SlideShare a Scribd company logo

Cyber Ranges: The (R)evolution in Cybersecurity Training

Minsait
Minsait

Some thoughts based on our practical experience, gained after years of R&D on the topic and hundreds of hours of training in our Cyber Range.

Technology
1 of 30
Download to read offline
Dr. Jorge López Hernández-Ardieta Head of Cybersecurity Solutions & Digital Specialist Cyber Ranges: The (R)evolution in Cybersecurity Training Barcelona, 6 December 2016 Cybersecurity Unit
2 Contents
3 Contents
4 Technology evolution 01. CURRENT SITUATION Big Data/ Analytics Smart X BYOX/ Mobility Unmanned systems Systems-of- systems Social networksIoT/ Wearables Blockchain SDN/NFV Cloud/ Virtualisation (SaaS/PaaS/IaaS
5 Technology evolution 01. CURRENT SITUATION Big Data/ Analytics Smart X BYOX/ Mobility Unmanned systems Systems-of- systems Social networksIoT/ Wearables Blockchain SDN/NFV Cloud/ Virtualisation (SaaS/PaaS/IaaS Interdependence & Interconnection
6 Cyber threats evolution 01. CURRENT SITUATION ATM/Bank attacks First attacks to phone network Morris worms Massive attacks to EEUU phone system 1900 1980 1990 20001970 Kevin Mitnick 2010 20121930 Enigma is hacked Datastream hacks DoD, NASA, USAF Tenenbaum Hacks Pentagon Anti- sec Conficker Estonia DDoS Anonymous Stuxnet APT – Ghostnet, Night Dragon, Titan Rain, Shady Rat, Aurora Worms CodeRed, Nimda, Kornoukova, Sadmind, slapper, Iloveyou, Mellissa, Blaster, etc 2014 APT – Careto DragonFly Ransomware (mobile) DDoS/IoT 2016
7 The need for qualified professionals 01. CURRENT SITUATION Constant evolution of technology and cyber threats require constant efforts in professional education and training Decision-makers should also be educated on risks and security matters at strategic level Qualified professionals are paramount for organisations to deploy and implement effective cybersecurity practices secure SW/systems engineers, network security engineers, incident responders, malware & forensic analysts, security consultants, etc.
8  Current efforts and initiatives do not suffice  Knowledge entry barriers slow down training process and increase costs  Requires hands-on training: significant trainer resources (high costs) Our aim is to identify some desirable properties that technology should have in order to provide effective massive-scale cybersecurity training, detect which ones present technical challenges, and suggest novel approaches to achieve them  Recent explosion in the demand (91% increase in US 2010-20141)  Expectations are ‘worse’: 6M until 20192  Offer-demand imbalance: Lack of highly skilled and trained cybersecurity professionals Problems 01. CURRENT SITUATION 2 Estimations by Symantec and CISCO reports (2014). 1 Job Market Intelligence: Cybersecurity Jobs, Burning Glass Technologies (2015)
9 Contents
TRAINING IN CYBERSECURITY: CHALLENGES AND NOVEL APPROACHES | 10 USABILITY Easy access regardless when and where (remotely) students access from. Easy-to-use HMI and functionality. ROLE ORIENTED Adapt the training dynamics to the role of the student (strategic, operational, tactical). REALISM Information systems and communication networks that reproduce real-world scenarios with real-time feedback and operation. Hands-on approach. GROWTH Set up new exercises at a steady pace (and cost-effective), according to the evolution in technology and cyber threats. Desirable properties 02. CHALLENGES IN CYBERSECURITY TRAINING
TRAINING IN CYBERSECURITY: CHALLENGES AND NOVEL APPROACHES | 11 CUSTOMIZABLE Easily adapt and tailor the exercises to the organisation’s needs, without the need to stick to predefined scenarios and exercises. SECURITY High security: isolation from production environments, isolation between exercises, access control, sound product engineering, etc. SCALABILITY Support large networks with hundreds and even thousands of assets. Transparently accommodate new users up to reasonable orders of magnitudes (hundreds, thousands). RICHNESS Support a wide array of scenarios, techniques, defensive and offensive tools, attackers’ profiles, configurations etc. Desirable properties 02. CHALLENGES IN CYBERSECURITY TRAINING
TRAINING IN CYBERSECURITY: CHALLENGES AND NOVEL APPROACHES | 12 SUPERVISION Automatically monitor and assess the student’s actions and performance. GUIDANCE Provide automatic guidance and hints to the student to help him during the training activity to enhance the learning process. REPRODUCIBILITY Repeat, pause, resume and restore the exercises at any time (student). CONTROL Automatically control the execution of the exercise to know its progress as well as state of the underlying network. Desirable properties 02. CHALLENGES IN CYBERSECURITY TRAINING
TRAINING IN CYBERSECURITY: CHALLENGES AND NOVEL APPROACHES | 13 ADAPTABILITY Adapt the level of difficulty of the training to the student’s skills and performance, including dynamically. Automatically and dynamically propose new challenges to the student. AUTOMATED ADVERSARY Play automatically adversarial roles (defender, attacker, ally). PEDAGOGICAL Embed a variety and effective learning processes and pedagogical strategies, such as:  Observational learning (play automated exercises).  Trial and error approaches (active attitude, capability to undo actions and take different courses of action, etc.).  Quantitative scoring system and gamification mechanisms to encourage competitiveness and self- improvement. Desirable properties 02. CHALLENGES IN CYBERSECURITY TRAINING
14 Contents
