Cyber Ranges: Why MSPs?
?? Cramer S.
Director of Managed Services @ Clare Computer Solutions | MSP Founder | Cybersecurity Enthusiast
In a world where it seems new cybersecurity tools are launched and released daily, it can be difficult to determine what will actually work in your – and your clients’ – specific security stack.?
I was three years into running my MSP when COVID struck. At that time, I decided to make the company more cybersecurity centric, leaning more toward an MSSP. We built out our tech stack and felt we were ready to tackle anything, but were we? This question would linger over me for the next two years, and it wasn’t until I became more familiar with cyber ranges that I was able to lay those concerns to rest. In fact, I became so interested in cyber range platforms that I accepted a full time position as a senior product manager with a range provider in April of 2022.?
So let me ask you: What if you had a way to replicate your production environment, install the security tool you’re vetting, and even throw a ransomware attack (or two) at it to see how it performs? Do you know how your SOC would truly react to a real-time attack, say zero-day or ransomware? If you follow both of these roads, they end at the same destination: a cyber range.
I admit, I didn’t truly understand the purpose of a cyber range when I first heard about them. I know I did not want or need another “gamified training platform,” but to my surprise, cyber ranges provide many more capabilities. I quickly learned the three main purposes of a cyber range for an MSP of any size:
LAEs were something I was already familiar with, but had never had the opportunity to participate in. What I thought, and soon found out for sure, is that running these events regularly with my team would greatly increase our understanding of how these attacks took place and how we could prepare and defend against them. Running these LAEs in a simulation of our production environment makes these events more realistic and builds practical, hands-on experience. With a cyber range, our team can defend against a brute force attack or ransomware attack in real time, while defending using the tools they work with daily.?
Stack validation is something we have questioned for as long as I can remember. You install the shiny new security software in your environment, wait for it to report some sort of suspicious activity and hope it will be able to perform the way it was intended. We spend time wondering if we set it up correctly or what will happen if a vulnerability slips through unrecognized. When we start looking at this from a bird's eye view, with thousands of assets being protected, this can become a very unsettling prospect. One of my favorite use cases for a cyber range is the ability to install one or a group of softwares to a replication of my production environment and deploy any vulnerability or attack to see how it responds. Not only can I verify that I am deploying the software correctly, but I can ensure that the software does exactly what I intend it to do — and before it hits production.
Continued education is always important, but it becomes critical in the ever-evolving landscape of cybersecurity. The methods and tactics used by cyber criminals change daily, maybe even hourly, and we see this all the time with vulnerabilities that become exposed. Think about how you and your team might handle the Apache Log4j vulnerability for the first time? Now, what if the first encounter with this vulnerability was within a confined cyber range where a split second decision doesn’t result in a compromised production environment? A cyber range gives you that freedom as well as providing hundreds of hours of content to keep your team on high alert and prepared to defend against anything that knocks on your door.?
There is a quote by Benjamin Franklin that tells it best: “By failing to prepare, you are preparing to fail.” With the world of cybersecurity always, and more quickly evolving, not having a way to validate your stack, provide training and test organizational readiness will no longer suffice. From increased team competence to increased ROI for your customers and a lower loss avoidance, utilizing a cyber range has never been more important.?
Dedicated security-focused Systems Engineer, IT Manager, and Consultant
2 年Great idea on the synergistic possibilities and opportunities of M(S)SPs and Cyber Ranges. The is very much a needed ability to, as you said, go the full route of testing security tools to make sure they were correctly deployed and for live simulation and attacks. I also like the idea of using this to set security baselines to compare when changes are implemented. This is the next step (an evolution of tabletop exercises) for SMBs to implement via MSPs for a solid cybersecurity foundation.
Navy Veteran | Cybersecurity Expert | CEO & Founder of Guarded and Praesto Works | vCISO | Board Member | MICS UC Berkeley
2 年Yes, I do see the synergy between MSPs and cyber ranges. Cyber ranges provide a safe environment to practice and hone skills while MSPs can help with the implementation and maintenance of security tools and processes. This allows organizations to stay ahead of the curve and be better prepared to deal with cyber threats. Additionally, they can also help to identify weak spots and vulnerabilities in
Chief Marketing Officer @PeakNano | Startup Advisor | Board Member | Contributing Editor for The Fusion Report | Editor of Careerizm | AI Advocate For Marketing Professionals
2 年MSPs can apply cyber ranges to the mid-market in several new ways: 1. They can provide access to technology typically only available to nation-states and F2000 companies at a cost-effective level to establish a benchmark of security for their customers. 2. Using this benchmark, they can create differentiation for themselves and how they build security solutions. 3. They enable clients to understand the implications of proposed changes versus a benchmark. 4. They can provide evidence reporting for their clients to prove best practices and create competitive differentiation with their customers since SMBs tend to be supply chain vendors to larger organizations. 5. MSPs are the perfect vehicle to deliver this value because they can provide the expertise to run the ranges, amortize the cost to make it affordable, and uplevel the security level of clients who would have leveraged this tool in the past.