cyber range training has on the organization – and what the next steps are to reduce risk.
These measures are instrumental in maintaining an operational edge over cyber adversaries. They also enable security leaders to show the board of directors and risk committees how effective the organization is in managing these risks.
Stay tuned for the final blog in this series in two weeks!
Contact Cloud Range to learn how Cloud Range’s platform is uniquely designed to evaluate the competencies of an organization’s cybersecurity workforce and identify and remediate security vulnerabilities to reduce an organization's exposure to cyber risk.
About TAG Cyber
TAG Cyber is a trusted cyber security research analyst firm, providing unbiased industry insights and recommendations to security solution providers and Fortune 500 enterprises. Founded in 2016 by Dr. Edward Amoroso, former SVP/CSO of AT&T, the company bucks the trend of pay-for-play research by offering in-depth insights, market analysis, consulting, and personalized content based on thousands of engagements with clients and non-clients alike—all from a practitioner’s perspective.
Copyright © 2023 TAG Cyber LLC. This report may not be reproduced, distributed, or shared without TAG Cyber’s written permission. The material in this report is comprised of the opinions of the TAG Cyber analysts and is not to be interpreted as consisting of factual assertions. All warranties regarding the correctness, usefulness, accuracy, or completeness of this report are disclaimed herein.