TRAINING IN CYBERSECURITY: CHALLENGES AND NOVEL APPROACHES | 15 Cyber ranges have become valuable tools for civil and military organisations Hands-on training 01 Experimentation and test of technology and cyberweapons 02 CDX Cyber Defence Exercises 03 Research and validation of new concepts and technology 04 Cyber ranges 03. CYBER RANGES: A NOVEL APPROACH
TRAINING IN CYBERSECURITY: CHALLENGES AND NOVEL APPROACHES | 16 A classical cyber range 03. CYBER RANGES: A NOVEL APPROACH ESXi serversVirtual SMP VMFS Storage Network infrastructure Virtual machines OS App OS App OS App OS App OS App OS App OS App OS App OS App Physical layer Virtual layer Management layer vCenter – Management platform Advanced functions DRS HA vMotion Servers
TRAINING IN CYBERSECURITY: CHALLENGES AND NOVEL APPROACHES | 17 A classical cyber range 03. CYBER RANGES: A NOVEL APPROACH ... OS App OS App OS App OS App OS App Redes MZ DMZ Virtual Switch (VLAN A) OS App Virtual Firewall Virtual IPS OS App Target system Red Team OS App OS App OS App Red Ataque Virtual Switch Plataforma Ataques (VLAN B) OS App Firewall Virtual Exercise B OS App OS App OS App OS App OS App Redes MZ DMZ Virtual Switch (VLAN A) OS App Virtual Firewall Virtual IPS OS App Target system Red Team OS App OS App OS App Red Ataque Virtual Switch Plataforma Ataques (VLAN B) OS App Firewall Virtual Exercise A OS App OS App OS App OS App OS App Redes MZ DMZ Virtual Switch (VLAN A) OS App Virtual Firewall Virtual IPS OS App Target system Red Team OS App OS App OS App Red Ataque Virtual Switch Plataforma Ataques (VLAN B) OS App Firewall Virtual Storage & Backup Appliance Backup WBS Dedicated DataStore NetworkAppliance® NetApp FAS2040 (storage) DataStores VMware Overland NEO- 2000 SAS Virtual Switch (VLAN D) Vmware Virtual Center Management computer Management network (VLAN C) HostESX-01 HostESX-02 Cluster (servers) Physical switches External access Management
TRAINING IN CYBERSECURITY: CHALLENGES AND NOVEL APPROACHES | 18 MATURE GROWTH SCALABILITY SECURITY REALISM RICHNESS USABILITY CHALLENGE CONTROL ADAPTABILITY GUIDANCE PEDAGOGICAL SUPERVISION A-ADVERSARY INCIPIENT REPRODUCIBILITY CUSTOMIZABLE ROLE ORIENTED Maturity level in state-of-the-art solutions 03. CYBER RANGES: A NOVEL APPROACH
TRAINING IN CYBERSECURITY: CHALLENGES AND NOVEL APPROACHES | 19 A mere virtualisation infrastructure with some tailored functionality does not suffice CHALLENGE CONTROL ADAPTABILITY GUIDANCE PEDAGOGICAL SUPERVISION A-ADVERSARY Covering the challenges 03. CYBER RANGES: A NOVEL APPROACH
TRAINING IN CYBERSECURITY: CHALLENGES AND NOVEL APPROACHES | 20 Covering the challenges 03. CYBER RANGES: A NOVEL APPROACH IDEAS UI-level and low-level monitoring of students’ and automated actions on virtual infrastructure and application artefacts, and their effects. Match student behaviour against optimal performance models. Discover blocks/performance level decrease, and act accordingly through reconfiguration of objectives and adversarial actions, and hints. CHALLENGE CONTROL ADAPTABILITY GUIDANCE PEDAGOGICAL SUPERVISION A-ADVERSARY
TRAINING IN CYBERSECURITY: CHALLENGES AND NOVEL APPROACHES | 21 Covering the challenges 03. CYBER RANGES: A NOVEL APPROACH IDEAS Bind objective achievements to constraints (time, accuracy, others). Logic to detect incompletion of objectives and launch preconfigured hints. Possibly adapt score based on hints consumption. CHALLENGE CONTROL ADAPTABILITY GUIDANCE PEDAGOGICAL SUPERVISION A-ADVERSARY
TRAINING IN CYBERSECURITY: CHALLENGES AND NOVEL APPROACHES | 22 Covering the challenges 03. CYBER RANGES: A NOVEL APPROACH IDEAS Metrics and measures to highlight achievements and failures. Link actions and events to educational content. Implement complementary approaches: • Trial-and-error (checkpoints + restoration). • Observational learning. • Scoring for competitiveness and self- improvement. CHALLENGE CONTROL ADAPTABILITY GUIDANCE PEDAGOGICAL SUPERVISION A-ADVERSARY
TRAINING IN CYBERSECURITY: CHALLENGES AND NOVEL APPROACHES | 23 Covering the challenges 03. CYBER RANGES: A NOVEL APPROACH IDEAS Integrate expert systems capable of taking on roles inside the exercises. M&S for artificial users. Reprogramme automated actions based on student’s reactions. CHALLENGE CONTROL ADAPTABILITY GUIDANCE PEDAGOGICAL SUPERVISION A-ADVERSARY
TRAINING IN CYBERSECURITY: CHALLENGES AND NOVEL APPROACHES | 24 Covering the challenges 03. CYBER RANGES: A NOVEL APPROACH MATURE GROWTH RICHNESS INCIPIENT CUSTOMIZABLE CHALLENGE How to implement a cost-effective and sustainable model that ensures growth, richness and customizable properties, while meeting time-to-market demands? i.e. objective = reasonable TCO Sophisticated tools for scenario generation based around automation, reutilisation and constantly updated knowledge DB
25 Contents
26 We conclude… Our experience… 04. OUR EXPERIENCE AND FUTURE WORK 5 years of R&D Own product on the market: FEEP Cyber Range +300 users in remote and on-site training sessions +4,000 hours of hands-on training Used in 2 large CTF events (CyberCamp 2015 and 2016) Users appreciate fine-grained supervision and guidance Tailored training is becoming a must Automated (smart) adversary works well even for expert users Metrics for user performance assessment are paramount
27 Some real-time metrics 04. OUR EXPERIENCE AND FUTURE WORK
28 Some real-time metrics 04. OUR EXPERIENCE AND FUTURE WORK
29 Future work 04. OUR EXPERIENCE AND FUTURE WORK Static intelligent attack scheduler as an exercise design tool Dynamic intelligent attack scheduler to provider greater intelligence for the automated adversary SCADA/ICS exercises
30 Dr. Jorge López Hernández-Ardieta jlhardieta@minsait.com THANK YOU! QUESTIONS?

