We have been cataloging various cyber range implementations across the many different types of ranges, everything from full physical to only in the public cloud and across different end user cases such as the Warfighter's exercises/training ranges, higher ed, and commercial cyber groups. In each case, the setup and automation of the implementation of the range is a constant challenge because of the changing landscape of tools, threats and demands by users.
We have deduced from this review that there are a few common themes to how best to meet these changing needs and the life-cycle management for a typical cyber range use case.
1 –There needs to be a common, easy to use interface (ie a Cyber Sandbox) for both the administrators and the end user consumers of the Cyber Range content, no matter the implementation of the Cyber Range Exercise or Training Environment.
2 - The environment needs to be utterly vendor application, resource, and cloud agnostic and in some cases support alternate items of each on demand to meet capacity and changing needs of both end users and administrators. See our graphic on Any Cloud, Any Resource, Any Use Case.
3 - Every cyber entity we reviewed did not have metrics in place for the performance of the cyber infrastructure. This tells us that the Cyber Range industry is still very immature in the approaches to delivering the capability. How can one improve any capability without measuring your performance?
To this end, treating Cyber Ranges as a Service™ (CRaaS) can address the 3 major concerns above and allow cyber activities to become more mainstream and perhaps even a commodity eventually, once life-cycle management of these deployments can be formalized and delivered.
To learn more about our findings and how to implement CRaaS, please click here for our white paper on CRaaS or simply reach out to us to learn more.