Revolutionizing Cyber Training

A TAG INFOSPHERE INTERVIEW WITH DEBBIE GORDON, CEO, CLOUD RANGE

Cloud Range transforms cybersecurity training by providing scalable, hands-on simulation exercises tailored to real-world conditions. This Q&A with TAG Infosphere highlights how their cloud-based platform enables organizations to prepare for evolving cyber threats, improve team response times, and safeguard critical infrastructure through IT, OT and cloud focused simulations.

TAG: What inspired the development of Cloud Range’s cyber range platform, and how does it differ from other cybersecurity training solutions in the market?

CLOUD RANGE: The inspiration behind Cloud Range’s cyber range platform stems from the traditional limitations of cyber ranges, which were initially designed for military use. These legacy ranges required significant investments, were hardware-based, and demanded on-premise management—making them impractical for most organizations. Cloud Range recognized a need for a more accessible, scalable solution and introduced the first cloud-based Cyber Range-as-a-Service, allowing organizations to focus on training rather than managing the range.

Unlike other solutions, Cloud Range doesn’t replace traditional training like certification prep or individual labs but builds on them as the critical "last mile" of training. Similar to how flight simulators prepare pilots for in-flight emergencies, Cloud Range provides hands-on, team-based simulation training in environments that mirror real-world conditions. Security operations center (SOC) and incident response (IR) teams train together in dynamic, high-pressure scenarios to develop the technical skills, critical thinking, and teamwork required to effectively respond to real-world cyber threats.

What sets Cloud Range apart is its ability to replicate customers’ unique environments, whether IT, cloud, or operational technology (OT). Unlike generic virtual networks, Cloud Range tailors simulations to look and feel like the organization’s actual environment, enabling teams to build muscle memory and situational awareness. This is especially critical for industries like energy and manufacturing, where IT/OT convergence creates unique vulnerabilities. Cloud Range also provides virtual live-fire OT/ICS attack simulation training, making it the only platform of its kind.

With integrated metrics, actionable feedback, and comprehensive program management, Cloud Range ensures continuous improvement and measurable results. By bridging the gap between theory and practice, Cloud Range empowers security teams to confidently manage and mitigate cyber risks.

TAG: How does Cloud Range ensure its simulation exercises stay current and address the latest tactics used by cyber adversaries?

CLOUD RANGE: Cloud Range stays ahead of evolving cyber threats by leveraging real-time threat intelligence and aligning with frameworks like MITRE ATT&CK. Our dedicated team continuously monitors global threat activity, analyzes attack patterns, and develops new attack scenarios to reflect emerging tactics, techniques, and procedures (TTPs). This allows us to quickly respond to changes in the threat landscape and roll out relevant simulations to our customers.

Our ever-growing library of IT, OT, and cloud attack scenarios incorporates emerging threats like ransomware and supply chain attacks, and we quickly create and deploy new simulations that enable teams to prepare for and respond effectively.

Simulations are customizable to match an organization’s unique tools, network architecture, and risk profile. This ensures teams train in environments that mirror their operational landscape and makes the training experience relevant and impactful.

TAG: With such a strong emphasis on teamwork and real-world simulations, how do Cloud Range’s training programs improve detection and response times?

CLOUD RANGE: Cloud Range’s training programs improve detection and response times because when real attacks occur, it’s not the first time teams are encountering them—they’ve already practiced. Facing realistic, high-pressure scenarios in a controlled environment builds the muscle memory and situational awareness needed to respond swiftly and effectively during actual incidents.

Simulations are guided by the Attackmaster, who evaluates team performance in real time, scoring and providing analysis on both technical proficiencies and soft skills. This combination leads to teams improving in multiple areas, including incident response, tool use, adherence to protocols, communication, and collaboration under pressure.

Post-simulation debriefs provide actionable insights into strengths, areas for improvement, and strategies to bridge gaps. Recommendations might include targeted FlexLabs skill development labs or tailored learning plans generated in the Performance Portal, ensuring both technical and interpersonal growth.

By training in realistic environments, teams leave better equipped to detect and mitigate cyber threats quickly and confidently.

TAG: The Cloud Range platform appears highly customizable. Could you share examples of how Cloud Range tailors its simulations to meet the unique needs of different organizations?

CLOUD RANGE: Cloud Range enables organizations to train in environments closely mirroring their networks, tools, and challenges while simulating real-world attacks.

For example, financial institutions might train on advanced persistent threats (APTs) or phishing attacks targeting customer data, while energy companies could focus on OT-specific threats like ransomware targeting industrial control systems. Organizations can emulate their network architecture, including firewalls, routers, SIEMs, and OT components like programmable logic controllers (PLCs) and human-machine interfaces (HMIs). Simulations are tailored to each team’s experience level, ensuring they are appropriately challenged.

This level of customization ensures that every simulation is not a generic exercise but a meaningful, actionable experience that aligns with the organization’s goals and challenges.

TAG: How does Cloud Range’s approach to both IT and OT (Operational Technology) simulations prepare teams for incidents that could impact critical infrastructure?

CLOUD RANGE: Critical infrastructure sectors, such as energy, water, manufacturing, transportation, etc., are increasingly targeted by cyber attacks that can have devastating consequences, including operational disruptions and risks to human safety. Cloud Range bridges the gap between IT and OT cybersecurity, providing unified training that equips teams to respond to these complex threats.

OT systems prioritize availability and integrity, requiring a unique approach to IT systems, where confidentiality is often the primary concern. Cloud Range’s OT simulations replicate these environments, incorporating virtualized components such as PLCs, HMIs, and SCADA systems.  Additionally, the playbooks used for OT often differ from IT, which have to be reflected in the simulations. For organizations with physical labs, our hardware-in-the-loop (HIL) capabilities allow direct integration of live equipment.

Cloud Range’s scenarios emphasize collaboration between IT and OT teams, fostering a shared understanding of protocols, priorities, and potential risks. This approach builds technical expertise, situational awareness, and communication skills, helping safeguard both infrastructure and public safety.

This interview and many other insightful articles are in TAG Infosphere’s 4th Quarter 2024 Security Annual, available for free download here. 

About TAG  

TAG is a trusted next-generation research and advisory company that utilizes an AI-powered SaaS platform to provide on-demand insights, guidance, and recommendations to enterprise teams, government agencies, and commercial vendors in cybersecurity, artificial intelligence, and climate science. 

Request a demo of Cloud Range’s cyber range solutions here.