Recommended

Cyber Security Threat Modeling
Cyber Security Threat ModelingCyber Security Threat Modeling
Cyber Security Threat ModelingDr. Anish Cheriyan (PhD)
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptxSandeshUprety4
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:Anton Chuvakin
 
Compare and Contrast Security Controls and Framework Types
Compare and Contrast Security Controls and Framework TypesCompare and Contrast Security Controls and Framework Types
Compare and Contrast Security Controls and Framework TypesLearningwithRayYT
 
CSSLP & OWASP & WebGoat
CSSLP & OWASP & WebGoatCSSLP & OWASP & WebGoat
CSSLP & OWASP & WebGoatSurachai Chatchalermpun
 

Recommended

Cyber Security Threat Modeling
Cyber Security Threat ModelingCyber Security Threat Modeling
Cyber Security Threat ModelingDr. Anish Cheriyan (PhD)
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptxSandeshUprety4
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:Anton Chuvakin
 
Compare and Contrast Security Controls and Framework Types
Compare and Contrast Security Controls and Framework TypesCompare and Contrast Security Controls and Framework Types
Compare and Contrast Security Controls and Framework TypesLearningwithRayYT
 
CSSLP & OWASP & WebGoat
CSSLP & OWASP & WebGoatCSSLP & OWASP & WebGoat
CSSLP & OWASP & WebGoatSurachai Chatchalermpun
 
SingHealth Cyber Attack (project)
SingHealth Cyber Attack (project)SingHealth Cyber Attack (project)
SingHealth Cyber Attack (project)James Neo
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM ArchitectureNishanth Kumar Pathi
 
Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity AssessmentDoreen Loeber
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyePrime Infoserv
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalMahmoud Yassin
 
Cyber Table Top Exercise -- Model Roadmap
Cyber Table Top Exercise -- Model RoadmapCyber Table Top Exercise -- Model Roadmap
Cyber Table Top Exercise -- Model RoadmapDavid Sweigert
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chainAnkita Ganguly
 
Cybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionCybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionMuhammad Akbar Yasin
 
Ssdf nist
Ssdf nistSsdf nist
Ssdf nistNaveen Koyi
 
Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesAlex Rudie
 
Cyber security in power sector
Cyber security in power sectorCyber security in power sector
Cyber security in power sectorP K Agarwal
 
