The phrase “practice makes perfect” is misleading. There is no perfect. However, good practice makes you better and allows you to both hone and verify your skills – and one of the best ways to practice is on a range. If you want to get better at golf, you go to a driving range. If you want to improve your marksmanship, go to a shooting range.
You may not think of cyber security in the same way, but the same principle applies. Organizations today must defend against a complex and expanding attack surface, against sophisticated adversaries and a terrifying threat landscape. You certainly don’t want to wait until you’re in the middle of an active cyber attack to learn the hard way that you’re not as prepared as you need to be. An environment that allows you to develop and validate your cyber security skills is invaluable.
You need a cyber space.
The real thing
There is a common saying that you can’t learn to ride a bike by reading about it in a book. Likewise, you won’t get any strength or conditioning value from watching a YouTube video on proper form for pushups. Some things actually have to be done to fully understand them or get value from them. You can study theories and go through the motions, but nothing beats the real thing.
What makes a range valuable is that it allows you to work on tactics and techniques in an environment that is relatively close—or at least very similar—to the actual scenario in which you will use those skills. Hitting an actual golf ball with an actual golf club or shooting a gun at a target develops muscle memory and gives you first-hand experience that is invaluable when applying these skills in the real world.
Ranges also allow you to evaluate and rate the equipment. You can try different golf clubs or golf balls to see how they work or test out different weapons or ammunition to find out which ones work best or which you prefer.
Likewise, a cyber series should also mimic a real IT environment as much as possible. It should deliver realistic network traffic and accurately emulate network, user and threat actor behaviour. Ideally, it should be an extensible, high-fidelity, open platform that provides the flexibility to train in a variety of scenarios.
A cyber series is multifaceted and enables a variety of training or validation scenarios. Red teams can practice hacking skills. Blue Teams can train against live cyber attack scenarios. Organizations can assess security controls and configurations to validate security posture.
It is important that the environment and traffic in the cyberspace is as realistic as possible. It should mirror real-world scenarios as closely as possible to enable security professionals to develop essential skills and empower you to conduct product and team evaluations that drive continuous improvement of your security posture.
Are your cybersecurity tools and controls adequate to defend against the overwhelming volume of sophisticated threats? Does your IT security team have the knowledge and experience required to detect and respond to targeted cyber threats? How do you know?
If you wait until you need a skill or tool, it’s already too late. You have to do the research, learn the techniques and put in the work beforehand so that you are ready when the need arises. A cyber series can play an important role in optimizing your security preparedness and ensuring you are prepared.