Why the Traditional Cyber Range is Not Enough

“I could have given you the world.”

                “The world is not enough.”

“Foolish sentiment.”

                “Family motto.”

Incorporating the title of a blockbusting Bond flick from 1999, this iconic exchange between Elektra King and 007 draws attention to a phrase that implies that nothing can satisfy whatever longing one has.

In matters of the heart, power and material wealth, perhaps this is true for some people.

And so might it be true in matters of cybersecurity – if you’re reliant on traditional, antiquated technology. But you needn’t be.

By ‘traditional technology’, we’re referring to the traditional cyber range, the alternative to which is the subject of this blog, because – yes, you’ve guessed it – the traditional cyber range is not enough.

So what is? Well, the good news is that, unlike the world, there is a sufficient vehicle for your longing, or at least your cybersecurity longing, and it all boils down to the difference between simulation and emulation.

When it comes to cyber ranges – it’s an all-important distinction, and one that, depending on your choices, could spell sadness or success for your organization.

Simulation versus emulation

But what’s the difference between simulation and emulation? Aren’t they synonyms?

Well, in everyday English, they do feel like they’re near-synonyms, and the words are often used that way. But thesauruses don’t tend to list them in each other’s entries, and in technical circles, there’s a very important difference:

• With simulation, the focus is on a system model, the aim being to mimic only some of the conditions and operations that lead to a final result.
• An emulator, on the other hand, provides a recreated real threat and environment to observe all of these conditions and execute operations like you would in your original real-life system.

It’s not that simulation isn’t involved in emulation; it is. It’s that it’s only one part of a much bigger and more sophisticated system that vendors of emulation software and hardware deal in.

Why this is relevant in cybersecurity

The challenge for the vast majority of organizations, large and small, is that they lack any experience of a severe cyber attack until it happens in a production environment – and then it’s usually too late, at least in terms:

• Evading fines from stricter regulators.
• The expense and lost opportunities of reactive defense measures.
• Preventing severe reputational damage from customer data breaches

With the unknown hanging over them, this can exacerbate uncertainties surrounding your team’s skills and readiness for an attack, regarding the right technology to invest in and how to optimize your processes, and on the empowerment of your organization’s overall defenses.

Emulation to the rescue

In deploying a modern cyber range, the solution can be broken down into three phases, which also form a simple equation:

• Modeling +
• Emulation =
• Optimization

We’ll explore each in turn.

Modeling your environment

To model your network systems and environment, you must bring together your various cybersecurity technologies into a tailored cyber range. With such a model, you can test what happens when your organization has been compromised by a severe cyber-attack in a controlled environment that won’t impact your business’s day-to-day activity.

Which brings us to our top modeling recommendations necessary for next-generation cyber ranges:

• Train like you fight.
• Bring your whole security stack with you.
• Focus on corporate user emulation, not just techie emulation.

Comprehensively emulating real adversaries

The simplest way to describe user emulation is that it simulates all of the corporate noise in your environment that your technologies must sift through on a daily basis.  

Set up smartly, it injects background noise generated by typical users as they interact with websites, use social media, and perform daily work tasks on tools like Microsoft Office and Google apps. These virtual users send and receive emails, click on links, post on simulated versions of sites like Facebook, and edit documents in Word, Excel and Powerpoint – just as an actual employee would do.

It’s critical to train and test just as you would defend your network in the real world. Threat actors rely on their nefarious activities being overlooked by cybersecurity tools and defenders, so if you don’t practice in a realistic environment, you’re making things easier for the bad guys.

Our three favorite tips on ensuring comprehensive emulation in your cyber range are:

• Emulate the advanced persistent threats (APTs) entire kill chain from reconfiguration to action on objectives.
• Deploy atomic testing to assess your security posture against specific tactics, techniques and procedures (TTPs) and indicators of compromise (IoCs).
• Strive to experience realistic user behavior in the environment throughout the cyber drills and tests.

Optimizing defenders and defenses

Cyber range based training, testing and drilling built on emulation rather than mere simulation are the best way to optimize an organization’s security posture and technology stack.

By emulating different types of cyber attacks, security and IT teams can identify which technologies are effective – and, just as importantly, which aren’t.

In advanced cyber ranges, such as those offered by SimSpace, security teams can evaluate new products, test security changes before they go into production, stress-test how existing defenses withstand a real attack, understand how quickly incident detection systems are triggered, and more. This allows your security and IT teams to adjust their tech stack and defenders accordingly, thereby ensuring their organization is optimizing their cyber resilience and readiness.

And there you have it.

Only SimSpace offers you the cybersecurity training, testing and cyber drilling that your organization needs. Contact us and we can speak more about the importance of cutting-edge emulation.