Building a Cyber Range - Kevin Cardwell
Building a Cyber Range - Kevin CardwellBuilding a Cyber Range - Kevin Cardwell
Building a Cyber Range - Kevin CardwellEC-Council
 
National Cyber Range (Ranka)
National Cyber Range (Ranka)National Cyber Range (Ranka)
National Cyber Range (Ranka)Michael Scovetta
 

More Related Content

What's hot

SingHealth Cyber Attack (project)
SingHealth Cyber Attack (project)SingHealth Cyber Attack (project)
SingHealth Cyber Attack (project)James Neo
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity AssessmentDoreen Loeber
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyePrime Infoserv
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalMahmoud Yassin
 
Cyber Table Top Exercise -- Model Roadmap
Cyber Table Top Exercise -- Model RoadmapCyber Table Top Exercise -- Model Roadmap
Cyber Table Top Exercise -- Model RoadmapDavid Sweigert
 
Cybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionCybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionMuhammad Akbar Yasin
 
Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesAlex Rudie
 
Cyber security in power sector
Cyber security in power sectorCyber security in power sector
Cyber security in power sectorP K Agarwal
 

What's hot (20)

SingHealth Cyber Attack (project)
SingHealth Cyber Attack (project)SingHealth Cyber Attack (project)
SingHealth Cyber Attack (project)
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM Architecture
 
Security architecture
Security architectureSecurity architecture
Security architecture
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity Assessment
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEye
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat Landscapefinal
 
Cyber Table Top Exercise -- Model Roadmap
Cyber Table Top Exercise -- Model RoadmapCyber Table Top Exercise -- Model Roadmap
Cyber Table Top Exercise -- Model Roadmap
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
 
Cybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionCybersecurity Framework - Introduction
Cybersecurity Framework - Introduction
 
Ssdf nist
Ssdf nistSsdf nist
Ssdf nist
 
Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for Businesses
 
Cyber security in power sector
Cyber security in power sectorCyber security in power sector
Cyber security in power sector
 

Viewers also liked

Building a Cyber Range - Kevin Cardwell
Building a Cyber Range - Kevin CardwellBuilding a Cyber Range - Kevin Cardwell
Building a Cyber Range - Kevin CardwellEC-Council
 
National Cyber Range (Ranka)
National Cyber Range (Ranka)National Cyber Range (Ranka)
National Cyber Range (Ranka)Michael Scovetta
 
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFT
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFTCyber_range_whitepaper_cbr_070716_FINAL_DRAFT
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFTCourtney Brock Rabon, MBA
 
Soluciones integrales para la nueva televisión
Soluciones integrales para la nueva televisiónSoluciones integrales para la nueva televisión
Soluciones integrales para la nueva televisiónMinsait
 
Cybersecurity: Arm and Train US Warriors to Win Cyber War
Cybersecurity: Arm and Train US Warriors to Win Cyber WarCybersecurity: Arm and Train US Warriors to Win Cyber War
Cybersecurity: Arm and Train US Warriors to Win Cyber WarIxia
 
Hire indians corporate presentation
Hire indians corporate presentationHire indians corporate presentation
Hire indians corporate presentationhireindians
 
Secure lab setup for cyber security
Secure lab setup for cyber securitySecure lab setup for cyber security
Secure lab setup for cyber securityBirju Tank
 
Setup Your Personal Malware Lab
Setup Your Personal Malware LabSetup Your Personal Malware Lab
Setup Your Personal Malware LabDigit Oktavianto
 
Forensic laboratory setup requirements
Forensic laboratory setup requirements Forensic laboratory setup requirements
Forensic laboratory setup requirements Sonali Parab
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 

Viewers also liked (11)

Building a Cyber Range - Kevin Cardwell
Building a Cyber Range - Kevin CardwellBuilding a Cyber Range - Kevin Cardwell
Building a Cyber Range - Kevin Cardwell
 
National Cyber Range (Ranka)
National Cyber Range (Ranka)National Cyber Range (Ranka)
National Cyber Range (Ranka)
 
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFT
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFTCyber_range_whitepaper_cbr_070716_FINAL_DRAFT
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFT
 
Soluciones integrales para la nueva televisión
Soluciones integrales para la nueva televisiónSoluciones integrales para la nueva televisión
Soluciones integrales para la nueva televisión
 
Cybersecurity: Arm and Train US Warriors to Win Cyber War
Cybersecurity: Arm and Train US Warriors to Win Cyber WarCybersecurity: Arm and Train US Warriors to Win Cyber War
Cybersecurity: Arm and Train US Warriors to Win Cyber War
 
Hire indians corporate presentation
Hire indians corporate presentationHire indians corporate presentation
Hire indians corporate presentation
 
Secure lab setup for cyber security
Secure lab setup for cyber securitySecure lab setup for cyber security
Secure lab setup for cyber security
 
Setup Your Personal Malware Lab
Setup Your Personal Malware LabSetup Your Personal Malware Lab
Setup Your Personal Malware Lab
 
How to Setup A Pen test Lab and How to Play CTF
How to Setup A Pen test Lab and How to Play CTF How to Setup A Pen test Lab and How to Play CTF
How to Setup A Pen test Lab and How to Play CTF
 
Forensic laboratory setup requirements
Forensic laboratory setup requirements Forensic laboratory setup requirements
Forensic laboratory setup requirements
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 

Similar to Cyber Ranges: The (R)evolution in Cybersecurity Training

Opening Keynote - Cybersecurity Summit 2018
Opening Keynote - Cybersecurity Summit 2018Opening Keynote - Cybersecurity Summit 2018
Opening Keynote - Cybersecurity Summit 2018aztechcouncil
 
Tenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud SecurityTenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud SecurityMarketingArrowECS_CZ
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathClubHack
 
Master’s in Cloud Computing & Cyber Security
Master’s in Cloud Computing & Cyber SecurityMaster’s in Cloud Computing & Cyber Security
Master’s in Cloud Computing & Cyber SecurityJetking Chandigarh
 
Application Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementApplication Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementMel Drews
 
EMC Academic Alliance Program Guide
EMC Academic Alliance Program GuideEMC Academic Alliance Program Guide
EMC Academic Alliance Program GuideEMC
 
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...Shakeel Ali
 
NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)April Mardock CISSP
 
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017Maurice Dawson
 
CyberSecurity Consultancy asdddddddddddd
CyberSecurity Consultancy asddddddddddddCyberSecurity Consultancy asdddddddddddd
CyberSecurity Consultancy asddddddddddddYuvraj118Sharma055
 
[배포용_최종] CISSP협회 제72회 정보보호리더십세미나_Cybersecurity Mesh, Identity First_v1.0.pdf
[배포용_최종] CISSP협회 제72회 정보보호리더십세미나_Cybersecurity Mesh, Identity First_v1.0.pdf[배포용_최종] CISSP협회 제72회 정보보호리더십세미나_Cybersecurity Mesh, Identity First_v1.0.pdf
[배포용_최종] CISSP협회 제72회 정보보호리더십세미나_Cybersecurity Mesh, Identity First_v1.0.pdfjames yoo
 
Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...
Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...
Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...TelecomValley
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...robbiesamuel
 
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptx
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptxCompTIA CySA Domain 1 Threat and Vulnerability Management.pptx
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptxInfosectrain3
 
SECURING THE DIGITAL FORTRESS: ADVERSARIAL MACHINE LEARNING CHALLENGES AND CO...
SECURING THE DIGITAL FORTRESS: ADVERSARIAL MACHINE LEARNING CHALLENGES AND CO...SECURING THE DIGITAL FORTRESS: ADVERSARIAL MACHINE LEARNING CHALLENGES AND CO...
SECURING THE DIGITAL FORTRESS: ADVERSARIAL MACHINE LEARNING CHALLENGES AND CO...IRJET Journal
 
Cyber security course in Kerala , Kochi
Cyber security course in Kerala , KochiCyber security course in Kerala , Kochi
Cyber security course in Kerala , Kochiamallblitz0
 
user centric machine learning framework for cyber security operations center
user centric machine learning framework for cyber security operations centeruser centric machine learning framework for cyber security operations center
user centric machine learning framework for cyber security operations centerVenkat Projects
 
Literature Review on DDOS Attacks Detection Using SVM algorithm.
Literature Review on DDOS Attacks Detection Using SVM algorithm.Literature Review on DDOS Attacks Detection Using SVM algorithm.
Literature Review on DDOS Attacks Detection Using SVM algorithm.IRJET Journal
 

Similar to Cyber Ranges: The (R)evolution in Cybersecurity Training (20)

Opening Keynote - Cybersecurity Summit 2018
Opening Keynote - Cybersecurity Summit 2018Opening Keynote - Cybersecurity Summit 2018
Opening Keynote - Cybersecurity Summit 2018
 
Tenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud SecurityTenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud Security
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
 
Master’s in Cloud Computing & Cyber Security
Master’s in Cloud Computing & Cyber SecurityMaster’s in Cloud Computing & Cyber Security
Master’s in Cloud Computing & Cyber Security
 
Paper-1 PPT.pptx
Paper-1 PPT.pptxPaper-1 PPT.pptx
Paper-1 PPT.pptx
 
Application Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementApplication Threat Modeling In Risk Management
Application Threat Modeling In Risk Management
 
EMC Academic Alliance Program Guide
EMC Academic Alliance Program GuideEMC Academic Alliance Program Guide
EMC Academic Alliance Program Guide
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilience
 
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
 
NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)
 
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
 
CyberSecurity Consultancy asdddddddddddd
CyberSecurity Consultancy asddddddddddddCyberSecurity Consultancy asdddddddddddd
CyberSecurity Consultancy asdddddddddddd
 
[배포용_최종] CISSP협회 제72회 정보보호리더십세미나_Cybersecurity Mesh, Identity First_v1.0.pdf
[배포용_최종] CISSP협회 제72회 정보보호리더십세미나_Cybersecurity Mesh, Identity First_v1.0.pdf[배포용_최종] CISSP협회 제72회 정보보호리더십세미나_Cybersecurity Mesh, Identity First_v1.0.pdf
[배포용_최종] CISSP협회 제72회 정보보호리더십세미나_Cybersecurity Mesh, Identity First_v1.0.pdf
 
Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...
Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...
Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
 
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptx
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptxCompTIA CySA Domain 1 Threat and Vulnerability Management.pptx
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptx
 
SECURING THE DIGITAL FORTRESS: ADVERSARIAL MACHINE LEARNING CHALLENGES AND CO...
SECURING THE DIGITAL FORTRESS: ADVERSARIAL MACHINE LEARNING CHALLENGES AND CO...SECURING THE DIGITAL FORTRESS: ADVERSARIAL MACHINE LEARNING CHALLENGES AND CO...
SECURING THE DIGITAL FORTRESS: ADVERSARIAL MACHINE LEARNING CHALLENGES AND CO...
 
Cyber security course in Kerala , Kochi
Cyber security course in Kerala , KochiCyber security course in Kerala , Kochi
Cyber security course in Kerala , Kochi
 
user centric machine learning framework for cyber security operations center
user centric machine learning framework for cyber security operations centeruser centric machine learning framework for cyber security operations center
user centric machine learning framework for cyber security operations center
 
Literature Review on DDOS Attacks Detection Using SVM algorithm.
Literature Review on DDOS Attacks Detection Using SVM algorithm.Literature Review on DDOS Attacks Detection Using SVM algorithm.
Literature Review on DDOS Attacks Detection Using SVM algorithm.
 

Recently uploaded

Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 

Recently uploaded (20)

Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 

Cyber Ranges: The (R)evolution in Cybersecurity Training

  • 1. Dr. Jorge López Hernández-Ardieta Head of Cybersecurity Solutions & Digital Specialist Cyber Ranges: The (R)evolution in Cybersecurity Training Barcelona, 6 December 2016 Cybersecurity Unit
  • 4. 4 Technology evolution 01. CURRENT SITUATION Big Data/ Analytics Smart X BYOX/ Mobility Unmanned systems Systems-of- systems Social networksIoT/ Wearables Blockchain SDN/NFV Cloud/ Virtualisation (SaaS/PaaS/IaaS
  • 5. 5 Technology evolution 01. CURRENT SITUATION Big Data/ Analytics Smart X BYOX/ Mobility Unmanned systems Systems-of- systems Social networksIoT/ Wearables Blockchain SDN/NFV Cloud/ Virtualisation (SaaS/PaaS/IaaS Interdependence & Interconnection
  • 6. 6 Cyber threats evolution 01. CURRENT SITUATION ATM/Bank attacks First attacks to phone network Morris worms Massive attacks to EEUU phone system 1900 1980 1990 20001970 Kevin Mitnick 2010 20121930 Enigma is hacked Datastream hacks DoD, NASA, USAF Tenenbaum Hacks Pentagon Anti- sec Conficker Estonia DDoS Anonymous Stuxnet APT – Ghostnet, Night Dragon, Titan Rain, Shady Rat, Aurora Worms CodeRed, Nimda, Kornoukova, Sadmind, slapper, Iloveyou, Mellissa, Blaster, etc 2014 APT – Careto DragonFly Ransomware (mobile) DDoS/IoT 2016
  • 7. 7 The need for qualified professionals 01. CURRENT SITUATION Constant evolution of technology and cyber threats require constant efforts in professional education and training Decision-makers should also be educated on risks and security matters at strategic level Qualified professionals are paramount for organisations to deploy and implement effective cybersecurity practices secure SW/systems engineers, network security engineers, incident responders, malware & forensic analysts, security consultants, etc.
  • 8. 8  Current efforts and initiatives do not suffice  Knowledge entry barriers slow down training process and increase costs  Requires hands-on training: significant trainer resources (high costs) Our aim is to identify some desirable properties that technology should have in order to provide effective massive-scale cybersecurity training, detect which ones present technical challenges, and suggest novel approaches to achieve them  Recent explosion in the demand (91% increase in US 2010-20141)  Expectations are ‘worse’: 6M until 20192  Offer-demand imbalance: Lack of highly skilled and trained cybersecurity professionals Problems 01. CURRENT SITUATION 2 Estimations by Symantec and CISCO reports (2014). 1 Job Market Intelligence: Cybersecurity Jobs, Burning Glass Technologies (2015)
  • 10. TRAINING IN CYBERSECURITY: CHALLENGES AND NOVEL APPROACHES | 10 USABILITY Easy access regardless when and where (remotely) students access from. Easy-to-use HMI and functionality. ROLE ORIENTED Adapt the training dynamics to the role of the student (strategic, operational, tactical). REALISM Information systems and communication networks that reproduce real-world scenarios with real-time feedback and operation. Hands-on approach. GROWTH Set up new exercises at a steady pace (and cost-effective), according to the evolution in technology and cyber threats. Desirable properties 02. CHALLENGES IN CYBERSECURITY TRAINING
  • 11. TRAINING IN CYBERSECURITY: CHALLENGES AND NOVEL APPROACHES | 11 CUSTOMIZABLE Easily adapt and tailor the exercises to the organisation’s needs, without the need to stick to predefined scenarios and exercises. SECURITY High security: isolation from production environments, isolation between exercises, access control, sound product engineering, etc. SCALABILITY Support large networks with hundreds and even thousands of assets. Transparently accommodate new users up to reasonable orders of magnitudes (hundreds, thousands). RICHNESS Support a wide array of scenarios, techniques, defensive and offensive tools, attackers’ profiles, configurations etc. Desirable properties 02. CHALLENGES IN CYBERSECURITY TRAINING
  • 12. TRAINING IN CYBERSECURITY: CHALLENGES AND NOVEL APPROACHES | 12 SUPERVISION Automatically monitor and assess the student’s actions and performance. GUIDANCE Provide automatic guidance and hints to the student to help him during the training activity to enhance the learning process. REPRODUCIBILITY Repeat, pause, resume and restore the exercises at any time (student). CONTROL Automatically control the execution of the exercise to know its progress as well as state of the underlying network. Desirable properties 02. CHALLENGES IN CYBERSECURITY TRAINING
  • 13. TRAINING IN CYBERSECURITY: CHALLENGES AND NOVEL APPROACHES | 13 ADAPTABILITY Adapt the level of difficulty of the training to the student’s skills and performance, including dynamically. Automatically and dynamically propose new challenges to the student. AUTOMATED ADVERSARY Play automatically adversarial roles (defender, attacker, ally). PEDAGOGICAL Embed a variety and effective learning processes and pedagogical strategies, such as:  Observational learning (play automated exercises).  Trial and error approaches (active attitude, capability to undo actions and take different courses of action, etc.).  Quantitative scoring system and gamification mechanisms to encourage competitiveness and self- improvement. Desirable properties 02. CHALLENGES IN CYBERSECURITY TRAINING
  • 15. TRAINING IN CYBERSECURITY: CHALLENGES AND NOVEL APPROACHES | 15 Cyber ranges have become valuable tools for civil and military organisations Hands-on training 01 Experimentation and test of technology and cyberweapons 02 CDX Cyber Defence Exercises 03 Research and validation of new concepts and technology 04 Cyber ranges 03. CYBER RANGES: A NOVEL APPROACH
  • 16. TRAINING IN CYBERSECURITY: CHALLENGES AND NOVEL APPROACHES | 16 A classical cyber range 03. CYBER RANGES: A NOVEL APPROACH ESXi serversVirtual SMP VMFS Storage Network infrastructure Virtual machines OS App OS App OS App OS App OS App OS App OS App OS App OS App Physical layer Virtual layer Management layer vCenter – Management platform Advanced functions DRS HA vMotion Servers
  • 17. TRAINING IN CYBERSECURITY: CHALLENGES AND NOVEL APPROACHES | 17 A classical cyber range 03. CYBER RANGES: A NOVEL APPROACH ... OS App OS App OS App OS App OS App Redes MZ DMZ Virtual Switch (VLAN A) OS App Virtual Firewall Virtual IPS OS App Target system Red Team OS App OS App OS App Red Ataque Virtual Switch Plataforma Ataques (VLAN B) OS App Firewall Virtual Exercise B OS App OS App OS App OS App OS App Redes MZ DMZ Virtual Switch (VLAN A) OS App Virtual Firewall Virtual IPS OS App Target system Red Team OS App OS App OS App Red Ataque Virtual Switch Plataforma Ataques (VLAN B) OS App Firewall Virtual Exercise A OS App OS App OS App OS App OS App Redes MZ DMZ Virtual Switch (VLAN A) OS App Virtual Firewall Virtual IPS OS App Target system Red Team OS App OS App OS App Red Ataque Virtual Switch Plataforma Ataques (VLAN B) OS App Firewall Virtual Storage & Backup Appliance Backup WBS Dedicated DataStore NetworkAppliance® NetApp FAS2040 (storage) DataStores VMware Overland NEO- 2000 SAS Virtual Switch (VLAN D) Vmware Virtual Center Management computer Management network (VLAN C) HostESX-01 HostESX-02 Cluster (servers) Physical switches External access Management
  • 18. TRAINING IN CYBERSECURITY: CHALLENGES AND NOVEL APPROACHES | 18 MATURE GROWTH SCALABILITY SECURITY REALISM RICHNESS USABILITY CHALLENGE CONTROL ADAPTABILITY GUIDANCE PEDAGOGICAL SUPERVISION A-ADVERSARY INCIPIENT REPRODUCIBILITY CUSTOMIZABLE ROLE ORIENTED Maturity level in state-of-the-art solutions 03. CYBER RANGES: A NOVEL APPROACH
  • 19. TRAINING IN CYBERSECURITY: CHALLENGES AND NOVEL APPROACHES | 19 A mere virtualisation infrastructure with some tailored functionality does not suffice CHALLENGE CONTROL ADAPTABILITY GUIDANCE PEDAGOGICAL SUPERVISION A-ADVERSARY Covering the challenges 03. CYBER RANGES: A NOVEL APPROACH
  • 20. TRAINING IN CYBERSECURITY: CHALLENGES AND NOVEL APPROACHES | 20 Covering the challenges 03. CYBER RANGES: A NOVEL APPROACH IDEAS UI-level and low-level monitoring of students’ and automated actions on virtual infrastructure and application artefacts, and their effects. Match student behaviour against optimal performance models. Discover blocks/performance level decrease, and act accordingly through reconfiguration of objectives and adversarial actions, and hints. CHALLENGE CONTROL ADAPTABILITY GUIDANCE PEDAGOGICAL SUPERVISION A-ADVERSARY
  • 21. TRAINING IN CYBERSECURITY: CHALLENGES AND NOVEL APPROACHES | 21 Covering the challenges 03. CYBER RANGES: A NOVEL APPROACH IDEAS Bind objective achievements to constraints (time, accuracy, others). Logic to detect incompletion of objectives and launch preconfigured hints. Possibly adapt score based on hints consumption. CHALLENGE CONTROL ADAPTABILITY GUIDANCE PEDAGOGICAL SUPERVISION A-ADVERSARY
  • 22. TRAINING IN CYBERSECURITY: CHALLENGES AND NOVEL APPROACHES | 22 Covering the challenges 03. CYBER RANGES: A NOVEL APPROACH IDEAS Metrics and measures to highlight achievements and failures. Link actions and events to educational content. Implement complementary approaches: • Trial-and-error (checkpoints + restoration). • Observational learning. • Scoring for competitiveness and self- improvement. CHALLENGE CONTROL ADAPTABILITY GUIDANCE PEDAGOGICAL SUPERVISION A-ADVERSARY
  • 23. TRAINING IN CYBERSECURITY: CHALLENGES AND NOVEL APPROACHES | 23 Covering the challenges 03. CYBER RANGES: A NOVEL APPROACH IDEAS Integrate expert systems capable of taking on roles inside the exercises. M&S for artificial users. Reprogramme automated actions based on student’s reactions. CHALLENGE CONTROL ADAPTABILITY GUIDANCE PEDAGOGICAL SUPERVISION A-ADVERSARY
  • 24. TRAINING IN CYBERSECURITY: CHALLENGES AND NOVEL APPROACHES | 24 Covering the challenges 03. CYBER RANGES: A NOVEL APPROACH MATURE GROWTH RICHNESS INCIPIENT CUSTOMIZABLE CHALLENGE How to implement a cost-effective and sustainable model that ensures growth, richness and customizable properties, while meeting time-to-market demands? i.e. objective = reasonable TCO Sophisticated tools for scenario generation based around automation, reutilisation and constantly updated knowledge DB
  • 26. 26 We conclude… Our experience… 04. OUR EXPERIENCE AND FUTURE WORK 5 years of R&D Own product on the market: FEEP Cyber Range +300 users in remote and on-site training sessions +4,000 hours of hands-on training Used in 2 large CTF events (CyberCamp 2015 and 2016) Users appreciate fine-grained supervision and guidance Tailored training is becoming a must Automated (smart) adversary works well even for expert users Metrics for user performance assessment are paramount
  • 27. 27 Some real-time metrics 04. OUR EXPERIENCE AND FUTURE WORK
  • 28. 28 Some real-time metrics 04. OUR EXPERIENCE AND FUTURE WORK
  • 29. 29 Future work 04. OUR EXPERIENCE AND FUTURE WORK Static intelligent attack scheduler as an exercise design tool Dynamic intelligent attack scheduler to provider greater intelligence for the automated adversary SCADA/ICS exercises
  • 30. 30 Dr. Jorge López Hernández-Ardieta jlhardieta@minsait.com THANK YOU! QUESTIONS?